JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link 1b9e260a5d5c73c5ece4085348f39a2c363d3a76 (Received 2018-03-13 06:52:40, challenge (2).pcap )

URLStatus
totallynot.evil/undefined status: (referer=totallynot.evil/)failure: <urlopen error [Errno -2] Name or service not known>

upload

qyhrvvpiludc.com/d1133275ee2118be63a577af759fc052/ul/data

All Malicious or Suspicious Elements of Submission

malicious: Alert detected /alert CVE-2010-0249 MSIEUseAfterFree (CreateElement called 499 times)
suspicious: Warning detected /warning CVE-NO-MATCH Shellcode NOP len 1581129 /warning CVE-NO-MATCH Shellcode Engine Length 65536 /warning CVE-NO-MATCH Shellcode NOP len 9999 /warning CVE-NO-MATCH Shellcode Engine Binary Threshold
suspicious: shellcode of length 261824/130912
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
totallynot.evil/ malicious
[malicious:10] (ipaddr:198.19.91.8) GET totallynot.evil/
     info: [img] totallynot.evil/aurora.gif
     info: [decodingLevel=0] found JavaScript
     malicious: Alert detected /alert CVE-2010-0249 MSIEUseAfterFree (CreateElement called 499 times)
     suspicious: Warning detected /warning CVE-NO-MATCH Shellcode NOP len 1581129 /warning CVE-NO-MATCH Shellcode Engine Length 65536 /warning CVE-NO-MATCH Shellcode NOP len 9999 /warning CVE-NO-MATCH Shellcode Engine Binary Threshold
     suspicious: shellcode of length 261824/130912
     info: [element] URL=totallynot.evil/undefined
     info: [1] no JavaScript
     info: file: saved totallynot.evil/ to (c08e879c15299b9ff71980263cadd8fb0000152d)
     file: c08e879c15299b9ff71980263cadd8fb0000152d: 3359 bytes
     file: cef64216670dbcd283e81ad80ed30752084e861d: 823951 bytes
     file: e9e487d7e83c700b26567e3f36b6720a464f0455: 261824 bytes

Decoded Files
c08e/879c15299b9ff71980263cadd8fb0000152d from totallynot.evil/ (3359 bytes, 1188 hidden) download

cef6/4216670dbcd283e81ad80ed30752084e861d from totallynot.evil/ (823951 bytes) download

e9e4/87d7e83c700b26567e3f36b6720a464f0455 from totallynot.evil/ (261824 bytes) download


136.144.187.30/d1133275ee2118be63a577af759fc052 benign
[nothing detected] GET 136.144.187.30/d1133275ee2118be63a577af759fc052
     info: [0] no JavaScript
     file: f069c7e250db9d325259f8685109f96f41afbf9c: 71 bytes
     file: e15eaeb4d9c5208c01b1b12964b40b652dcc9d7c: 48 bytes
     file: 04d347a77c03147af8eb5da3c2fc8c2442e48793: 74 bytes

Decoded Files
f069/c7e250db9d325259f8685109f96f41afbf9c from 136.144.187.30/d1133275ee2118be63a577af759fc052 (71 bytes, 52 hidden) download

e15e/aeb4d9c5208c01b1b12964b40b652dcc9d7c from 136.144.187.30/d1133275ee2118be63a577af759fc052 (48 bytes, 30 hidden) download

04d3/47a77c03147af8eb5da3c2fc8c2442e48793 from 136.144.187.30/d1133275ee2118be63a577af759fc052 (74 bytes) download


totallynot.evil/stage1.exe benign
[nothing detected] [MZ] GET totallynot.evil/stage1.exe
     info: [0] executable file
     info: [decodingLevel=0] found JavaScript
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
     file: ac8af23dc04d7645aa955b30900aba9f0e54d3a0: 1190167 bytes
     file: 5695af03ecb6a4cca01c2aa78614146c501a0aa5: 958594 bytes
     file: caebe10cf2413dc051b8d6c294527db4b82d0c9c: 958600 bytes
     file: 8b7db86f217cac0541121de362678af1d3e02b22: 958809 bytes
     file: bba732d9842e2ec2c109ae033bfa2d2687e6008a: 959001 bytes
     file: 9da2e939ca07e5a0861b999248ed763c7dd2ff9c: 958715 bytes
     file: bc38ed77cb4a3d50cf374f0cbc3169efb10766d4: 958839 bytes

Decoded Files
ac8a/f23dc04d7645aa955b30900aba9f0e54d3a0 from totallynot.evil/stage1.exe (1190167 bytes, 541530 hidden) download

5695/af03ecb6a4cca01c2aa78614146c501a0aa5 from totallynot.evil/stage1.exe (958594 bytes, 309744 hidden) download

caeb/e10cf2413dc051b8d6c294527db4b82d0c9c from totallynot.evil/stage1.exe (958600 bytes, 309744 hidden) download

8b7d/b86f217cac0541121de362678af1d3e02b22 from totallynot.evil/stage1.exe (958809 bytes, 309744 hidden) download

bba7/32d9842e2ec2c109ae033bfa2d2687e6008a from totallynot.evil/stage1.exe (959001 bytes, 309744 hidden) download

9da2/e939ca07e5a0861b999248ed763c7dd2ff9c from totallynot.evil/stage1.exe (958715 bytes, 309744 hidden) download

bc38/ed77cb4a3d50cf374f0cbc3169efb10766d4 from totallynot.evil/stage1.exe (958839 bytes, 309744 hidden) download