daily pastebin goal
59%
SHARE
TWEET

AdGholas Script to detect file associations and mimeTypes

a guest Sep 13th, 2016 669 Never
Upgrade to PRO!
ENDING IN00days00hours00mins00secs
 
  1. // Credits to: Brooks Li, Joseph C Chen and Kafeine
  2. // Code "extracted" from the pictures from this amazing research: https://www.proofpoint.com/us/threat-insight/post/Microsoft-Patches-Zero-Day-Exploited-By-AdGholas-GooNky-Malvertising
  3.  
  4. function extensionAssociated(ext)
  5. {
  6.     // Simple trick to create a "static" variable in JavaScript so we avoid using createElement many times.
  7.     if (!arguments.callee.a) arguments.callee.a = document.createElement("a");
  8.    
  9.     // We create a referernce so the code is clearer.
  10.     var a = arguments.callee.a;
  11.    
  12.     // Now set the href of the <A> element with a dot and the extension to test.
  13.     a.href = "." + ext;
  14.    
  15.     // Now let's check the mimeType property of the "A" element
  16.     // If the extension is NOT associated, it will return: extension name (uppercased) + File.
  17.     // If we test the extension "sunga" --> a.mimeType will be "SUNGA File" because the extension does not exist.
  18.     var mime = a.mimeType.toLowerCase();
  19.     if (mime == ext + " file") return false;    // Extension not associated.
  20.     else return true;                       // Extension IS associated to a program.
  21. }
  22.  
  23. // Testing saz extension (Essentially, if you have Fiddler installed)
  24. alert(extensionAssociated("saz"));
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top