SetaGet=CreateObject("ADODB.Stream")这个一般都会被杀,简单处理下SetaGet=CreateObject("AD"&"OD"&"B.Stre"&"am")
OK,免杀了,就是字符串分割
2URLEncode解密
一般形式都是用%连接2个16进制字符来看的。我们用的工具可以有http://biweilun.ys168.com/里面script文件夹那里面的URLEncode.rar
范例%62%69%77%65%69%6C%75%6E效果如下:
3进制解密
这个也不难。看前面的前缀一般就能知道是什么进制的网马一般都是16进制加密,常用工具http://biweilun.ys168.com/里面script文件夹那里面的网页加解密.html密文范例:Bf.setAttribute("x63x6Cx61x73x73x69x64","x63x6Cx73x69x64x3Ax42x44x39x36x43x35x35x36x2Dx36x35x41x33x2Dx31x31x44x30x2Dx39x38x33x41x2Dx30x30x43x30x34x46x43x32x39x45x33x36");很明显的16进制
用网页加解密.html直接解,把x63x6Cx61x73x73x69x64","x63x6Cx73x69x64x3Ax42x44x39x36x43x35x35x36x2Dx36x35x41x33x2Dx31x31x44x30x2Dx39x38x33x41x2Dx30x30x43x30x34x46x43x32x39x45x33x36复制进去,选中右边的“选中"x"”点击“16进制解密”按钮效果如下:
