我一直在尝试解码被混淆的恶意JScript代码。 JavaScript可能有许多怪异的方式可以用来声明变量或声明和调用函数!我已经尽力阅读文档并自己理解。但是,我觉得我需要一些指导来理解此代码:
var WSSS12 = this[{
sur4a: function (abert, z, n, m) {
return 'W'
},
rich6: '109'
} ['sur4a'](function () {
return true;
}, 0, 0, 1) + {
hun9a: function (abert, z, n, m) {
return 'S'
},
inte9: '97'
} ['hun9a'](function () {
return true;
}, 0, 0, 1) + {
ha5a: function (abert, z, n, m) {
return 'c'
},
lover8: '111'
} ['ha5a'](function () {
return true;
}, 0, 0, 1) + {
st6a: function (abert, z, n, m) {
return 'r'
},
yo6: '122'
} ['st6a'](function () {
return true;
}, 0, 0, 1) + {
your6a: function (abert, z, n, m) {
return 'i'
},
pu4: '94'
} ['your6a'](function () {
return true;
}, 0, 0, 1) + {
dot4a: function (abert, z, n, m) {
return 'p'
},
impri5: '106'
} ['dot4a'](function () {
return true;
}, 0, 0, 1) + {
had446a: function (abert, z, n, m) {
return 't'
},
meta8: '95'
} ['had446a'](function () {
return true;
}, 0, 0, 1)];
var WshShell = WSSS12[{
marbl8a: function (abert, z, n, m) {
return 'C'
},
studi8: '95'
} ['marbl8a'](function () {
return true;
}, 0, 0, 1) + {
meta9a: function (abert, z, n, m) {
return 'r'
},
brig6: '103'
} ['meta9a'](function () {
return true;
}, 0, 0, 1) + {
works9a: function (abert, z, n, m) {
return 'e'
},
this94: '100'
} ['works9a'](function () {
return true;
}, 0, 0, 1) + {
whi5a: function (abert, z, n, m) {
return 'a'
},
pre8: '121'
} ['whi5a'](function () {
return true;
}, 0, 0, 1) + {
shal4a: function (abert, z, n, m) {
return 't'
},
nee6: '112'
} ['shal4a'](function () {
return true;
}, 0, 0, 1) + {
god7a: function (abert, z, n, m) {
return 'e'
},
monum7: '94'
} ['god7a'](function () {
return true;
}, 0, 0, 1) + {
ob7a: function (abert, z, n, m) {
return 'O'
},
fool56: '119'
} ['ob7a'](function () {
return true;
}, 0, 0, 1) + {
de4a: function (abert, z, n, m) {
return 'b'
},
yea4: '125'
} ['de4a'](function () {
return true;
}, 0, 0, 1) + {
sw7a: function (abert, z, n, m) {
return 'j'
},
wars76: '120'
} ['sw7a'](function () {
return true;
}, 0, 0, 1) + {
thou69a: function (abert, z, n, m) {
return 'e'
},
treas5: '107'
} ['thou69a'](function () {
return true;
}, 0, 0, 1) + {
the4a: function (abert, z, n, m) {
return 'c'
},
thee74: '108'
} ['the4a'](function () {
return true;
}, 0, 0, 1) + {
great6a: function (abert, z, n, m) {
return 't'
},
dec8: '119'
} ['great6a'](function () {
return true;
}, 0, 0, 1)]({
per7a: function (abert, z, n, m) {
return 'W'
},
im7: '116'
} ['per7a'](function () {
return true;
}, 0, 0, 1) + {
darke8a: function (abert, z, n, m) {
return 'S'
},
ple9: '117'
} ['darke8a'](function () {
return true;
}, 0, 0, 1) + {
ca6a: function (abert, z, n, m) {
return 'c'
},
sw7: '99'
} ['ca6a'](function () {
return true;
}, 0, 0, 1) + {
arre6a: function (abert, z, n, m) {
return 'r'
},
th5: '118'
} ['arre6a'](function () {
return true;
}, 0, 0, 1) + {
point7a: function (abert, z, n, m) {
return 'i'
},
plac7: '111'
} ['point7a'](function () {
return true;
}, 0, 0, 1) + {
which5a: function (abert, z, n, m) {
return 'p'
},
se5: '97'
} ['which5a'](function () {
return true;
}, 0, 0, 1) + {
th4a: function (abert, z, n, m) {
return 't'
},
shal8: '99'
} ['th4a'](function () {
return true;
}, 0, 0, 1) + {
were5a: function (abert, z, n, m) {
return '.'
},
wi8: '98'
} ['were5a'](function () {
return true;
}, 0, 0, 1) + {
turn7a: function (abert, z, n, m) {
return 'S'
},
decay4: '98'
} ['turn7a'](function () {
return true;
}, 0, 0, 1) + {
bro4a: function (abert, z, n, m) {
return 'h'
},
gi8: '117'
} ['bro4a'](function () {
return true;
}, 0, 0, 1) + {
rich6a: function (abert, z, n, m) {
return 'e'
},
monu4: '116'
} ['rich6a'](function () {
return true;
}, 0, 0, 1) + {
ne5a: function (abert, z, n, m) {
return 'l'
},
tott8: '113'
} ['ne5a'](function () {
return true;
}, 0, 0, 1) + {
pa4a: function (abert, z, n, m) {
return 'l'
},
your36: '94'
} ['pa4a'](function () {
return true;
}, 0, 0, 1));
从示例中的另一个write up,我知道这一行转换为以下内容:
var WshShell = WSSS12[{CreateObject}]({WScript.Shell});
我想了解如何。