« previous next »
Pages: [1]   Go Down

Author Topic: Why Avast doest not detect?  (Read 1574 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Why Avast doest not detect?
« on: August 26, 2015, 09:14:08 AM »
https://www.virustotal.com/en/url/c9fb29682eaca5158f0a6970d83de928b9738f9fb2090f38654bdb769688bfd5/analysis/1440536619/

and avast doesn't detect
-https://www.virustotal.com/en/file/ac6d6b0b3a56f85e97faa85d26fbd670350c26631b3b511be8c19d9b7e3bea43/analysis/1440536598/

-https://sitecheck.sucuri.net/results/yummybanget.com/

-http://killmalware.com/yummybanget.com/#

Detection credits go to Pondus  ;)

This is the decoding of what Sucuri gives (all live links neatly broken):
Code: [Select]
  document.write(unescape('<head>
<link href='htxp://static5.worldcrunch.com/images/flags/Indonesia.png' rel='shortcut icon'>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 <meta name="Chandra Kirana Saputra />
 <meta name="keywords"content="#"/>

<HEAD>
  <script language="JavaScript">
var brzinakucanja = 200;
var pauzapor = 2000;
var vremeid = null;
var kretanje = false;
var poruka = new Array();
var slporuka = 0;
var bezporuke = 0;
poruka[0] = "...::::[+]Mr. DellatioNx196[+]::::..."

function prikaz() {
   var text = poruka[slporuka];

   if (bezporuke < text.length) {
      if (text.charAt(bezporuke) == " ")
               bezporuke++
           var ttporuka = text.substring(0, bezporuke + 1);
           document.title = ttporuka;
           bezporuke++
           vremeid = setTimeout("prikaz()", brzinakucanja);
            kretanje = true;
   } else {
      bezporuke = 0;
      slporuka++
      if (slporuka == poruka.length)
         slporuka = 0;
      vremeid = setTimeout("prikaz()", pauzapor);
      kretanje = true;
   }
}
function stop() {
   if (kretanje)
      clearTimeout(vremeid);
   kretanje = false
}
function start() {
   stop();
   prikaz();
}
start();
    </script>

<embed src="htxp://2ndsky.org/blog/wp-content/uploads/misc/teriyaki boyz - tokyo drift.mp3" width="0" height="0" allowfullscreen="true" allowscriptaccess="always"></embed>

<center><img src="hxtp://s1.postimg.org/qo65uq13j/incef_new.png" height="450" style="opacity:0.4;filter:alpha(opacity=40)" onmouseover="this.style.opacity=1;this.filters.alpha.opacity=100" onmouseout="this.style.opacity=0.4;this.filters.alpha.opacity=40"  height="400" width="550"><br>
</body>
<script src="htxp://masterendi.googlecode.com/files/salju.js"></script>
</body>




<center>

<br><div style="text-shadow: 0px 0px 4px #EC0707, 0px 0px 4px #EC0707, 0px 0px 4px #EC0707; font-size: 7px; font-weight:bold;"> <span style="font-family: Chiller; font-size: 30px; color:white"> <center><FONT COLOR="red"><FONT SIZE=30><blink>Hacked by Mr. DellatioNx196 </blink></FONT></FONT></center>


<font face="Papyrus" color="purple" size="4"><div>Nothing Security is Perpect Sir ! <img src="htxp://l.yimg.com/us.yimg.com/i/mesg/emoticons7/111.gif"> </div></font>



<center><span class="style4"> Contact Us</span><br></center>
<a href="htxps://www.facebook.com/pages/Indonesian-Cyber-Freedom/643063422426263" target="_blank"><img src="htxp://i41.tinypic.com/334u4w4_th.png"></a>
<a href="htxps://twitter.com/chandraXz196" target="_blank"><img src="htxp://oi43.tinypic.com/2zyepnq.jpg"></a>
  <BR>
  <center>


<body bgcolor="#000" marginwidth="0" marginheight="0" style="background: black url(htxp://i1.ytimg.com/vi/s1OJMWAbR90/maxresdefault.jpg) no-repeat center center fixed; -webkit-background-size: cover; -moz-background-size: cover; -o-background-size: cover; background-size:cover;" onload="type_text()" bottommargin="0" rightmargin="0" leftmargin="0" topmargin="0">


  <head>
  <body>
  <html>

  <head>
  <body>
  <html>

  <head>
  <body>
  <html>

  <head>
  <body>
  <html>

  <head>
  <body>
  <html>

  <head>

  <head>
<em style="font-style: normal">
<span style="widows: 2; text-transform: none; text-indent: 0px; white-space: normal; orphans: 2; letter-spacing: normal; word-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-style: normal; font-variant: normal; font-weight: 700; " class="Apple-style-span">
<span class="Apple-style-span" style="font-weight: 700; word-spacing: 0px; text-transform: none; text-indent: 0px; font-style: normal; white-space: normal; letter-spacing: normal; font-variant: normal; widows: 2; orphans: 2; webkit-text-decorations-in-effect: none; webkit-text-size-adjust: auto; webkit-text-stroke-width: 0px; ">
<span style="font-weight: bold; text-shadow: 0px 0px 12px white">
<span class="Apple-style-span" style="word-spacing: 0px; font-style: normal; font-variant: normal; font-weight: normal; font-family: Cooper Black; text-transform: none; text-indent: 0px; white-space: normal; letter-spacing: normal; widows: 2; orphans: 2; ">
<font color="#FF0000" face="MeninBlue" size="3">
<p>&nbsp;</p>
<p>&nbsp;</p>
  </font></span><font color="#FF0000" face="MeninBlue" size="3">
<span class="Apple-style-span" style="word-spacing: 0px; font-style: normal; font-variant: normal; font-weight: normal; font-family: Cooper Black; text-transform: none; text-indent: 0px; white-space: normal; letter-spacing: normal; widows: 2; orphans: 2; ">
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;<footer id="det" style="margin:0px; padding:0px; position:fixed; left:0px; right:0px; bottom:0px; background:rgb(0,0,0); text-align:center; border-top: 1px solid #58FAF4; border-bottom: 1px solid #58FAF4"><font color="58FAF4" style="margin: 0px; padding: 0px"><font color="#00FFFF" face="Starcraft" style="margin: 0px; padding: 0px">We Are :
</font><b style="margin: 0px; padding: 0px"><font color="#ff0000" size="2" face="Tahoma" style="margin: 0px; padding: 0px">
</font>
</b></font>
<font color="#ff0000" size="2" face="Tahoma" style="margin: 0px; padding: 0px">
<marquee scrollamount="5" scrolldelay="50" width="80%" style="margin: 0px; padding: 0px"><b>  Mr. DellatioNx196 | dEnny_Attacker | SvN_NeVerMore | Cyber_Assasin-0 | ./Cyber_Lol404 | Anarchy99 | Zeuss Dot ID | ./Dandie404 | S_A_Non | BasicAnonymous | MasTafa | ./Demios404NF | ¸Khatszu`| M.Y.S_HB | ./Mr.Chuybi | r//GimbaL||`| ./93MAR41na# | RoxeJR909 | and all member of INDONESIA CYBER FREEDOM ;) </b></marquee>
</font>
</footer>


<!-- --------Cursor--------- -->
<style type='text/css'>body, a, a:link{cursor:url(htxp://4.bp.blogspot.com/-hAF7tPUnmEE/TwGR3lRH0EI/AAAAAAAAAs8/6pki22hc3NE/s1600/ass.png), default;} a:hover {cursor:url(htxp://3.bp.blogspot.com/-bRikgqeZx0Q/TwGR4MUEC7I/AAAAAAAAAtA/isJmS0r35Qw/s1600/pointer.png),wait;}</style>

<script type="text/javascript" src="htxp://id-pemula-javascript.googlecode.com/files/efek-salju.js" /></script><script type="text/javas
    decoding from Sucuri's example with: http://scriptasylum.com/tutorials/encode-decode.html
Injected Javascript not flagged by Avast?

Damian
« Last Edit: August 26, 2015, 09:16:20 AM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »