SHARE
TWEET

#MalwareMustDie GUIDE to Decode JS Crypted w/JSXX 0.44 VIP

MalwareMustDie Dec 21st, 2012 162 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // #MalwareMustDie - A Guidance to crack JS/Code -
  2. // encoded w/ /*Encrypt By ooo.transs.net's JSXX 0.44 VIP*/
  3. // I saw some malicious JS used this so this is a knowledge -
  4. // to share...
  5. //
  6. // @unixfreaxjp#FreeBSD 9.1 /usr/../malware]$ date
  7. // Sat Dec 22 02:03:58 JST 2012
  8.  
  9.  
  10. // found this script in the korean site:  
  11.  
  12. www.axia.co.kr/pdf/index.html"
  13.  
  14. // in the end nothing malicious in it but the method used in this file itself.
  15. // Allow me to share as guidance how to crack an obfuscated encrypted JS/Code
  16.  
  17. /*-------------start----------------*/
  18.  
  19. // download PoC:
  20.  
  21. --2012-12-22 01:36:12--  h00p://www.axia.co.kr/pdf/index.html
  22. Resolving www.axia.co.kr (www.axia.co.kr)... 14.63.214.119
  23. Caching www.axia.co.kr => 14.63.214.119
  24. Connecting to www.axia.co.kr (www.axia.co.kr)|14.63.214.119|:80... connected.
  25.  
  26. GET /pdf/index.html HTTP/1.1
  27. Referer: http://www.google.com/search?youtube
  28. User-Agent: Mozilla/4.0 (compatible; MSIE 6.1; Windows XP)
  29. Accept: */*
  30. Host: www.axia.co.kr
  31. Connection: Keep-Alive
  32. HTTP request sent, awaiting response...
  33.  
  34. ---response begin---
  35. HTTP/1.1 200 OK
  36. Content-Length: 11910
  37. Content-Type: text/html
  38. Last-Modified: Thu, 20 Dec 2012 04:35:31 GMT
  39. Accept-Ranges: bytes
  40. ETag: "52b5e0716bdecd1:1ba4"
  41. Server: Microsoft-IIS/6.0
  42. X-Powered-By: ASP.NET
  43. Date: Fri, 21 Dec 2012 16:36:03 GMT
  44. 200 OK
  45. Length: 11910 (12K) [text/html]
  46.  
  47. Saving to: `index.html'
  48. 2012-12-22 01:36:12 (124 KB/s) - `index.html' saved [11910/11910]
  49.  
  50.  
  51. // found the very suspicious JS in the script below....
  52.  
  53. <script type="text/javascript">
  54. var DxMpMnC5="1"+"1"+"1";
  55. var NHrLn1="";
  56. var expires=new Date();
  57. expires.setTime(expires.getTime()+24*60*60*1000);
  58. DxMpMnC5="0";
  59. document.cookie="EmIyqVO6=Yes;path=/;expires="+expires.toGMTString();
  60. lbBWGl6="1";delete lbBWGl6;try{lbBWGl6+="0"+"0"+"0"+"0"+"0"+"0"+"0"+"0";}catch(e){var SlcV0="1";VzxUwHC2 = eval}xItECj8=unescape;Afxsg7="E3F19BCCF4F3829DFFDB96C1909DD9F6BBFB9184F3C68CE0BDD1ADDFE394C0F0EBF0C6F0EFFCD3F395A097A083E45AB984B45EA3C0B759B781BD5DF58DA1598F99952C8190906B9F5F81768919CE3A9247CE28DD02F9048E5C8A329B2E92724A2152274B6D4C6B5E635D56196945435A7A5E6F5377524B2D626B156275644F23373F370246675D794B692C6404722970573A6268427D69787574624C5E08684B5040724C3B012C214C5A7A422357705A63554740365C424C6353520A72364E6A7021474B4944442D362E192B1804357B467F637059637828487A6A7D527D7033446D60484F0932091D0C2F24494E7743644C7849394141477B506D577811494F62457771496F422068295561792A175A0E7A60550B6D6C290F276D2921186779423E6C2705216022596C7F5A124E744827527D112D0132070C24663F0F464C46344644487E5F605065164C30673A6A2F446847666D6F5864442F12570B771D50066869340A3A2B2C3C1D6F7D15336D70577B6F47451F664A310E364C2A457E4E665723476B43193A004A2B31675D0A173A58412D72225678263D07332E340D28042E1E6B496226714E6878291F233328023127604A3C2347554E6B455A5C2F15731E271F740C3D162357705A635547403505160A3F0C1B69333C53643F235C6F7F60537D23380A3C133A0C2D012B6376447F64744B6D3A24022C382D0734252C315A1D2F494466092446764961493C0C24554F567D58415778174B4F755C5824512D55287D2B402A3B6348764C63482D0D314D044F612A764D762F61597271720938383C03130745534C754724087D4F2D4D715A3C0C2C103E3F2B5F6F1E0D5D62544D5F7546117F247401742E6613253D645669456659731B367039193F753A0D6F7E3719706975517A6E6707223F160D1322076701364C2A457E4E6657220E370612043B1E0F36044027357550402777271C6168635E6D6861072A667256557767723E406021361519097F5D76637D5232684F5E453206794B7D4C234C504328487A5446486F1A6458424B781A1C31055B442E77214B6A642147406F75456C7D704F6C0B2B5B62536C613D097974615F2F2B365C766733436F6D4F48523E4B5A513B506D4C60482204273C0E554F567D58415778174A52744402206431552B7C065C6B706610614F68586B40237B0322734918497E7273107F633A1C326E71567A6C46441E2C1777162518640C3F0E66417356645659083407120A3D0A001E6D420D6A722D5F2278224D3F20320F3712371D2D032B2660476B2477552D3F260727362B1C3B76631937694C53477343391B2B1A701B291C22093813615C4C536B535E05330A1F0F220F076A1B49490D1067596A7A655E26437A5D644F7A272D087C0C4D4D756F5107366D6C513E302D3047604A5A457706214773497B0E5C5F6D547E50424C5B1644504953215F472160330D7F1A4E546E7565566131765E7D627D4B7F4E6F36654E39226D46746B745276646B15312E494F55601F100A7B462C076C5F61436F422A5F4541274C0A5C745C0A142B3026267B2F54247C6B476768434C72526F5E7F506F682C4A60663E0E656E6F5F637C734E726066517F624F5D4D7D50620F2E274E4D7640654F791C765755777D4257536F4F5D5B391C5E2B376E13257628526F7C6A406243724C6207227A0223682A7D497266394272725A416F78765B6A7A4615017054630B341C71133806392214576950575A6F5952156C544E463C5E5E33732D564372695A603663556646695A251D01486D271A23785D71237154382F34517365445B44771803152418721B370A600C7C5F6D547E507F0A1E093C08170C261C573C3368482B79205265633D0A342935083B032F192D40622D754A75782B122432290329213D4B612C095C4E7E415E416C157E182D1D331F3C172211475A6651455D7407150C250D1C713D683D4F63483E65736C5C6744285D78476229784D3366686A7B55211E7C757D162104145F7163465D463F452F427017664D7640651F2A00361C66596752444E795B4A553F5D41236631137D144C526C736758630F74587F647F357D406D3067483B206F58766976547466691B332C4B4957621D6E0879442A056E5D63416D40285D4743254E085E765E081629322424792D56617E2E45616A454E7C50615C7952696A32487E64380C636C615D6D7E754C746258534160495F4B7F5E60012C214C4B745E67517B1A745157797F4C55556D495F253B625C2D35681162746F50697E6C426C417C4E640524781C21766F7B4B746037407C7C5C43697E48595464401707765A61053A1A34153E183F3C2A516756515469575C13725248383A2040357D2B5041746B546208615364406B242713034E6F2118647A43732573523A217957706943585A2D1B7111251A720A3F082149725C6153454E370B140D3D0A19171C34564F1F345034390E644E7C4F0A271C274A624B6F2E7807612465447463635E65286E467E785E5E7A605713577D6B2E507359064A694A2A06253E0C5A4417227F77766F7719117B514A266E0C54283D6D456D7B240C2F0B28002C0B3D6B1D206B4B1E4A7B606D5F7D6968186B79494E452706026B5162076B430C25407A4370597B0920574F4B625C1D044E7812032B741F6927700744363006412E28793A6630123D173573246D25392C6B2C373E136E617943753106091120021F4D714024416C10271F2C01230F1C45694745542C57495075005428752E5D24772942226A635473453B1C2D4C7E347E12216B7D437D2F6242776B694734677B4C31740C595A74017E1A654B364B740E6F4F705738504F167F57494F680709196651542D603B583C712F4D6A7C6C54664E6B4B2C1B37316E5B6E283343726F720C646F3B437A666A5C222E045E4C7C402D467F5220496F5E6B08200F765250566717485A635E175D611F58227A36573D3A2701302623043452694C6D4B2C2C7147757B576150463844796B6953212B0759566A160E1521503A506F0201437554754631576B55504B2C061B4C6E4E4A2D332E4E297279527378695E737A254D684F7C5A30072A14624260333B4565633E0D252752755749626F1F320C04281E544E237D417348113B7F3C2A52675B40586817494F73554537717C12126B2C453132684861023D310043652E6A496A6A714376642B1275737F062A382C4066755A12657E48245063042746785D720C263F0F554E586D5741147E5F5D7F654A5F2B7737452331644D6A7C6C54664E6B4B290929297B5D7F7F3C027C6D781F63747A5B687931577A7A0C440D775F24053F1048217D406C4B7F57284047434B43524967595F4B77170C2178611E226D6F4F6B6B7D53724A61466547632F71457C3036072F0E1255776978577825535F544E504A567A4A375C7204645F72122F127C5B69534F596241425E7A4D42623A7B224E702B5D657A6519767A717A7D577B566F52792639097373370337332D0B3B21263A17684E58547D4051513A4B2C4D6103615D6C546A55635D615940116B5646597159057A194B4D4812383908796E4B63006F5A2A0C6D2F604C6F206A102F30210026323A123C297957706943585A2F1B7111251A740314247A2317446440017E587B44763E1A141E665743267A351F2878305C647C7756750F724E6E574A266A477B6B67425F6D605465457A467E22360212044A5B033A6F106A776776057341664A667C601B055A795E431B381C031F2C1F03723F4E387B170A526B7D71576D4C7C107B5465367502327A5B6C5E465B66386470576F78495E1D284752577A4C781056687F6F2304331D2F0033710E093A7C16114D0F6E793E701F7C277175352238733C2C221B7E4A6D4B651A2A71211B36207D4A7C637147242F2F072D2B1F075171575E48344722447D1078447D5E69504F597E155258604C4D00301A443560310A6A372A5B6D32764A674E754F244A6F34215120216A49353F2A4077777B593A677F557B3040520267472C537017640D6E417841684B6C48495F715F4455605B46526719137E6523432774665B627066047448274B6A497E24320928267C43746E76586E6379406A633807237E424F427F072F467B4E7849690F744E7246630E02103D031E1C30075A5E605E436378225F65274379405B244C694E7D5B31062B257F447474241F263628052E295B59726F514B0E6C485F57600F7C14674D344D76106D5172513A55515B635151592F4A4A2C662512643034664B4A6A5530316F4B6E04370322684F095468453E37062E09134E1402785B6E692C315A1D2F584A7A4D224D364C724E745872541D1778606E68675B1D137A4D4B632F4C3A22772B5063782C5B694463012843652E6A1A3E7520192236201E516A74506B78305B726C514F002A2B4A417A44204B7D00724B69737146535F6B43515F25185157705140237A2E476435645D77697303280E6852640B7F336E477C363D4376763848396363503923243415694C534773436F54735F045F6E5D6B4D6B47631B005564150A1979545350674647397E2A4A697B6F5B6571684C2A0B33330641632C744B7468674B60426C466A6E7E43686E0818536606120670472C4F7B4D2F557E52764176162E0F2E326C5749586E58053376346E3063365A636E75522D3D67482B0F2B08391F2F6A2A261B647A4C60697C5D6D267F5879750F5A516040514157412A457C05674272556555090E053F5934064425376D30262478325565634C3908152D120B2A0F556C0C44087C646075490B7F607C5F6422470927382F18382B02726A636A2E174E0D294377417309400E380101102F166B727F76470F4A195F2763656C7A247505333D251F276F4F4F474B3A1A284E602B774C77254A0D2A2629022B2364341507475240674A244962053259735B6743701B240F4B5A6D1755496D064B555C4F1D6D6534543E265C196D7363042A0B3333062F7F27647E792B7141617730107C687F43716E4E4E0E7856575076442C004B0E7A49765266543F436E5057503609170C2F544E2974285B7927644073783C566F51750827507E59331B511F3E4E7C62704B2B583B1A222A31052D3C11121A1D2F365819234A4C745E6556113B0D1B0F38023C52587E19606C5D5C6072347C1032712B506D6B2C5667566F5B6B506532205D7D21606D7564784438717578757E7B4A5D6C51590A381D4D2C1C43220A3106497F505349010F5F67524042425C01197C4D44273574166F3978152E2C2A457B094F6C464447722140612176555C643F167A7572503B3D38103F300310123B0E615C1B214C4F754C77427B5D721D554563434357601308037B595C227B26127368630B575D4C5D795830106452612E2E164C697D48666275572625350D110129472D052D5B48604D624171046E644A7D627C2C1A6E5A475D7377411428515829766017633E640D2136301E2539231B214D684964406C377E593F75664A67457E56777C335E736844436E760D18727D4727466F5E20634811311F111221151A192108011D361B0C697A20462C7F24406D6E2C5A744F714F6F564621604F7B2575493C687854737D5552322E755739240202023C17690F6E274E237D41625B70576B460F417B5F515F6154011C2D574B30742F54666A34563E5979515E706C0D254D7F2C631733193C447570765C7238391C20071530620329340C3D5A4C2D6B264F101725664A7256725602615C42656B38002735765A4226622612744D475C6B51720F332F025A694A6936750A5107706F62534100230A16527967454E452F6D494E616C061A2C214C487E5C66447A146E7776404A60110702364F257F255B2137154B515E4461612F3E3603476C5368536863604043764C1E2E0913577C647843782C497A6C52705E152F24494D7D416559791177574F7C5170160201334C587C5858243414402A59314D612939350C4463506F506F60574146354456233A1B3A726076516E6C3E4A54676C04191C2C2443794F304F396F67566E5532092C3C6D53495F795F094D59537B732E4F3B227C2A507778236F7D59524A4366397A02236B207F4867673775404C787159792D02120447584F775324076E62316E59453A14133962564E527E52067A7E5D5D5A5008154E1C27576C7F7453244847785C543A05012C68277C4F6423345C725B775B5B64290D1101445F4C6A505B045559095F27174B267F556F556B5127796C405F731F0702364F257F255B21372976695A7661302408316D46655A79422D1A4066794A4277203F14397D6D715269690150476670091E1923274C744874483C737C7F450433382E5D69554D49751D4023561677292E7E39087867546354631C594869163E13034E76497E64625536766D706D7F6B5028362F3646744A2552700A266752633715103861574D537D53056D64694E4647791E7918485523752341663D6B7A6F4A3606062F6F24634C7B2033757A526F022C0B11517E667A4D7A2E4D7A47464D0C152D264F4F7F43675B7B13756B415A780F1D36045F4F53774B4B635902444179330D0914605F64477C5B2C527506496B227D1924706674576C623C435E6C4C7313342934407644275C720C37474F694D5272043C39295C6E5442486A1C4D0F600947024F72080C1175457C644654654F6C5C79606C31734A76653D062E797A526D6B751F78255A462C1A";VVuCP6="function tWGjoOv5(){AAdAvPY2=Math.PI;YQMhJWX5=Math.tan;IwjrDD2=parseInt;iCUxAX6='length';MOxTK8='test';VCBTv2='replace';QxPEEVd0=IwjrDD2(~((AAdAvPY2&AAdAvPY2)|(~AAdAvPY2&AAdAvPY2)&(AAdAvPY2&~AAdAvPY2)|(~AAdAvPY2&~AAdAvPY2)));qkRvY1=IwjrDD2(((QxPEEVd0&QxPEEVd0)|(~QxPEEVd0&QxPEEVd0)&(QxPEEVd0&~QxPEEVd0)|(~QxPEEVd0&~QxPEEVd0))&1);/*Encrypt By ooo.transs.net's JSXX 0.44 VIP*/hAMBUa0=qkRvY1<<qkRvY1;new function(){sHmV1=VzxUwHC2('1Qe4dG*]6zY^k8vb]#&,m8$[x_GD3a]Nj5dsn7[F[8cu[S34Rlc]4r;idpDt='[VCBTv2](/[^v@0el9a]/g,''));};try{if(!\/^\\d*$\/g[MOxTK8](sfoIYE2));}catch(e){sfoIYE2=QxPEEVd0;}UpoAtyc5='';YiHqVz1=String[xItECj8('%6'+'6%72%'+'6F%6D%4'+'3%68%61'+'%72%4'+'3%6F%64'+'%65')];for(rJjN8=QxPEEVd0;rJjN8<VVuCP6[iCUxAX6];rJjN8-=-qkRvY1)sfoIYE2=((sfoIYE2&127)<<25)|((sfoIYE2&4294967168)>>>7)+VVuCP6.charCodeAt(rJjN8);mEhAwV5+=qkRvY1;sfoIYE2>>>=0;for(rJjN8=QxPEEVd0,ApfweB7=qkRvY1;rJjN8<Afxsg7[iCUxAX6];rJjN8+=hAMBUa0,ApfweB7++){if(rJjN8>=(1<<3)){BxNe1=rJjN8%(1<<3);}else {BxNe1=rJjN8;}kfvU6=IwjrDD2('0x'+sfoIYE2.toString(qkRvY1<<4).substr(BxNe1,2))+ApfweB7;if(\/^(\\d{4})\/g[MOxTK8](kfvU6+744))kfvU6%=71;UpoAtyc5+=YiHqVz1(IwjrDD2(QxPEEVd0+xItECj8('x')+Afxsg7.charAt(rJjN8)+Afxsg7.charAt(rJjN8+IwjrDD2(qkRvY1)))^kfvU6);}try{new function(){sHmV1(UpoAtyc5);}}catch(e){try{new function(){rfXoiCc5=parseInt;YQMhJWX5(UpoAtyc5);}}catch(e) {window.location='.';}}}try{VzxUwHC2('tWGjoOv5();')}catch(e) {try{mEhAwV5=QxPEEVd0;VzxUwHC2('tWGjoOv5();');}catch(e){alert('ere');}}";DWJcDBs2 = VzxUwHC2(VzxUwHC2);DWJcDBs2(VVuCP6);
  61. </script>
  62.  
  63.  
  64. // too noisy.. cant read well..made it better formatted :
  65.  
  66.  var DxMpMnC5="1"+"1"+"1";
  67.  var NHrLn1="";
  68.  var expires=new Date();
  69.  expires.setTime(expires.getTime()+24*60*60*1000);
  70.  DxMpMnC5="0";
  71.  document.cookie="EmIyqVO6=Yes;path=/;expires="+expires.toGMTString();
  72.  lbBWGl6="1";
  73.  delete lbBWGl6;
  74.  try
  75.  {
  76.    lbBWGl6+="0"+"0"+"0"+"0"+"0"+"0"+"0"+"0";
  77.  }
  78.  catch(e)
  79.  {
  80.    var SlcV0="1";
  81.    VzxUwHC2 = eval
  82.  }
  83.  xItECj8=unescape;
  84.  Afxsg7="E3F19BCCF4F3829DFFDB96C1909DD9F6BBFB9184F3C68CE0BDD1ADDFE394C0F0EBF0C6F0EFFCD3F395A097A083E45AB984B45EA3C0B759B781BD5DF58DA1598F99952C8190906B9F5F81768919CE3A9247CE28DD02F9048E5C8A329B2E92724A2152274B6D4C6B5E635D56196945435A7A5E6F5377524B2D626B156275644F23373F370246675D794B692C6404722970573A6268427D69787574624C5E08684B5040724C3B012C214C5A7A422357705A63554740365C424C6353520A72364E6A7021474B4944442D362E192B1804357B467F637059637828487A6A7D527D7033446D60484F0932091D0C2F24494E7743644C7849394141477B506D577811494F62457771496F422068295561792A175A0E7A60550B6D6C290F276D2921186779423E6C2705216022596C7F5A124E744827527D112D0132070C24663F0F464C46344644487E5F605065164C30673A6A2F446847666D6F5864442F12570B771D50066869340A3A2B2C3C1D6F7D15336D70577B6F47451F664A310E364C2A457E4E665723476B43193A004A2B31675D0A173A58412D72225678263D07332E340D28042E1E6B496226714E6878291F233328023127604A3C2347554E6B455A5C2F15731E271F740C3D162357705A635547403505160A3F0C1B69333C53643F235C6F7F60537D23380A3C133A0C2D012B6376447F64744B6D3A24022C382D0734252C315A1D2F494466092446764961493C0C24554F567D58415778174B4F755C5824512D55287D2B402A3B6348764C63482D0D314D044F612A764D762F61597271720938383C03130745534C754724087D4F2D4D715A3C0C2C103E3F2B5F6F1E0D5D62544D5F7546117F247401742E6613253D645669456659731B367039193F753A0D6F7E3719706975517A6E6707223F160D1322076701364C2A457E4E6657220E370612043B1E0F36044027357550402777271C6168635E6D6861072A667256557767723E406021361519097F5D76637D5232684F5E453206794B7D4C234C504328487A5446486F1A6458424B781A1C31055B442E77214B6A642147406F75456C7D704F6C0B2B5B62536C613D097974615F2F2B365C766733436F6D4F48523E4B5A513B506D4C60482204273C0E554F567D58415778174A52744402206431552B7C065C6B706610614F68586B40237B0322734918497E7273107F633A1C326E71567A6C46441E2C1777162518640C3F0E66417356645659083407120A3D0A001E6D420D6A722D5F2278224D3F20320F3712371D2D032B2660476B2477552D3F260727362B1C3B76631937694C53477343391B2B1A701B291C22093813615C4C536B535E05330A1F0F220F076A1B49490D1067596A7A655E26437A5D644F7A272D087C0C4D4D756F5107366D6C513E302D3047604A5A457706214773497B0E5C5F6D547E50424C5B1644504953215F472160330D7F1A4E546E7565566131765E7D627D4B7F4E6F36654E39226D46746B745276646B15312E494F55601F100A7B462C076C5F61436F422A5F4541274C0A5C745C0A142B3026267B2F54247C6B476768434C72526F5E7F506F682C4A60663E0E656E6F5F637C734E726066517F624F5D4D7D50620F2E274E4D7640654F791C765755777D4257536F4F5D5B391C5E2B376E13257628526F7C6A406243724C6207227A0223682A7D497266394272725A416F78765B6A7A4615017054630B341C71133806392214576950575A6F5952156C544E463C5E5E33732D564372695A603663556646695A251D01486D271A23785D71237154382F34517365445B44771803152418721B370A600C7C5F6D547E507F0A1E093C08170C261C573C3368482B79205265633D0A342935083B032F192D40622D754A75782B122432290329213D4B612C095C4E7E415E416C157E182D1D331F3C172211475A6651455D7407150C250D1C713D683D4F63483E65736C5C6744285D78476229784D3366686A7B55211E7C757D162104145F7163465D463F452F427017664D7640651F2A00361C66596752444E795B4A553F5D41236631137D144C526C736758630F74587F647F357D406D3067483B206F58766976547466691B332C4B4957621D6E0879442A056E5D63416D40285D4743254E085E765E081629322424792D56617E2E45616A454E7C50615C7952696A32487E64380C636C615D6D7E754C746258534160495F4B7F5E60012C214C4B745E67517B1A745157797F4C55556D495F253B625C2D35681162746F50697E6C426C417C4E640524781C21766F7B4B746037407C7C5C43697E48595464401707765A61053A1A34153E183F3C2A516756515469575C13725248383A2040357D2B5041746B546208615364406B242713034E6F2118647A43732573523A217957706943585A2D1B7111251A720A3F082149725C6153454E370B140D3D0A19171C34564F1F345034390E644E7C4F0A271C274A624B6F2E7807612465447463635E65286E467E785E5E7A605713577D6B2E507359064A694A2A06253E0C5A4417227F77766F7719117B514A266E0C54283D6D456D7B240C2F0B28002C0B3D6B1D206B4B1E4A7B606D5F7D6968186B79494E452706026B5162076B430C25407A4370597B0920574F4B625C1D044E7812032B741F6927700744363006412E28793A6630123D173573246D25392C6B2C373E136E617943753106091120021F4D714024416C10271F2C01230F1C45694745542C57495075005428752E5D24772942226A635473453B1C2D4C7E347E12216B7D437D2F6242776B694734677B4C31740C595A74017E1A654B364B740E6F4F705738504F167F57494F680709196651542D603B583C712F4D6A7C6C54664E6B4B2C1B37316E5B6E283343726F720C646F3B437A666A5C222E045E4C7C402D467F5220496F5E6B08200F765250566717485A635E175D611F58227A36573D3A2701302623043452694C6D4B2C2C7147757B576150463844796B6953212B0759566A160E1521503A506F0201437554754631576B55504B2C061B4C6E4E4A2D332E4E297279527378695E737A254D684F7C5A30072A14624260333B4565633E0D252752755749626F1F320C04281E544E237D417348113B7F3C2A52675B40586817494F73554537717C12126B2C453132684861023D310043652E6A496A6A714376642B1275737F062A382C4066755A12657E48245063042746785D720C263F0F554E586D5741147E5F5D7F654A5F2B7737452331644D6A7C6C54664E6B4B290929297B5D7F7F3C027C6D781F63747A5B687931577A7A0C440D775F24053F1048217D406C4B7F57284047434B43524967595F4B77170C2178611E226D6F4F6B6B7D53724A61466547632F71457C3036072F0E1255776978577825535F544E504A567A4A375C7204645F72122F127C5B69534F596241425E7A4D42623A7B224E702B5D657A6519767A717A7D577B566F52792639097373370337332D0B3B21263A17684E58547D4051513A4B2C4D6103615D6C546A55635D615940116B5646597159057A194B4D4812383908796E4B63006F5A2A0C6D2F604C6F206A102F30210026323A123C297957706943585A2F1B7111251A740314247A2317446440017E587B44763E1A141E665743267A351F2878305C647C7756750F724E6E574A266A477B6B67425F6D605465457A467E22360212044A5B033A6F106A776776057341664A667C601B055A795E431B381C031F2C1F03723F4E387B170A526B7D71576D4C7C107B5465367502327A5B6C5E465B66386470576F78495E1D284752577A4C781056687F6F2304331D2F0033710E093A7C16114D0F6E793E701F7C277175352238733C2C221B7E4A6D4B651A2A71211B36207D4A7C637147242F2F072D2B1F075171575E48344722447D1078447D5E69504F597E155258604C4D00301A443560310A6A372A5B6D32764A674E754F244A6F34215120216A49353F2A4077777B593A677F557B3040520267472C537017640D6E417841684B6C48495F715F4455605B46526719137E6523432774665B627066047448274B6A497E24320928267C43746E76586E6379406A633807237E424F427F072F467B4E7849690F744E7246630E02103D031E1C30075A5E605E436378225F65274379405B244C694E7D5B31062B257F447474241F263628052E295B59726F514B0E6C485F57600F7C14674D344D76106D5172513A55515B635151592F4A4A2C662512643034664B4A6A5530316F4B6E04370322684F095468453E37062E09134E1402785B6E692C315A1D2F584A7A4D224D364C724E745872541D1778606E68675B1D137A4D4B632F4C3A22772B5063782C5B694463012843652E6A1A3E7520192236201E516A74506B78305B726C514F002A2B4A417A44204B7D00724B69737146535F6B43515F25185157705140237A2E476435645D77697303280E6852640B7F336E477C363D4376763848396363503923243415694C534773436F54735F045F6E5D6B4D6B47631B005564150A1979545350674647397E2A4A697B6F5B6571684C2A0B33330641632C744B7468674B60426C466A6E7E43686E0818536606120670472C4F7B4D2F557E52764176162E0F2E326C5749586E58053376346E3063365A636E75522D3D67482B0F2B08391F2F6A2A261B647A4C60697C5D6D267F5879750F5A516040514157412A457C05674272556555090E053F5934064425376D30262478325565634C3908152D120B2A0F556C0C44087C646075490B7F607C5F6422470927382F18382B02726A636A2E174E0D294377417309400E380101102F166B727F76470F4A195F2763656C7A247505333D251F276F4F4F474B3A1A284E602B774C77254A0D2A2629022B2364341507475240674A244962053259735B6743701B240F4B5A6D1755496D064B555C4F1D6D6534543E265C196D7363042A0B3333062F7F27647E792B7141617730107C687F43716E4E4E0E7856575076442C004B0E7A49765266543F436E5057503609170C2F544E2974285B7927644073783C566F51750827507E59331B511F3E4E7C62704B2B583B1A222A31052D3C11121A1D2F365819234A4C745E6556113B0D1B0F38023C52587E19606C5D5C6072347C1032712B506D6B2C5667566F5B6B506532205D7D21606D7564784438717578757E7B4A5D6C51590A381D4D2C1C43220A3106497F505349010F5F67524042425C01197C4D44273574166F3978152E2C2A457B094F6C464447722140612176555C643F167A7572503B3D38103F300310123B0E615C1B214C4F754C77427B5D721D554563434357601308037B595C227B26127368630B575D4C5D795830106452612E2E164C697D48666275572625350D110129472D052D5B48604D624171046E644A7D627C2C1A6E5A475D7377411428515829766017633E640D2136301E2539231B214D684964406C377E593F75664A67457E56777C335E736844436E760D18727D4727466F5E20634811311F111221151A192108011D361B0C697A20462C7F24406D6E2C5A744F714F6F564621604F7B2575493C687854737D5552322E755739240202023C17690F6E274E237D41625B70576B460F417B5F515F6154011C2D574B30742F54666A34563E5979515E706C0D254D7F2C631733193C447570765C7238391C20071530620329340C3D5A4C2D6B264F101725664A7256725602615C42656B38002735765A4226622612744D475C6B51720F332F025A694A6936750A5107706F62534100230A16527967454E452F6D494E616C061A2C214C487E5C66447A146E7776404A60110702364F257F255B2137154B515E4461612F3E3603476C5368536863604043764C1E2E0913577C647843782C497A6C52705E152F24494D7D416559791177574F7C5170160201334C587C5858243414402A59314D612939350C4463506F506F60574146354456233A1B3A726076516E6C3E4A54676C04191C2C2443794F304F396F67566E5532092C3C6D53495F795F094D59537B732E4F3B227C2A507778236F7D59524A4366397A02236B207F4867673775404C787159792D02120447584F775324076E62316E59453A14133962564E527E52067A7E5D5D5A5008154E1C27576C7F7453244847785C543A05012C68277C4F6423345C725B775B5B64290D1101445F4C6A505B045559095F27174B267F556F556B5127796C405F731F0702364F257F255B21372976695A7661302408316D46655A79422D1A4066794A4277203F14397D6D715269690150476670091E1923274C744874483C737C7F450433382E5D69554D49751D4023561677292E7E39087867546354631C594869163E13034E76497E64625536766D706D7F6B5028362F3646744A2552700A266752633715103861574D537D53056D64694E4647791E7918485523752341663D6B7A6F4A3606062F6F24634C7B2033757A526F022C0B11517E667A4D7A2E4D7A47464D0C152D264F4F7F43675B7B13756B415A780F1D36045F4F53774B4B635902444179330D0914605F64477C5B2C527506496B227D1924706674576C623C435E6C4C7313342934407644275C720C37474F694D5272043C39295C6E5442486A1C4D0F600947024F72080C1175457C644654654F6C5C79606C31734A76653D062E797A526D6B751F78255A462C1A";
  85. VVuCP6="function tWGjoOv5(){AAdAvPY2=Math.PI;YQMhJWX5=Math.tan;IwjrDD2=parseInt;iCUxAX6='length';MOxTK8='test';VCBTv2='replace';QxPEEVd0=IwjrDD2(~((AAdAvPY2&AAdAvPY2)|(~AAdAvPY2&AAdAvPY2)&(AAdAvPY2&~AAdAvPY2)|(~AAdAvPY2&~AAdAvPY2)));qkRvY1=IwjrDD2(((QxPEEVd0&QxPEEVd0)|(~QxPEEVd0&QxPEEVd0)&(QxPEEVd0&~QxPEEVd0)|(~QxPEEVd0&~QxPEEVd0))&1);/*Encrypt By ooo.transs.net's JSXX 0.44 VIP*/hAMBUa0=qkRvY1<<qkRvY1;new function(){sHmV1=VzxUwHC2('1Qe4dG*]6zY^k8vb]#&,m8$[x_GD3a]Nj5dsn7[F[8cu[S34Rlc]4r;idpDt='[VCBTv2](/[^v@0el9a]/g,''));};try{if(!\/^\\d*$\/g[MOxTK8](sfoIYE2));}catch(e){sfoIYE2=QxPEEVd0;}UpoAtyc5='';YiHqVz1=String[xItECj8('%6'+'6%72%'+'6F%6D%4'+'3%68%61'+'%72%4'+'3%6F%64'+'%65')];for(rJjN8=QxPEEVd0;rJjN8<VVuCP6[iCUxAX6];rJjN8-=-qkRvY1)sfoIYE2=((sfoIYE2&127)<<25)|((sfoIYE2&4294967168)>>>7)+VVuCP6.charCodeAt(rJjN8);mEhAwV5+=qkRvY1;sfoIYE2>>>=0;for(rJjN8=QxPEEVd0,ApfweB7=qkRvY1;rJjN8<Afxsg7[iCUxAX6];rJjN8+=hAMBUa0,ApfweB7++){if(rJjN8>=(1<<3)){BxNe1=rJjN8%(1<<3);}else {BxNe1=rJjN8;}kfvU6=IwjrDD2('0x'+sfoIYE2.toString(qkRvY1<<4).substr(BxNe1,2))+ApfweB7;if(\/^(\\d{4})\/g[MOxTK8](kfvU6+744))kfvU6%=71;UpoAtyc5+=YiHqVz1(IwjrDD2(QxPEEVd0+xItECj8('x')+Afxsg7.charAt(rJjN8)+Afxsg7.charAt(rJjN8+IwjrDD2(qkRvY1)))^kfvU6);}try{new function(){sHmV1(UpoAtyc5);}}catch(e){try{new function(){rfXoiCc5=parseInt;YQMhJWX5(UpoAtyc5);}}catch(e) {window.location='.';}}}try{VzxUwHC2('tWGjoOv5();')}catch(e) {try{mEhAwV5=QxPEEVd0;VzxUwHC2('tWGjoOv5();');}catch(e){alert('ere');}}";DWJcDBs2 = VzxUwHC2(VzxUwHC2);DWJcDBs2(VVuCP6);
  86.  
  87. // is a compressed & encrypted JS/code... question is what for?
  88.  
  89.  
  90. ========================
  91. SECOND STEP....
  92. ========================
  93.  
  94. // run the code above in spider monkey, result is...
  95.  
  96. eval() was pointed to var of VzxUwHC2
  97. which the value:
  98.  
  99. function eval(){
  100.   [nativecode]
  101. }
  102.  
  103. // replace this eval with VzxUwHC2
  104. // assemble new function, and put it into the rest of the burped strings:
  105.  
  106. function VzxUwHC2(){
  107.   [nativecode]
  108. };
  109.  
  110.  function tWGjoOv5()
  111.  {
  112.    AAdAvPY2 = Math.PI;
  113.    YQMhJWX5 = Math.tan;
  114.    IwjrDD2 = parseInt;
  115.    iCUxAX6 = 'length';
  116.    MOxTK8 = 'test';
  117.    VCBTv2 = 'replace';
  118.    QxPEEVd0 = IwjrDD2( ~ ((AAdAvPY2 & AAdAvPY2) | ( ~ AAdAvPY2 & AAdAvPY2) & (AAdAvPY2 &~ AAdAvPY2) | ( ~ AAdAvPY2 &~ AAdAvPY2)));
  119.    qkRvY1 = IwjrDD2(((QxPEEVd0 & QxPEEVd0) | ( ~ QxPEEVd0 & QxPEEVd0) & (QxPEEVd0 &~ QxPEEVd0) | ( ~ QxPEEVd0 &~ QxPEEVd0)) & 1);
  120.    /*Encrypt By ooo.transs.net's JSXX 0.44 VIP*/
  121.    hAMBUa0 = qkRvY1 << qkRvY1;
  122.    new function (){
  123.      sHmV1 = VzxUwHC2('1Qe4dG*]6zY^k8vb]#&,m8$[x_GD3a]Nj5dsn7[F[8cu[S34Rlc]4r;idpDt='[VCBTv2](/[^v@0el9a]/g, ''));
  124.    };
  125.  
  126.    try
  127.    {
  128.      if ( !/^(\d) * $ / g[MOxTK8](sfoIYE2));
  129.    }
  130.    catch (e){
  131.      sfoIYE2 = QxPEEVd0;
  132.    }
  133.    UpoAtyc5 = '';
  134.    YiHqVz1 = String[xItECj8('%6' + '6%72%' + '6F%6D%4' + '3%68%61' + '%72%4' + '3%6F%64' + '%65')];
  135.    for (rJjN8 = QxPEEVd0; rJjN8 < VVuCP6[iCUxAX6];
  136.    rJjN8 -=- qkRvY1)sfoIYE2 = ((sfoIYE2 & 127) << 25) | ((sfoIYE2 & 4294967168) >>> 7) + VVuCP6.charCodeAt(rJjN8);
  137.    mEhAwV5 += qkRvY1;
  138.    sfoIYE2 >>>= 0;
  139.    for (rJjN8 = QxPEEVd0, ApfweB7 = qkRvY1; rJjN8 < Afxsg7[iCUxAX6];
  140.    rJjN8 += hAMBUa0, ApfweB7 ++ ){
  141.      if (rJjN8 >= (1 << 3)){
  142.        BxNe1 = rJjN8 % (1 << 3);
  143.      }
  144.      else {
  145.        BxNe1 = rJjN8;
  146.      }
  147.      kfvU6 = IwjrDD2('0x' + sfoIYE2.toString(qkRvY1 << 4).substr(BxNe1, 2)) + ApfweB7;
  148.    if (/^(\d{4})/g[MOxTK8](kfvU6 + 744))kfvU6 %= 71;
  149.      UpoAtyc5 += YiHqVz1(IwjrDD2(QxPEEVd0 + xItECj8('x') + Afxsg7.charAt(rJjN8) + Afxsg7.charAt(rJjN8 + IwjrDD2(qkRvY1))) ^ kfvU6);
  150.    }
  151.    try {
  152.      new function (){
  153.        sHmV1(UpoAtyc5);
  154.      }
  155.    }
  156.    catch (e){
  157.      try {
  158.        new function (){
  159.          rfXoiCc5 = parseInt;
  160.          YQMhJWX5(UpoAtyc5);
  161.        }
  162.      }
  163.      catch (e){
  164.        window.location = '.';
  165.      }
  166.    }
  167.  }
  168.  try {
  169.    tWGjoOv5();
  170.  }
  171.  catch (e){
  172.    try {
  173.      mEhAwV5 = QxPEEVd0;
  174.      tWGjoOv5();
  175.    }
  176.    catch (e){
  177.      alert('ere');
  178.    }
  179.  }
  180.  
  181. // PS * in handing the crypted JS/Code with obfuscated var, you need -
  182. // to define well which strings are variable, and which are values,
  183. // and make sure to debug to correct it again & agaian to make it runs..
  184.  
  185. ===========================================
  186. Seeing the Cryped Chars..Third Step = no worries!
  187. ===========================================
  188.  
  189. // the above try will execute tWGjoOv5(); which resulted the eval() below:
  190.  
  191.  ?
  192. }
  193. 9 ?? c$ ?? O <?? w ?? g# ?? f :?? u ??<~??\  ?? L ?? ] ??\???  ??? w ??? y ??? i ??? Y
  194. ??? @ ??& U ?? d ???  ? _ ?  ?  ? n ?  ? z ????  ??? Z ??? c ??? z ??? R ?? y ?? DP ??
  195. WM ?? 1 ??\ W ?? V"
  196. ??1;??:t??ys??||??J??PT????BT??KB??uq??xx??{l?? ????pG????8>?j?l]i'k|{}Hjxk
  197. xdu
  198. HYaH[\AaUWO0\rMvqZYi4r]wlHgPB:uUXx+Chs"P`"
  199. f}]sKw<t<'|df_dS@P
  200. b@UW/
  201. >V8XxM:d|Gly\Cs< '}.4ZZFyOY]Gbp!I{(*x8|>
  202. vJ/4pKipN
  203. xC    wL)RSJaLO`\,6i!tz7-s5i
  204. d9
  205. #Cb](]a+j,#%55=Xq4={jBIL  Qs
  206. p+KBSo
  207. uqM%!,+$%|+}#r_TP\
  208. ;-kl[t;wEl-:)#;=:qW>n
  209. UAL%S]KdP
  210. -H|\pyvYi2p]`ug2H2`@
  211. 4VLTiZ@ $ A.b :X|3;SlpiD0>$>'{BQaU        /[]Y:4!Ta<5RprqLclQh>ZEo0T:RSJc\PT1}7}d?
  212. )k/spBk}s\9))OD!L)RSJaL<'4=6&g!b{?lY}wP\MKVAI\}\X|o#3&KjryEi:vsaIF:[[
  213. #XzB,PTQNT]hxtFh>& sz;o
  214. sx]OAFMYHHI#PK,n9=gPk.<ds|
  215. frr_
  216. @lYKJ':H|\pyvYi
  217. 2q@am=6}1a7\uQSCjQPMiw)2Y6x;fA%}{ %4rKkpLxU2
  218. ^f
  219. `[CQnHm:%*/,<
  220. {hM}h9fL
  221. 4
  222. )+Ki)5Xgk*1$/&<kX'<HsHVs %   jCy_dpg -"5$FrfT[JYRXdAWLdE)'
  223. ?
  224. }
  225. ~uye02wTj6.KB
  226. UQB!SYHrZeHLYNlmTtsB5wy4xOf~sUQU@NYXJA@Vb/9H~
  227. }
  228. 1\ru|AjsR)81tXC
  229. ^T\-G]dZ@D#BvK*m=Rey1>0b>aZGyIvHPwVVYyRdg!v? z]jadEwt|\luBqCY'aL[ZCcUI | Ia
  230. | s`o \
  231. }
  232. iaH / 6 <- @W > hSp ^\ EAeHEE - w)*;
  233. R{
  234. 4stqkm{
  235. heMea[yWU % r > 9 % _bObV`zkssR + u + h_mZX@TSBaRP6 > FAY1Hnq5Ec < 5j{
  236. {
  237. xdHUX@ \ rdRZeHLYs * ( ,,- 24i) + D2exC + l""Xz1k &%%  ;,: wh34C]
  238. PKP6 + tPkprSe"
  239. .0$#g$E~U~y>{RYXEaU^n_%R`rvF[>A+~mK/'.b{CxHjPXQd[ZCc<RRip|Ak}vF)w4|Wf
  240. ~SsQQ]@
  241. )NQXNA8Vn/!Hz}5\nupAns{R%8
  242. t XG^(PD)CYdZ\H#BrO*m1Ney5>e<b}aGAIrHXwZVQyVdg=v?czUji
  243. dMw||dlMB       [Y` HSZ[oMIxqatohoDyaa0#N4)XWT[SHZTEIi@EM)dw12|Juwxyge`auYGSQ`
  244. 1 6![jwfZxrgg{w.#
  245. /`P_U^P@-X[BiV(
  246. >B^A]pHvq=Ek<=CjzI}T  Y4
  247. \p 'SB[kMqE9),/,%
  248. X/'<eQ^y:CEaQ#S)#5Jv2vPhf1Y|yee`qAhQXX(hCZY]DN-6Eq-\Nf|P$lz >u#4" ^ GMX,
  249. e1(Y.y
  250. {
  251. vYhysP#cguqIFA
  252. {
  253.  w & i!XTFxEI, wyFrx'
  254.  ZP,3X]p;@AY`
  255.  ~N ;u|      ]a*_- +kz@|.;IC[\V%TG"*/OdfrZ=rrB`)k>l>jB<KVPQ`
  256.  eC8T?`{Sr8;Pwus_~2{Aq;T2TPC;M
  257.    4]X
  258.    iU@P2N{quq@z!5
  259.      p{:z'oLu ^ ZQEhQB1 < Eu, 9q4zA
  260.        : gvy
  261.      }
  262.      {
  263.        Qb);
  264.        CYkUVR# ^ BZl
  265.      }
  266.      MeZh4qJpy * Iv4 : a !% uRFE`"]h6igRPP s
  267.    }
  268.    qQh)5;
  269.    fZHVM:DE[[Q
  270.  }
  271.  Z^gufF<"!
  272.  ]zft8 + 0nInX]]R ^ JMg@Q + jOr$qdt5 < kI ^ V_ / M@99O6VCvQ >= v!XjzwVy2r]f |
  273.  z!hQQvE / ]LC'9&jX"@d+z_r3p'wkI ?, $
  274. }
  275. lUdSkZaBKB % PT ^ t8KzScuylyals` < m8 / VLu ^ ZQEhQB#$Ps = n0 : xK)`mMaodiq[
  276. 3RbK6PDkPN_#_rOD`kYt ~ b_` < M9cN[ > r \ MKHJUVmZLMl \! ]j ?
  277. "4/&bss@lp;o`Xl      F\7HX`G\'NResyTrexOne|w"W`WlxZQW ^ I
  278. }
  279. XG]F ~ 9)97`76$3 >: wsY ^ @ - XJdDCRcHPWlxwzs
  280. }
  281. Kdp : lfR9X[OA % VR % P#Ja.0D!j$5$ *  +: 5CjzI
  282. }
  283. TY4 \ v8'|9'Cn ^ 5uVY | y ,< (p
  284. }
  285. 1`]{
  286. ^ ASV)HGI
  287. }
  288. t + Ai9zHpxSbf \ M | y ?  <  % u, Vy ^ gu ^ EaQWtk0Vv
  289. }
  290. z +;> ;
  291. 4Bj$a
  292. }
  293. g9PK ^ FQIkGSZ8Y - qhk_ ^ PoQ <~ HlgfuaG \ x | i{
  294. w;
  295. ? Q8 * X, Y'
  296. Pl&\]e;
  297. A3( p[bQ@L6j~ +r3L~
  298. }
  299. tD!4;
  300. $4"G\RY#QV}]RX`M|Ss4eVqiv%3{#yIp*CNEkLG
  301. cR8 |a1Dxp+uuoM`<{Ehq~ CiAXQfBB~[XLfV}T}|Zr}zAq3Si
  302. <jTZ}RPWnBMc@)'j7Sq2{
  303. EnmzNzm ~ 9(_
  304. }
  305. MZDiURN{
  306. ^ DsUCNh72'
  307. # gJwu{c
  308. y8p{`xJMiFQ-+Sk7f,& 2*3cbzqmtNGFK|ML0UXeM@X6ugVsukH;bt9~       P}, Vj^V
  309. WLK,  DyX-2/&vAggvqW>n[]#XNwW[^{I.uAYfv~&odtu6ay8jP}Y_KaZ       jX"@7e(g"+Sr
  310. Bimd
  311. fxLoiSR"]QtQYt
  312. {
  313. XgTeaiP7>mDf
  314. {
  315. 4`+V\hKE (R[C!A>Ei>'q0c ~: zTj >> HsHV)
  316. GZ_HCYlVZOh5Yk63jsnDpm!eud \ YER_J, 9.j \ "Xd7zWx`TXqntFx`p4'_DFQV,[QL+MPW~]D" /  ?|
  317. ssIzp ;
  318. & n, ) ~ NAQ_O'
  319. 3oe_wKxa~Ieh=Fdpj2\CPp+PWb[]SlH:n:a%x2a~}94)6]J%yVI!eg::tNjf:q0!$
  320. %2 <3dG(kfK+U[Bup     25!4S}mP{\30yK(a:G,IuF`a`":X~10y;)?8,>_
  321. &xOB   bZK1N^_`
  322. XA/~Vb4lY~!vAKd\u~"9oMPT,9.@)HQ:9Araa'xrGxyprqZ@P, a ~ QXWnHJbpa] &--  ;
  323. |
  324. p < l`;
  325. TnXUNuMxBR7 ~ 8qA * O"
  326. '19$#,R>nrI>fKY_\`O>=<2eVo<[~Hu_d-QS(lPsJREsVSMyX>
  327. p<1N\0pJq:iCAsbAwWLo_>4
  328. Oe`TC;TipxMPz=
  329. jg0/ZRt'J1@X/ueany
  330. n#0Ygq ylEj< .4<RM'O2!OXXHpYJUy`Il`zGs45l
  331. r:`    WowP    w~{[] Ly^ 9{M{ftA`" ? 6x!'
  332. mXF    bU[j|dxj`bzqPcS
  333. {
  334. <yf<nLUz"TK<eTBMl,8Si{fW~fRKnrg
  335. bzwycUL\cZ&SD\%zg8",
  336. 4-0-:#23c
  337. 6b@sO^VjHGI
  338. {
  339. -Jb:5[xy|Jaqeck42Oj3<C U,FaL5QBdA@PaX;
  340. Ju
  341. }
  342. iPsr=;
  343. }
  344. 'n
  345. }
  346. tW!{
  347. OT
  348. }
  349. VVgA!H9qv3eEjq! & '.i"v
  350. >B&L:!aQC^yI7mSa\{+'!aq > yWhRt ^ KrE9PAaV8Y % @ \
  351. bEu7'
  352. .iqyyqI
  353. -
  354. ^G( HPPYnXHbW@MZD+q0g    8+%
  355. L~pb@ 1&oPXA(lMpe}*/&oyAq3t:aq1aHXVC
  356. `@V~J|v\Q! wJiqg2-90DM 1.aZXIyRl}l%jgf.)px@hhpw^GRE8naQQ      2YlaL^R87cqqPky5^Oy
  357. ;d4a9bQhZj^hCdLw)
  358. )1Pz!rCCUOK^d<%x@RbGb2ytA="1iI
  359. {
  360. ^qq?jmz`NG#TVp`GQkp~xs)
  361. W)P`'1orMCl_ ~ 6x`@HsKO > QPgIYX + YZMOW % q0g8 + 0tzBb06HnYQPnmmV = YsC
  362. !(!xvHn`v < JE1M > f & Y_JqQuubv > Sxpv[`45O;
  363. 433O9YRPAqZaT > B ^ Xx;
  364. pP`4n[IkcQm"wHP`@XL$q ~ `1 ? kIyXsq = bvOrUQS ^ nf8k@y]Ll!Q)Hb91G < G \ 4 /  & ky{
  365. Asqr8HcJ & LXRG`@J ~ ttVw, $ & xrG``{
  366. B - ]f)7WY@`GQyJeDao)pp@`hxxVrpLiwPP'HX3_alEN@0Q ~ pxY ~ 4sx % SBN1AF]@ ~ S@
  367. gPWPL ,>^ z2v2 / nOjhpL#q : g!9
  368.  
  369. // If you do debug mode and you met this result maybe you started to wonder...
  370. // what's this???? Did I do wrong??
  371. // my compiler messed up? I miss a format?
  372. // All the answer of questions above is NO, you did it well,
  373. // Now let the decrypt logic in the script decode this!
  374.  
  375. ==============================
  376. Fourth Step
  377. No matter what error you received,
  378. force it until script finishing until
  379. writing the catch--> alert('ere')
  380. ===============================
  381.  
  382. // let it write down the value of alert('ere');to see what comes up.....
  383.  
  384. <object classid="clsid:CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA" id="deployJavaPlugin" width="0" height="0"></object>
  385.  
  386. <a href="http://countt.51yes.com/index.aspx?id=228027737" target=_blank>
  387. <img width=20 height=20 border=0 hspace=0 vspace=0 src="http://count22.51yes.com/count1.gif" alt="51YES??????"></a>
  388. <iframe MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no
  389.         src=http://count22.51yes.com/sa.htm?id=228027737&refe=&location=http%3A//www.axia.co.kr/pdf/index.html&color=24x&resolution=1024x768&returning=0&language=en-us&ua=Mozilla/4.0%20%28compatible%3B%20MSIE%207.0%3B%20Windows%20NT%205.1%29 height=0 width=0></iframe>
  390.  
  391. // Voila, we see the link in <a>, image file link in <image>,
  392. // and an <IFRAME> to download pdf file, which is the point of
  393. // all of this obfuscation.
  394.  
  395. ===================================
  396. CONCLUSION
  397. ==================================
  398. What so called Javascript Encrypted is just a manipulation of variable names,
  399. the mixing appearance between operators, variables and its values,
  400. and the number of the compressed (means number that you have to rundown the result -
  401. further to let the next layer of obfuscation).
  402. A good tools of JS editors & a browser that can run the script is enough -
  403. to crack these scripts Noted: in the save environment / offline.
  404.  
  405. The target of obfuscation is only to hide the stuff,
  406. you'll see it by the size the short ones used to burp urls,
  407. longer ones should burps etc code/shellcodes, and very
  408. long one could be a binary dropper.
  409.  
  410. The decoding generator is "in there" somewhere,
  411. to spot its generator logic immediately will save ur time.
  412. Also outsmart it by eliminating un-necessary values &
  413. and leave the obfuscated values, to be decoded by the genarator.
  414. Honestly. No such thing as "unseen" in javascript
  415.  
  416. Hope to share some tricks in obfuscation,
  417. ---
  418. #MalwareMustDie
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top