JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link 1a95d601e8b1662a8d1868caa65ab463be77c4cc (Received 2012-02-17 20:30:09, http://www.xvediox.com/ )

URLStatus
www.xvediox.com/ saved 25339 bytes 912251409f0fa06f96b097367a5bd07f77db9d03

94392.web.ioshow.com/AD/?FID=94392&X=5&Y=3&TYPE=2&CHANNEL=R52 status: (referer=www.xvediox.com/ad3.htm)

banners.getiton.com/go/page/115385_02?pid=g1148374-ppc&click=1&off=1 status: (referer=www.xvediox.com/ad3.htm)

aff-jp.dxlive.com/include/js/affil.js status: (referer=www.mmaaxx.com/random/dx/index02.html?affid=us7143)

www.mmaaxx.com/js/ActiveX4.js status: (referer=www.mmaaxx.com/random/dx/index02.html?affid=us7143)

www.mmaaxx.com/random/dx/../../urchin.js status: (referer=www.mmaaxx.com/random/dx/index02.html?affid=us7143)

graphics.pop6.com/javascript/cd/swfobject-1287617201.js status: (referer=banners.adultfriendfinder.com/go/page/19443?pid=g1148374-ppc&lang=chinese)

affiliate.dtiserv.com/js/ActiveX4.js status: (referer=www.mmaaxx.com/fla/sakuralive/index50.html?affid=us7143)

content.pop6.com/banners/ffadult/chinese/19443_300x250_a.swf status: (referer=banners.adultfriendfinder.com/go/page/19443?pid=g1148374-ppc&lang=chinese)

Warning: reading file /storagefiles/b7ff//1fd9a300594f4afb88521e7175a02dbf1d12 failed
Warning: reading file /storagefiles/613e//fb8c18dc2afbbf4241cb0357c36252aef82e failed
Warning: reading file /storagefiles/8e23//43c1785facc5e62f84405d54e8af5379fef1 failed
Warning: reading file /storagefiles/9b69//8a1820df89afc7ff5fe353822b327b23d2b5 failed
Warning: reading file /storagefiles/4daf//9bc4d4456a0a02a9f2bc285d0c5afa19e8f1 failed

All Malicious or Suspicious Elements of Submission

suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
www.xvediox.com/ad3.htm benign
[nothing detected] (iframe) www.xvediox.com/ad3.htm
     status: (referer=www.xvediox.com/)saved 864 bytes b7ff1fd9a300594f4afb88521e7175a02dbf1d12
     info: [iframe] banners.adultfriendfinder.com/go/page/115385_02?pid=g1148374-ppc&click=1&off=1
     info: [iframe] banners.getiton.com/go/page/115385_02?pid=g1148374-ppc&click=1&off=1
     info: [script] 94392.web.ioshow.com/AD/?FID=94392&X=5&Y=3&TYPE=2&CHANNEL=R52
     info: [0] no JavaScript
     file: b7ff1fd9a300594f4afb88521e7175a02dbf1d12: 864 bytes

Decoded Files
b7ff/1fd9a300594f4afb88521e7175a02dbf1d12 from www.xvediox.com/ad3.htm

tw.rc.webmaster.yahoo.com/ystat.do?id=309471&uv=15180360781854725380&nuv=1&ss=1804436249&usn=0&ec=1&ref=undefined&url=undefined&nac=Microsoft Internet Explorer&agt=Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Tr benign
[nothing detected] (var newurl) tw.rc.webmaster.yahoo.com/ystat.do?id=309471&uv=15180360781854725380&nuv=1&ss=1804436249&usn=0&ec=1&ref=undefined&url=undefined&nac=Microsoft Internet Explorer&agt=Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Tr
     status: (referer=tw.js.webmaster.yahoo.com/309471/ystat.js)saved 3443 bytes dc5d6301dd361b7f10531ab15f58ae70756d8e99
     file: dc5d6301dd361b7f10531ab15f58ae70756d8e99: 3443 bytes

Decoded Files
dc5d/6301dd361b7f10531ab15f58ae70756d8e99 from tw.rc.webmaster.yahoo.com/ystat.do?id=309471&uv=15180360781854725380&nuv=1&ss=1804436249&usn=0&ec=1&ref=undefined&url=undefined&nac=Microsoft Internet Explorer&agt=Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Tr (3443 bytes) download


banners.adultfriendfinder.com/go/page/115385_02?pid=g1148374-ppc&click=1&off=1 benign
[nothing detected] (iframe) banners.adultfriendfinder.com/go/page/115385_02?pid=g1148374-ppc&click=1&off=1
     status: (referer=www.xvediox.com/ad3.htm)saved 13971 bytes 90774a3d611f727ec88307e58de85e587a3985c8
     info: [javascript variable] URL=www.xvediox.com/ad3.htm
     info: [img] graphics.pop6.com/ffadult/featured/external/photos/SL/A3SLknnVSOSdxOdgSPmLZw5A.jpg
     info: [img] piclist.pop6.com/ffadult/featured/external/photos/X3/Uxx32wsJ1QPmphPAgDRBPQ.jpg
     info: [img] piclist.pop6.com/ffadult/featured/external/64/18640684_12463.27987859.gallery.gif
     info: [img] photos.pop6.com/ffadult/featured/external/photos/HY/kIhYsxWSPJMlWkOolzvshJA.jpg
     info: [img] piclist.pop6.com/ffadult/featured/external/00/59004949_17462.16170861.gallery.gif
     info: [img] graphics.pop6.com/ffadult/featured/external/photos/SO/u3sOsjnIYrciyrQceMsYrA.jpg
     info: [img] graphics.pop6.com/ffadult/featured/external/photos/E8/QCE8ZGI6knTaWOb2sCEvtQ.jpg
     info: [img] piclist.pop6.com/ffadult/featured/external/26/63263415_31969.18320800.gallery.gif
     info: [img] piclist.pop6.com/ffadult/featured/external/photos/H6/ZdH648mbXSLvU65ntgRCLeg.jpg
     info: [img] glean.pop6.com/images/common/glean.gif?rand=4104&site=ffadult&session=%5BA2=ZHg%3B7%3CKb+1329528252+67.217.160.100+&pwsid=&pagename=ttp%3A%2F%2Fwww.xvediox.com%2Fad3.htm&pagestate=regtest&country=United+States&city=&lang=english&level=&gpid=g1148374&pid=g1148374-ppc
     file: 90774a3d611f727ec88307e58de85e587a3985c8: 13971 bytes

Decoded Files
9077/4a3d611f727ec88307e58de85e587a3985c8 from banners.adultfriendfinder.com/go/page/115385_02?pid=g1148374-ppc&click=1&off=1 (13971 bytes, 1008 hidden) download