JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link 0636de317eecf6defe9d364601553614d8687b02 (Received 2018-05-15 03:35:27, script )

URLStatus
img src="https:/client.hsbc.fr/elyspc/epcImages/new/digipass-on.gif" status: (referer=http:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -3] Temporary failure in name resolution>

img src="https:/client.hsbc.fr/elyspc/epcImages/new/digipass-activation-5.gif" width="162" height="179" border="0" status: (referer=http:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -3] Temporary failure in name resolution>

hsbc.fr/1/PA_esf-ca-app-content/content/pws/rbwm/static/scripts/closeDoormat.js status: (referer=hsbc.fr/1/2/hsbc-france/particuliers)

hsbc.fr/HBFR_TSkins/themes/html/french/adaptive/js/browser-detect-min.js status: (referer=hsbc.fr/1/2/hsbc-france/particuliers)

img src="https:/client.hsbc.fr/elyspc/epcImages/new/abandonner.png" border="0" status: (referer=http:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -3] Temporary failure in name resolution>

hsbc.fr/HBFR_TSkins/themes/html/french/js/compiled.js status: (referer=hsbc.fr/)

tags.tiqcdn.com/utag/hsbc/fr-rbwm/prod/utag.sync.js status: (referer=hsbc.fr/)

hsbc.fr/HBFR_TSkins/themes/html/french/js/browser-detect-min.js status: (referer=hsbc.fr/)

hsbc.fr/1/PA_esf-ca-app-content/content/pws/scripts/nav-touch.js status: (referer=hsbc.fr/1/2/hsbc-france/particuliers)

www.hsbc.fr/HBFR_TSkins/themes/html/french/js/jQuery.v1.8.2/jquery-min.js status: (referer=www.hsbc.fr/'")

hsbc.fr/1/PA_esf-ca-app-content/content/pws/rbwm/static/eucookie/js/jQuery.DNT.FR.js status: (referer=hsbc.fr/1/2/hsbc-france/particuliers)

input class="image" src="https:/client.hsbc.fr/elyspc/epcImages/new/valider.png" onclick="otp($(' status: (referer=http:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -3] Temporary failure in name resolution>

a href="https:/client.hsbc.fr/cgi-bin/emepc?objectid=5C6DEB21189B7A18C88529A8FE0D4DE90C132B46FB908F7C" status: (referer=http:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -3] Temporary failure in name resolution>

hsbc.fr/HBFR_TSkins/themes/html/french/js/jQuery.v1.8.2/jquery-min.js status: (referer=hsbc.fr/)

www.hsbc.fr/HBFR_TSkins/themes/html/french/js/compiled.js status: (referer=www.hsbc.fr/'")

www.hsbc.fr/1/2/hsbc-france/particuliers status: (referer=www.hsbc.fr/'")

hsbc.fr/HBFR_TSkins/themes/html/french/js/default.js status: (referer=hsbc.fr/)

hsbc.fr/1/PA_esf-ca-app-content/content/pws/rbwm/static/scripts/doormatTimer.js status: (referer=hsbc.fr/1/2/hsbc-france/particuliers)

hsbc.fr/HBFR_TSkins/themes/html/french/adaptive/js/mobile-default.js status: (referer=hsbc.fr/1/2/hsbc-france/particuliers)

All Malicious or Suspicious Elements of Submission

suspicious: shellcode of length 9990/136375
malicious: shellcode URL=hsbc.fr
malicious: shellcode URL=www.hsbc.fr/'"
malicious: shellcode URL=input class="image" src="https:/client.hsbc.fr/elyspc/epcImages/new/valider.png" onclick="otp($('
malicious: shellcode URL=a href="https:/client.hsbc.fr/cgi-bin/emepc?objectid=5C6DEB21189B7A18C88529A8FE0D4DE90C132B46FB908F7C"
malicious: shellcode URL=img src="https:/client.hsbc.fr/elyspc/epcImages/new/abandonner.png" border="0"
malicious: shellcode URL=img src="https:/client.hsbc.fr/elyspc/epcImages/new/digipass-activation-5.gif" width="162" height="179" border="0"
malicious: shellcode URL=img src="https:/client.hsbc.fr/elyspc/epcImages/new/digipass-on.gif"
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
script malicious
[malicious:8] script
     info: [decodingLevel=0] found JavaScript
     error: undefined variable $
     error: undefined function $
     suspicious: shellcode of length 9990/136375
     malicious: shellcode URL=hsbc.fr
     malicious: shellcode URL=www.hsbc.fr/'"
     malicious: shellcode URL=input class="image" src="https:/client.hsbc.fr/elyspc/epcImages/new/valider.png" onclick="otp($('
     malicious: shellcode URL=a href="https:/client.hsbc.fr/cgi-bin/emepc?objectid=5C6DEB21189B7A18C88529A8FE0D4DE90C132B46FB908F7C"
     malicious: shellcode URL=img src="https:/client.hsbc.fr/elyspc/epcImages/new/abandonner.png" border="0"
     malicious: shellcode URL=img src="https:/client.hsbc.fr/elyspc/epcImages/new/digipass-activation-5.gif" width="162" height="179" border="0"
     malicious: shellcode URL=img src="https:/client.hsbc.fr/elyspc/epcImages/new/digipass-on.gif"
     info: [1] no JavaScript
     info: file: saved script to (cd32e67aaff13fc2c9e98b23aac3026c53b9e717)
     file: cd32e67aaff13fc2c9e98b23aac3026c53b9e717: 547843 bytes
     file: fe1b5b80135a2251b1b3db94d514b410c9aebcf9: 11447 bytes
     file: 3f1cb9b90c2e50f71a5410cca24378d54c3bb8bb: 9990 bytes

Decoded Files
cd32/e67aaff13fc2c9e98b23aac3026c53b9e717 from script (547843 bytes) download

fe1b/5b80135a2251b1b3db94d514b410c9aebcf9 from script (11447 bytes) download

3f1c/b9b90c2e50f71a5410cca24378d54c3bb8bb from script (9990 bytes, 18 hidden) download


www.hsbc.fr/HBFR_TSkins/themes/html/french/js/default.js benign
[nothing detected] (script) www.hsbc.fr/HBFR_TSkins/themes/html/french/js/default.js
     status: (referer=www.hsbc.fr/'")saved 17696 bytes 753258121a5152b2a2167b57528d7c1a8cc03a08
     file: 753258121a5152b2a2167b57528d7c1a8cc03a08: 17696 bytes

Decoded Files
7532/58121a5152b2a2167b57528d7c1a8cc03a08 from www.hsbc.fr/HBFR_TSkins/themes/html/french/js/default.js (17696 bytes) download


www.hsbc.fr/'" benign
[nothing detected] (shellcode) www.hsbc.fr/'"
     status: (referer=http:/www.ask.com/web?q=puppies)saved 4203 bytes b32d674e13e68c431ee48e79858e939e2d2c3db1
     info: [meta refresh] URL=www.hsbc.fr/1/2/hsbc-france/particuliers
     info: [script] tags.tiqcdn.com/utag/hsbc/fr-rbwm/prod/utag.sync.js
     info: [script] www.hsbc.fr/HBFR_TSkins/themes/html/french/js/browser-detect-min.js
     info: [script] www.hsbc.fr/HBFR_TSkins/themes/html/french/js/jQuery.v1.8.2/jquery-min.js
     info: [script] www.hsbc.fr/HBFR_TSkins/themes/html/french/js/compiled.js
     info: [script] www.hsbc.fr/HBFR_TSkins/themes/html/french/js/default.js
     info: [img] www1.member-hsbc-group.com/dcsajh4v2100005q6s/njs.gif?dcsuri=/nojavascript&amp;WT.js=No
     file: b32d674e13e68c431ee48e79858e939e2d2c3db1: 4203 bytes

Decoded Files
b32d/674e13e68c431ee48e79858e939e2d2c3db1 from www.hsbc.fr/'" (4203 bytes, 380 hidden) download


www.hsbc.fr/HBFR_TSkins/themes/html/french/js/browser-detect-min.js benign
[nothing detected] (script) www.hsbc.fr/HBFR_TSkins/themes/html/french/js/browser-detect-min.js
     status: (referer=www.hsbc.fr/'")saved 5144 bytes 1e9b7e7cb893647138043b8928a6401c66325d4e
     file: 1e9b7e7cb893647138043b8928a6401c66325d4e: 5144 bytes

Decoded Files
1e9b/7e7cb893647138043b8928a6401c66325d4e from www.hsbc.fr/HBFR_TSkins/themes/html/french/js/browser-detect-min.js (5144 bytes, 565 hidden) download


hsbc.fr/1/2/hsbc-france/particuliers benign
[nothing detected] (metarefresh) hsbc.fr/1/2/hsbc-france/particuliers
     status: (referer=hsbc.fr/)saved 113312 bytes 60fdea116d05ce7b7ce3277b46b4eb29f4cefa47
     info: [script] tags.tiqcdn.com/utag/hsbc/fr-rbwm/prod/utag.sync.js
     info: [script] hsbc.fr/HBFR_TSkins/themes/html/french/adaptive/js/browser-detect-min.js
     info: [script] hsbc.fr/HBFR_TSkins/themes/html/french/js/jQuery.v1.8.2/jquery-min.js
     info: [script] hsbc.fr/HBFR_TSkins/themes/html/french/js/compiled.js
     info: [script] hsbc.fr/HBFR_TSkins/themes/html/french/js/default.js
     info: [script] hsbc.fr/HBFR_TSkins/themes/html/french/adaptive/js/mobile-default.js
     info: [img] hsbc.fr/1/PA_esf-ca-app-content/content/pws/rbwm/static/images/layout/text.png
     info: [script] hsbc.fr/1/PA_esf-ca-app-content/content/pws/rbwm/static/scripts/doormatTimer.js
     info: [script] hsbc.fr/1/PA_esf-ca-app-content/content/pws/scripts/nav-touch.js
     info: [img] hsbc.fr/1/PA_esf-ca-app-content/content/pws/rbwm/emprunter/common/9111_FR_231x115.jpg
     info: [img] hsbc.fr/1/PA_esf-ca-app-content/content/pws/rbwm/emprunter/common/M230x115.jpg
     info: [img] hsbc.fr/1/PA_esf-ca-app-content/content/pws/rbwm/static/images/content/close.png
     info: [img] hsbc.fr/1/PA_esf-ca-app-content/content/pws/rbwm/emprunter/common/touchID_230x300.jpg
     info: [script] hsbc.fr/1/PA_esf-ca-app-content/content/pws/rbwm/static/scripts/closeDoormat.js
     info: [img] hsbc.fr/1/PA_esf-ca-app-content/content/pws/cmb/static/images/icone-info.gif
     info: [img] hsbc.fr/1/PA_esf-ca-app-content/content/pws/rbwm/static/images/placeholders/9910_FR_HSBC_E640x320.jpg
     info: [img] hsbc.fr/1/PA_esf-ca-app-content/content/pws/rbwm/ouvertureagence/C220x160.jpg
     info: [img] hsbc.fr/1/PA_esf-ca-app-content/content/pws/rbwm/ouvertureagence/0925_Infographie-PoP_220X160.jpg
     info: [img] hsbc.fr/1/PA_esf-ca-app-content/content/pws/rbwm/ouvertureagence/9701_FR_O220x160.jpg
     info: [img] hsbc.fr/1/PA_esf-ca-app-content/content/pws/rbwm/static/images/placeholders/interim-results-Q3-2014_220x50px.jpg
     info: [img] hsbc.fr/1/PA_esf-ca-app-content/content/pws/rbwm/static/images/placeholders/220x160_mobile.jpg
     info: [img] hsbc.fr/1/content/pws/rbwm/static/images/placeholders/icon.png
     info: [img] hsbc.fr/1/content/pws/rbwm/static/images/placeholders/button-fr.jpg
     info: [script] hsbc.fr/1/PA_esf-ca-app-content/content/pws/rbwm/static/eucookie/js/jQuery.DNT.FR.js
     info: [img] www1.member-hsbc-group.com/dcsajh4v2100005q6s/njs.gif?dcsuri=/nojavascript&amp;WT.js=No
     file: 60fdea116d05ce7b7ce3277b46b4eb29f4cefa47: 113312 bytes

Decoded Files
60fd/ea116d05ce7b7ce3277b46b4eb29f4cefa47 from hsbc.fr/1/2/hsbc-france/particuliers (113312 bytes, 20769 hidden) download


hsbc.fr/ benign
[nothing detected] (shellcode) hsbc.fr/
     status: (referer=http:/www.ask.com/web?q=puppies)saved 4203 bytes b32d674e13e68c431ee48e79858e939e2d2c3db1
     info: [meta refresh] URL=hsbc.fr/1/2/hsbc-france/particuliers
     info: [script] tags.tiqcdn.com/utag/hsbc/fr-rbwm/prod/utag.sync.js
     info: [script] hsbc.fr/HBFR_TSkins/themes/html/french/js/browser-detect-min.js
     info: [script] hsbc.fr/HBFR_TSkins/themes/html/french/js/jQuery.v1.8.2/jquery-min.js
     info: [script] hsbc.fr/HBFR_TSkins/themes/html/french/js/compiled.js
     info: [script] hsbc.fr/HBFR_TSkins/themes/html/french/js/default.js
     info: [img] www1.member-hsbc-group.com/dcsajh4v2100005q6s/njs.gif?dcsuri=/nojavascript&amp;WT.js=No
     info: [decodingLevel=0] found JavaScript
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
     file: b32d674e13e68c431ee48e79858e939e2d2c3db1: 4203 bytes
     file: 38e690f87d68c82ccbf412d241faa440b29cada9: 4760 bytes
     file: 58ccbc7f98a7aa7dfea47daa0d665e0587080529: 4766 bytes
     file: 65ea2a7a833d488ae53c9cba3c4c0a0e3b3cb170: 4975 bytes
     file: e8beb1e59af81f476975f23b8a277d33494c781a: 5167 bytes
     file: 24d92aef1ee1eeb67e67cd8635b9ef5b3fc199bc: 4881 bytes
     file: c88e5671b427392cb851ad39220b2ef6b4b2f322: 5005 bytes
     file: 9be002f43f8fdb73dc028d25b95419c2a47e9261: 4373 bytes
     file: cd2527be182ba19239e489321295cc6821757afb: 4379 bytes
     file: 6bab2ded51ddcd073678bab69f72aa1ec7c935bb: 4588 bytes
     file: 5b3f0e69d64e0b760459e016407a25b417b650df: 4780 bytes
     file: 0ab9802b9c7525426f8d7cb0afa7decbaaf08952: 4494 bytes
     file: b014060af9299a3d4409481b577c7cdb4804033f: 4618 bytes

Decoded Files
b32d/674e13e68c431ee48e79858e939e2d2c3db1 from hsbc.fr/ (4203 bytes, 380 hidden) download

38e6/90f87d68c82ccbf412d241faa440b29cada9 from hsbc.fr/ (4760 bytes, 184 hidden) download

58cc/bc7f98a7aa7dfea47daa0d665e0587080529 from hsbc.fr/ (4766 bytes, 184 hidden) download

65ea/2a7a833d488ae53c9cba3c4c0a0e3b3cb170 from hsbc.fr/ (4975 bytes, 184 hidden) download

e8be/b1e59af81f476975f23b8a277d33494c781a from hsbc.fr/ (5167 bytes, 184 hidden) download

24d9/2aef1ee1eeb67e67cd8635b9ef5b3fc199bc from hsbc.fr/ (4881 bytes, 184 hidden) download

c88e/5671b427392cb851ad39220b2ef6b4b2f322 from hsbc.fr/ (5005 bytes, 184 hidden) download

9be0/02f43f8fdb73dc028d25b95419c2a47e9261 from hsbc.fr/ (4373 bytes, 384 hidden) download

cd25/27be182ba19239e489321295cc6821757afb from hsbc.fr/ (4379 bytes, 384 hidden) download

6bab/2ded51ddcd073678bab69f72aa1ec7c935bb from hsbc.fr/ (4588 bytes, 384 hidden) download

5b3f/0e69d64e0b760459e016407a25b417b650df from hsbc.fr/ (4780 bytes, 384 hidden) download

0ab9/802b9c7525426f8d7cb0afa7decbaaf08952 from hsbc.fr/ (4494 bytes, 384 hidden) download

b014/060af9299a3d4409481b577c7cdb4804033f from hsbc.fr/ (4618 bytes, 384 hidden) download