JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link c30213634c490d3e29b980b57d6def05b54766b8 (Received 2017-11-07 10:02:46, http-exploit.pcap )

URLStatus
hifgejig.cn/nuc/exe.php status: (referer=hifgejig.cn/nuc/)failure: <urlopen error [Errno -2] Name or service not known>

upload

All Malicious or Suspicious Elements of Submission

malicious: MSOfficeSnapshotViewer CVE-2008-2463 detected F0E42D60-368C-11D0-AD81-00A0C90DC8D9
malicious: MSIENestedSpan CVE-2008-4844 detected
hifgejig.cn/nuc/spl/ benign
[nothing detected] GET hifgejig.cn/nuc/spl/
     info: [0] no JavaScript
     file: bbe59098c643a4ec8eaa53e3decd1ea87a77fe28: 276 bytes

Decoded Files
bbe5/9098c643a4ec8eaa53e3decd1ea87a77fe28 from hifgejig.cn/nuc/spl/ (276 bytes) download


hifgejig.cn/nuc/ malicious
[malicious:8] (ipaddr:91.212.41.119) GET hifgejig.cn/nuc/
     info: [decodingLevel=0] found JavaScript
     info: DecodedGenericCLSID detected F0E42D60-368C-11D0-AD81-00A0C90DC8D9
     malicious: MSOfficeSnapshotViewer CVE-2008-2463 detected F0E42D60-368C-11D0-AD81-00A0C90DC8D9
     malicious: MSIENestedSpan CVE-2008-4844 detected
     info: [javascript variable] URL=hifgejig.cn/nuc/exe.php
     info: [var jbmoveazk] URL=hifgejig.cn/nuc/
     info: [var newurl] URL=hifgejig.cn/nuc/
     info: [decodingLevel=1] found JavaScript
     error: line:84: SyntaxError: missing ; before statement:
          error: line:84: xmlcode = "<xml id="I"><x><c> <![CDATA[<image SRC=http:/&#x0a0a;&#x0a0a;.example.com>]]> </c></x></xml><span datasrc="#I" datafld="C" dataformatas="HTML"><xml id="I"></xml><span datasrc="#I" datafld="C" dataformatas="HTML"></span></span>";
          error: line:84: ..........^
     info: file: saved hifgejig.cn/nuc/ to (86c2d76a7ba524487ab518c7fae29dcc60c6fc54)
     file: 86c2d76a7ba524487ab518c7fae29dcc60c6fc54: 32495 bytes
     file: 72c44184b393059686ec3c3a742c612be342af01: 4282 bytes

Decoded Files
86c2/d76a7ba524487ab518c7fae29dcc60c6fc54 from hifgejig.cn/nuc/ (32495 bytes) download

72c4/4184b393059686ec3c3a742c612be342af01 from hifgejig.cn/nuc/ (4282 bytes, 136 hidden) download