收藏本站 |切换到宽版 | 更换论坛皮肤

找回密码忘记邮箱 QQ快速登录快速登录快速注册

卡饭»论坛 › 安全区 › 病毒样本分享&分析区 › 这个是病毒么?

发新帖

查看: 1950|回复: 4

收起左侧

[病毒样本] 这个是病毒么?

shj840117

发表于 2007-5-7 11:25:52 | 显示全部楼层 |阅读模式

本帖子中包含更多资源

您需要登录才可以下载或查看，没有帐号？快速注册

x

回复

kp2006

头像被屏蔽

发表于 2007-5-7 11:27:07 | 显示全部楼层

迅雷卡吧组件没发现病毒

回复

欠妳緈諨

发表于 2007-5-7 11:48:34 | 显示全部楼层

红伞AVAST不报，估计不是毒

回复

马力

发表于 2007-5-7 11:50:04 | 显示全部楼层

驱逐舰挂

回复

moonsilver

发表于 2007-5-7 13:20:35 | 显示全部楼层

function check_value(val, def, type)
{
try
{ val = "" + eval("window." + val);}
catch(e)
{ val = "";}

if(val == "undefined" || val == "")
return def;
else
{
if(type && !isNaN(parseInt(val)))
return parseInt(val);
else if(type)
return def;
else
return def == "no"  && (!isNaN(parseInt(val)) || val.indexOf(",") > 0) ? val + "&pi=" + val : val;
}
}

function bEscape(param, mode)
{
return window.encodeURI ? (mode ? decodeURI(param) : encodeURI(param)) : (mode ? bEscape(param,1) : bEscape(param));
}

function t_about(pname)
{
opener = winObj.open(ap_url + "/about.aspx?pb=" + pname,"ta","height=227,width=490,status=no,toolbar=no,menubar=no,location=no,scrollbars=yes");
}

function getField()
{
FieldKey = "";
skip = "";

if(check_value("b_key", "", 0) != "")
{
keys = eval("b_key");

if(keys.length > 0)
{
for(k=0;k<keys.length;k++)
{
if(FieldKey == "")
{
if(keys[k].indexOf("*") > 0)
{
fld = keys[k].substring(0, keys[k].indexOf("*"));
skip = keys[k].substr(keys[k].indexOf("*") + 1);
}
else
fld = keys[k];

if(fld.indexOf("=") > 0 && location_url.indexOf(fld) > 0)
location_url = location_url.replace(fld, "q=");
else
{
try
{
if(eval(fld))
{
if(typeof(eval(fld)) == "object")
{
obj = eval(fld)[0] ? eval(fld)[0] : eval(fld);
switch(obj.tagName.toLowerCase())
{
case "input":
txt = obj.value; break;
case "select":
txt = obj.options[obj.selectedIndex].text; break;
default:
if(document.all && obj.innerText)
txt = obj.innerText.toLowerCase().replace(/\n|\r/g,' ').replace(/\s+/g,' ') + " ";
else if(obj.innerHTML)
txt = obj.innerHTML.toLowerCase().replace(/(\<(select|frame|iframe|button|object|embed|frameset|meta|link|--\!\>|option|script|style|title))\s*[^\>]*\>([^\<]*\<\/(select|frame|iframe|button|object|embed|frameset|meta|link|--\!\>|option|script|style|title)>)?/g," ").replace(/&(nbsp|quot|copy|#149|#8226|#183|raquo);/g," ").replace(/<\S[^>]*>/g," ").replace(/\W/g," ").replace(/\r+|\n+/g," ").replace(/\s+/g," ") + " ";
}

if(txt != "")
FieldKey = GetWord("?q=" + txt, skip);
}
else if(typeof(eval(fld)) == "string")
FieldKey = GetWord("?q=" + eval(fld), skip);
}
}catch(e){}
}
}
}
}
}
return FieldKey;
}

function GetSearch()
{
keyWord = getField();
try
{
ref = "" + document.referrer.toLowerCase();
url = "" + document.location.href.toLowerCase();

if(url.indexOf("?") != -1)
keyWord = GetWord(url, "");
if(keyWord == "" && ref.indexOf("?") != -1)
keyWord = GetWord(ref, "");
if(location_url.toLowerCase() != url && keyWord == "" && location_url.indexOf("?") != -1)
keyWord = GetWord(location_url.toLowerCase(), "");
if(get_param(winObj.name, "key") != "" && keyWord == "")
keyWord = get_param(winObj.name, "key", 1);
else
set_param(keyWord);
}
catch(e){}
return keyWord;
}

function GetWord(string, strip)
{
result = "";
s_params = new Array("search","words","query","q","p","word","qu","keyword","keywords","srch","searchfor","qt","searchfor","qry","phrase","terms")
parameters = string.substr(string.indexOf("?")+1);
param = parameters.split("&");
r_strip = new RegExp(strip,"ig");
r_param = "  " + s_params.join(", ") + ", ";

for (i=0; i<param.length; i++)
{
if(param.indexOf("=") != -1)
val = param.split('=');
else
      continue;

if(r_param.indexOf(" " + val[0] + ", ") > 0)
{
result = " " + bEscape(val[1],1) + " ";
      if(result.indexOf("cache:") >= 0 && result.indexOf("+"))
result = result.substr(result.indexOf("+"));
if(r_strip.source != "")
result = result.replace(r_strip,' ');
result = cleanTitle(result)

if(result != "" & result.length > 2 & val[0] != "search")
break;
}
else if(val[0].indexOf("tpq") >= 0)
tpq = "&tpq=" + bEscape(cleanTitle(bEscape(val[1],1)));
}
return result != "" && result.length > 2 && result.length < 250 && "" + parseInt(result) != "" + result ? "&key=" + bEscape(result) + "&sm=" + check_value("b_smode", "0", 0) : "";
}

function GetLinkTitle(event)
{
try
{
evt = winObj.event ? winObj.event : event;
evtObj = evt.target ? evt.target : evt.srcElement;
evtObj = evtObj.tagName != "A" && evtObj.parentNode.tagName == "A" ? evtObj.parentNode : evtObj.tagName != "A" && evtObj.parentNode.parentNode.tagName == "A" ? evtObj.parentNode.parentNode : evtObj;
alt = evtObj.childNodes.length > 0 && evtObj.childNodes[0].tagName == "IMG" ? evtObj.childNodes[0].alt : "";
wTargets = "_self, , _top, _parent, ";
linkTitle = "";

submit_value = "";
frms = document.forms;
if(frms.length > 0)
{
for (f=0; f<frms.length; f++)
{
felmnt = frms[f].elements;
if(felmnt.length > 0)
{
for (e=0; e<felmnt.length; e++)
{
if((" " + felmnt[e].type).indexOf("text") > 0 && felmnt[e].value != "" && felmnt[e].value.length < 250)
submit_value += " " + felmnt[e].value;
if((" " + felmnt[e].type).toLowerCase().indexOf("select-one") > 0 && felmnt[e].selectedIndex > 0)
{
stext = felmnt[e][felmnt[e].selectedIndex].text
if(stext.length > 2 && parseInt(stext) != stext)
submit_value += " " + stext
}
}
}
}
}
objTxt = cleanTitle(document.all ? evtObj.innerText : evtObj.innerHTML)
if(objTxt.length < 100)
{
linkTitle = objTxt + " " + alt
if(linkTitle.length < 6)
{
linkTitle = cleanTitle(linkTitle + " " + submit_value);
}

if(evtObj.tagName == "A" && evtObj.href != "")
{
pLink = cleanTpq(evtObj.href);
linkTitle = (pLink.indexOf("?") > 0 ? "&" : "?") + "tpq=" + bEscape(linkTitle);
if(!evt.shiftKey && (wTargets.indexOf(evtObj.target + ", ") > 0 || check_value("b_over", 1, 1) == 1))
set_param(linkTitle.replace("?","&"));
else if(evtObj.target == "_blank" && !evt.shiftKey)
evtObj.target = linkTitle;
else if(tpq_mode == "1")
evtObj.href = pLink.indexOf("#") <= 0 ? pLink + linkTitle : pLink.split("#").join(linkTitle + "#");
}
else
set_param("&tpq=" + bEscape(linkTitle));
}
}catch(e){}
}

function cleanTitle(txt)
{
r_clean = new RegExp(check_value("b_clean", "", 0),"ig");
r_repl = new RegExp("\\-|\\s\\w{1}\\s|\\s\\w{15,}\\s|\\s(\\d+){5,}\\s", "ig");
txt = (" " + bEscape(txt,1) + " ").replace(/<\S[^>]*>|\&(.*)\;|\((.*)\)|\/(.*)$|http\:[\w\_\/\-\.\\\?\&\#\%\:]+|[\w\_\-\.]+@[\w\_\-\.]+|^ next(.*)$/g," ");
txt = r_clean.source != "" ? txt.replace(r_clean,' ') : txt
txt = txt.length < 140 ? txt.replace(/\_|:|\;|\粅\珅\-|\,|\{|\}|\$|\#|\[|%|\]|\~|\@|\+|\(|\&|\)|\!|\>|\^|\<|\?|\"|\'|\東\=|\/|\||\.|\*|\\|\s+/g," ").replace(r_repl,' ').replace(/^\s+|\s+$/gi,'').replace(/\s+/gi,'+') : "";
cleanTxt = bEscape(txt,1).replace(/\s+|\+|^\s+/g,"");
return (cleanTxt.length > 2 && cleanTxt.indexOf("http") != 0 && cleanTxt.indexOf("www") != 0 && (isNaN(parseInt(cleanTxt)) || ("" + parseFloat(cleanTxt)).length < cleanTxt.length)) ? txt : ""
}

function find_text()
{
f_txt = "";
f_name = "";
try
{
f_txt = cleanTitle(winObj.document.title);
f_name = winObj.name;
}catch(e){}
mode = 1;
if(get_param(f_name, "tpq") != "" && get_param(f_name, "tm") != 0)
{
   f_txt = get_param(f_name, "tpq");
   mode = 0;
}
if(f_txt == "" && location_url.indexOf("/") > 0)
{
url_array = bEscape(location_url,1).split("/");
if(url_array[url_array.length - 1].lastIndexOf(".") > 0) url_array[url_array.length - 1] = url_array[url_array.length - 1].substr(0, url_array[url_array.length - 1].lastIndexOf("."));
f_txt = cleanTitle((url_array.length > 4 ? url_array[url_array.length - 2] : "") + " " + url_array[url_array.length - 1]);
}
set_param("&tpq=" + bEscape(f_txt) + "&tm=" + mode);
return "&tpq=" + bEscape(f_txt) + "&tm=" + mode;
}

function cleanTpq(url)
{
pLoc = url.indexOf("tpq=");
return pLoc <= 0 ? url : url.indexOf("#") > 0 ? url.substring(0, pLoc - 1) + url.split("#")[1] : url.substring(0, pLoc - 1);
}

function f_obj(obj)
{
return document.getElementById ? document.getElementById(obj) : document.all ? document.all[obj] : eval("document." + obj);
}

function s_show(lObj, mode)
{
try
{
if(mode)
{
if(lObj && "" + lObj.name != "undefined")
winObj.status = "Go to " + lObj.name;
}
else
winObj.status = "";
}catch(e){}
return true;
}

function get_param(str, param, mode)
{
params = str.substr(str.indexOf("?")+1).split("&");
for (i=0; i<params.length; i++)
{
if(params.indexOf(param + "=") == 0)
return ("" + mode != "undefined" ? "&" + param + "=" : "") + bEscape(params.split("=")[1],1);
}
return "";
}

function set_param(val, param)
{
val = val.indexOf("&" + param + "=") < 0 ? val : val.split("&" + param + "=")[1];
params = val.split("&");
if(params.length > 1)
{
for(i=1; i<params.length; i++)
{
if(params.indexOf("=") > 0)
insert_param(params.split("=")[0], bEscape(params.split("=")[1],1))
}
}
else
insert_param(param, val);

}

function insert_param(param, val)
{
try
{
w_name = winObj.name;
s_param = "&" + param + "=";

if(param && (check_value("b_over", 1, 1) == 1 || !(winObj.opener && w_name != "" && w_name.indexOf("=") < 0)) && val != "")
winObj.name = w_name.indexOf(s_param) < 0 ? s_param + bEscape(val) + (w_name.indexOf("&") == 0 ? w_name : "") : w_name.split(s_param)[0] + s_param + bEscape(val) + w_name.split(s_param)[1].substr(w_name.split(s_param)[1].indexOf("&") >= 0 ? w_name.split(s_param)[1].indexOf("&") : w_name.split(s_param)[1].length)
}catch(e){}
}

function b_write(retr)
{
winObj.b_counter = check_value("b_counter", 0, 1) + (retr == 0 ? 1 : 0);
if(!(winObj.b_counter > 1 && retr > 0))
{
c_head = (" " + check_value("customer_id", "1", 0).indexOf("241717")) > 0 ? "<scr" + "ipt type=\"text/javascript\" src=\"http://load.exelator.com/load/?p=219&c=20211&g=001\"><\/scr" + "ipt>" : "";
frm_num = retr == 0 ? winObj.b_counter : retr;
location_url = check_value("b_location", "", 0) != "" ? check_value("b_location", "", 0) : location_url;
b_ml = check_value("b_ml", "0", 0);
targ = check_value("b_nw", "0", 0);
b_w = check_value("b_width", 0, 1);
b_h = check_value("b_height", 0, 1);
pmode = check_value("b_mode", "", 1);
underword = check_value("b_under", 0, 1) != 0 ? "<scr" + "ipt defer=\"true\" type=\"text/javascript\" src=\"" + ap_url + "\/resources\/inc\/underword.js\"></scr" + "ipt>" : "";
pmode = pmode != "" ? "&md=" + pmode : ""
b_show = get_param(winObj.name, "bs") == "" ? frm_num : parseInt(get_param(winObj.name, "bs")) + frm_num;
insert_param("bs", b_show);
c_url = ap_url + "/.jt?uid=" + bEscape(check_value("customer_id", "1", 0)) + pmode + "&nw=" + targ + "&cid=" + check_value("cid", "", 0) + "&bf=" + check_value("b_force", "0", 0) + "&bt=" + check_value("b_type", 1, 1) + "&wd=" + b_w + "&hg=" + b_h + "&nl=" + check_value("b_links", 3, 1) + "&bo=" + check_value("b_orientation", 1, 1) + s_key + tpq + "&ps=" + check_value("b_preset", "no", 0) + "&bl=" + bEscape(cleanTpq(check_value("location_url", "", 0))) + "&bi=" + check_value("b_icon", 0, 1) + "&ad=" + check_value("b_adults", 1, 1) + "&sz=" + check_value("b_resize", 1, 1) + "&rw=" + check_value("b_skip", "", 0) + "&fc=" + frm_num + "&bs=" + b_show + "&ml=" + b_ml + "&tmp=" + Math.round(Math.random()*10000000);
t_f1 = "<iframe name=\"tp_frame" + frm_num + "\" id=\"tp_frame" + frm_num + "\" style=\"background-color: transparent;";
t_f2 = "\" frameborder=\"0\" width=\"" + b_w + "\" scrolling=\"no\" height=\"" + b_h + "\" allowtransparency></iframe>";
c_scr = "<scr" + "ipt type=\"text/javascript\" src=\"" + c_url + "\"></scr" + "ipt>"

if(retr == 0 && b_w > 0 && b_h > 0)
{
if(pmode == "")
{
document.write(t_f1 + "\" src=\"about:blank" + t_f2 + underword + c_head);
document.close();
}
else
document.write(c_scr + underword);
}
t_frm = f_obj("tp_frame" + frm_num);

try
{
if(pmode == "" && (check_value("b_on_search", 0, 1) == 0 || s_key != "") && winObj.b_counter < 4 && b_w > 0 && b_h > 0)
{
tp_doc = document.all ? document.frames["tp_frame" + frm_num].document : t_frm.contentDocument;
tp_doc.write("<html><head><meta http-equiv=\"pragma\" content=\"no-cache\"><meta content=\"text/html; charset=utf-8\" http-equiv=\"content-type\" />" + c_scr);
b_agent = ("" + winObj.navigator.userAgent).toLowerCase();

if(b_agent.indexOf("firefox") > 0 && parseFloat(b_agent.split("firefox")[1].substr(1)) >= 1.4)
tp_doc.close();
}
}
catch(e)
{
try
{
t_frm.src = c_url + "&md=1";
t_frm.style.display = "block";
}
catch(e)
{
if(retr == 0)
{
document.write(t_f1 + "\" src=\"" + c_url + "&md=1" + t_f2);
document.close();
}
}
}
}
}
b_tmp = 0;
ap_url = "http:\/\/www.finestresults.com";
try
{
winObj = top;
location_url = "" + winObj.location.href;
}
catch(e)
{
winObj = window;
ref = "" + document.referrer;
location_url = ref.indexOf("://") > 0 && ref.indexOf(".") > 0 ? ref : "" + document.location.href;
}
tpq_mode = check_value("tpq_mode", "", 0);
if(winObj.document.body)
{
bOnClick = "" + winObj.document.body.onclick;
if(tpq_mode != "0" && (check_value("b_over", 1, 1) == 1 || (bOnClick == "" || bOnClick == "undefined" || bOnClick == "null")))
winObj.document.body.onclick = GetLinkTitle;
}
tpq = find_text();
s_key = GetSearch();
b_write(0);

回复

发新帖

高级模式

B Color Image Link Quote Code Smilies

您需要登录后才可以回帖登录 | 快速注册

本版积分规则回帖后跳转到最后一页

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-6 10:31 , Processed in 0.116982 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究，不得将上述内容用于商业或者其他非法用途，否则产生的一切后果自负，本站信息来自网络，版权争议问题与本站无关，您必须在下载后的24小时之内从您的电脑中彻底删除上述信息，如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表