We can see a couple of things from this partial look at the script. It appears to be using AJAX which isn’t very common in malicious scripts that I’ve run across. I cleaned up the code and came up with this.
There are two functions in this script. The function at the top isn’t called until the second function in the middle is called first. The ‘kjejz’ function gets AJAX ready then gets rid of the text string of “gsoqtecw” from the variable ‘pxomwgzp’. I guess it wasn’t too scary after all! We’re left with decimal values (I inserted the backslash delimiter to convert this manually myself).
The code then converts the decimal to text and we get this.