JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link 34d2def362a9326038f68b1cd68abdf5387e4cb2 (Received 2017-04-17 03:36:29, d4abd36dd1e91f2f3e47de24af065bccf880 )

URLStatus
ww2.search-network-plus.com/rg-erdr.php?_rpo=t status: (referer=ww2.search-network-plus.com/?folio=9POR7JU99)

www.google.com/adsense/domains/ status: (referer=www.google.com/adsense/domains/caf.js)

All Malicious or Suspicious Elements of Submission

suspicious: Warning detected /warning CVE-NO-MATCH Shellcode NOP len 231 /warning CVE-NO-MATCH Shellcode Engine Binary Threshold /warning CVE-NO-MATCH Shellcode Engine Length 65536 /warning CVE-NO-MATCH Shellcode NOP len 253 /warning CVE-NO-MATCH Shellcode NOP len 9999 /warning CVE-NO-MATCH Shellcode NOP len 261899
suspicious: shellcode of length 307/231
malicious: shellcode URL=search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=3
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
malicious: Alert detected /alert CVE-2008-2992 util.printf length (7,296)
suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Length 65536
suspicious: shellcode of length 318/170
malicious: shellcode URL=search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1
d3ujb2t8x8alxd.cloudfront.net/rmgdsc/newcafv2.js?ver=5 benign
[nothing detected] (script) d3ujb2t8x8alxd.cloudfront.net/rmgdsc/newcafv2.js?ver=5
     status: (referer=ww2.search-network-plus.com/?folio=9POR7JU99)saved 10836 bytes b2dbb2e24b2e30797be9355351b3469be52e42c8
     file: b2dbb2e24b2e30797be9355351b3469be52e42c8: 10836 bytes

Decoded Files
b2db/b2e24b2e30797be9355351b3469be52e42c8 from d3ujb2t8x8alxd.cloudfront.net/rmgdsc/newcafv2.js?ver=5 (10836 bytes, 4623 hidden) download


search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=3 benign
[nothing detected] (shellcode) search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=3
     status: (referer=http:/www.ask.com/web?q=puppies)saved 3220 bytes 200697972b7f3b566a97fc1a72a8e1261fc403e8
     info: [frame] search-network-plus.com/?fp=YukVng9uyLd%2F1QyWaLtdqIdkZh4ky1vPL2mtph%2BvvhJPp7E0N%2B9f78zEe9%2B5Jn8lIEwbpBV%2FzQ6dkriwvHoh%2Bw%3D%3D&prvtof=M%2Flvn3zD%2FkUkpUxG8EP%2B%2Fo91oy5fOfDWoW03Hi%2BYePc%2Fjb6QlBUipz5XsZq%2B0urLwGOVDu3wkIs5KXzqRb2IEw%3D%3D&poru=t6EP7e85w4GHjUCv81CXks5DHnwFsTj2x4ZTJku4%2F9TknNCYdrNSGcwxeAgyfRU54yxpLk6ekJW8GrYQGy2ZHgQKWEULRoM0IFcGRYD3Vxw%3D&a=a&st=Internet
     file: 200697972b7f3b566a97fc1a72a8e1261fc403e8: 3220 bytes

Decoded Files
2006/97972b7f3b566a97fc1a72a8e1261fc403e8 from search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=3 (3220 bytes, 134 hidden) download


search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1 benign
[nothing detected] (shellcode) search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1
     status: (referer=http:/www.ask.com/web?q=puppies)saved 3200 bytes 595d07c142ba24fb090924ea1bd5472ee7b35d26
     info: [frame] search-network-plus.com/?fp=dNe0%2FQvEvQ9ktQNkaox8fCmpR11M9XBEVcghiJaUqJRTUUX8sC%2FZku%2BQYIvHKZLny%2BC7VJHTiCBs%2FSnkiJXxRg%3D%3D&prvtof=%2FrIMYEW%2BwKQLCDA37EJH8jtmOiqOWkvN1Sf0RfDcdKOG5AdEjmwocQorAzIxIFkxhYkFNsgR5ygYRcvZh%2B12xg%3D%3D&poru=dicX68sbOEpHL6Uqs10UndQ9poJG1lYd9haBlh2bm2UN5ogvH1cGHwiTTB4OYvvd7dRBYoFWgbGSU4%2BLY27I1aOpDQFc8YjgXx1X5Sp0d8E%3D&a=a&st=Internet
     file: 595d07c142ba24fb090924ea1bd5472ee7b35d26: 3200 bytes

Decoded Files
595d/07c142ba24fb090924ea1bd5472ee7b35d26 from search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1 (3200 bytes, 134 hidden) download


ww2.search-network-plus.com/?folio=9POR7JU99 benign
[nothing detected] (metarefresh) ww2.search-network-plus.com/?folio=9POR7JU99
     status: (referer=search-network-plus.com/?fp=dNe0/QvEvQ9ktQNkaox8fCmpR11M9XBEVcghiJaUqJRTUUX8sC/Zku+QYIvHKZLny+C7VJHTiCBs/SnkiJXxRg==&prvtof=/rIMYEW+wKQLCDA37EJH8jtmOiqOWkvN1Sf0RfDcdKOG5AdEjmwocQorAzIxIFkxhYkFNsgR5ygYRcvZh+12xg==&poru=dicX68sbOEpHL6Uqs10UndQ9poJG1lYd9haBlh2bm2UN5ogvH1cGHwiTTB4OYvvd7dRBYoFWgbGSU4+LY27I1aOpDQFc8YjgXx1X5Sp0d8E=&a=a&st=Internet)saved 14238 bytes 1b56f2c23dd007173f08b73c6b38e887d490f567
     info: [meta refresh] URL=ww2.search-network-plus.com/rg-erdr.php?_rpo=t
     info: [script] ww2.search-network-plus.com/px.js?ch=1
     info: [script] ww2.search-network-plus.com/px.js?ch=2
     info: [script] www.google.com/adsense/domains/caf.js
     info: [img] d3sxcf6d4hxjd9.cloudfront.net/rmgpsc/7867/logo1.png
     info: [script] d3ujb2t8x8alxd.cloudfront.net/rmgdsc/newcafv2.js?ver=5
     file: 1b56f2c23dd007173f08b73c6b38e887d490f567: 14238 bytes

Decoded Files
1b56/f2c23dd007173f08b73c6b38e887d490f567 from ww2.search-network-plus.com/?folio=9POR7JU99 (14238 bytes, 754 hidden) download


upload malicious
[malicious:10] upload
     suspicious: Warning detected /warning CVE-NO-MATCH Shellcode NOP len 231 /warning CVE-NO-MATCH Shellcode Engine Binary Threshold /warning CVE-NO-MATCH Shellcode Engine Length 65536 /warning CVE-NO-MATCH Shellcode NOP len 253 /warning CVE-NO-MATCH Shellcode NOP len 9999 /warning CVE-NO-MATCH Shellcode NOP len 261899
     suspicious: shellcode of length 307/231
     malicious: shellcode URL=search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=3
     info: [decodingLevel=0] found JavaScript
     error: undefined function sly
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
     malicious: Alert detected /alert CVE-2008-2992 util.printf length (7,296)
     suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Length 65536
     suspicious: shellcode of length 318/170
     malicious: shellcode URL=search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1
     info: file: saved upload to (5494d4abd36dd1e91f2f3e47de24af065bccf880)
     file: 5494d4abd36dd1e91f2f3e47de24af065bccf880: 6784 bytes
     file: be7f8a77f560360e6ba0956f7f0855f26ce3e9a4: 307 bytes
     file: 401cf85e708bfa1744d566a7007abe8db3495b90: 7127 bytes
     file: 09cefb24a588ab0fc1dac483667d263110415dc0: 1106 bytes
     file: 28411df7f727d776ae20e9c19a9f617dddad2f75: 318 bytes

Decoded Files
5494/d4abd36dd1e91f2f3e47de24af065bccf880 from upload (6784 bytes) download

be7f/8a77f560360e6ba0956f7f0855f26ce3e9a4 from upload (307 bytes, 127 hidden) download

401c/f85e708bfa1744d566a7007abe8db3495b90 from upload (7127 bytes) download

09ce/fb24a588ab0fc1dac483667d263110415dc0 from upload (1106 bytes) download

2841/1df7f727d776ae20e9c19a9f617dddad2f75 from upload (318 bytes, 120 hidden) download


search-network-plus.com/?fp=YukVng9uyLd/1QyWaLtdqIdkZh4ky1vPL2mtph+vvhJPp7E0N+9f78zEe9+5Jn8lIEwbpBV/zQ6dkriwvHoh+w==&prvtof=M/lvn3zD/kUkpUxG8EP+/o91oy5fOfDWoW03Hi+YePc/jb6QlBUipz5XsZq+0urLwGOVDu3wkIs5KXzqRb2IEw==&poru=t6EP7e85w4GHjUCv81CXks5DHnwFsTj2x4ZTJ benign
[nothing detected] (frame) search-network-plus.com/?fp=YukVng9uyLd/1QyWaLtdqIdkZh4ky1vPL2mtph+vvhJPp7E0N+9f78zEe9+5Jn8lIEwbpBV/zQ6dkriwvHoh+w==&prvtof=M/lvn3zD/kUkpUxG8EP+/o91oy5fOfDWoW03Hi+YePc/jb6QlBUipz5XsZq+0urLwGOVDu3wkIs5KXzqRb2IEw==&poru=t6EP7e85w4GHjUCv81CXks5DHnwFsTj2x4ZTJku4/9TknNCYdrNSGcwxeAgyfRU54yxpLk6ekJW8GrYQGy2ZHgQKWEULRoM0IFcGRYD3Vxw=&a=a&st=Internet
     status: (referer=search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=3)saved 827 bytes b3155a7a01fd86ea26de0209705dadfb155e64ae
     info: [javascript variable] URL=ww2.search-network-plus.com/?folio=9POR7JU99
     info: [meta refresh] URL=ww2.search-network-plus.com/?folio=9POR7JU99
     file: b3155a7a01fd86ea26de0209705dadfb155e64ae: 827 bytes

Decoded Files
b315/5a7a01fd86ea26de0209705dadfb155e64ae from search-network-plus.com/?fp=YukVng9uyLd/1QyWaLtdqIdkZh4ky1vPL2mtph+vvhJPp7E0N+9f78zEe9+5Jn8lIEwbpBV/zQ6dkriwvHoh+w==&prvtof=M/lvn3zD/kUkpUxG8EP+/o91oy5fOfDWoW03Hi+YePc/jb6QlBUipz5XsZq+0urLwGOVDu3wkIs5KXzqRb2IEw==&poru=t6EP7e85w4GHjUCv81CXks5DHnwFsTj2x4ZTJ (827 bytes, 39 hidden) download


ww2.search-network-plus.com/px.js?ch=2 benign
[nothing detected] (script) ww2.search-network-plus.com/px.js?ch=2
     status: (referer=ww2.search-network-plus.com/?folio=9POR7JU99)saved 346 bytes 9c2c50edcf576453ccc07bf65668bd23c76e8663
     file: 9c2c50edcf576453ccc07bf65668bd23c76e8663: 346 bytes

Decoded Files
9c2c/50edcf576453ccc07bf65668bd23c76e8663 from ww2.search-network-plus.com/px.js?ch=2 (346 bytes) download


ww2.search-network-plus.com/px.js?ch=1 benign
[nothing detected] (script) ww2.search-network-plus.com/px.js?ch=1
     status: (referer=ww2.search-network-plus.com/?folio=9POR7JU99)saved 346 bytes 9c2c50edcf576453ccc07bf65668bd23c76e8663
     file: 9c2c50edcf576453ccc07bf65668bd23c76e8663: 346 bytes

Decoded Files
9c2c/50edcf576453ccc07bf65668bd23c76e8663 from ww2.search-network-plus.com/px.js?ch=1 (346 bytes) download


www.google.com/adsense/domains/caf.js benign
[nothing detected] (script) www.google.com/adsense/domains/caf.js
     status: (referer=ww2.search-network-plus.com/?folio=9POR7JU99)saved 293492 bytes 5cc55b929e67b62dcd824c503c121f00bbd46a7b
     info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
     info: [img] pagead2.googlesyndication.com/pagead/images/white.png
     info: [img] pagead2.googlesyndication.com/pagead/images/black.png
     info: [img] www.gstatic.com/domainads/images/chevron-white.png
     info: [img] www.google.com/adsense/domains/
     info: [iframe] www.google.com/adsense/domains/
     info: [img] www.gstatic.com/images/icons/material/system/1x/grey600_18dp.png
     info: [img] www.google.com/adsense/domains/data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABUAAAAVCAYAAACpF6WWAAAAXklEQVQ4y2P4/8/A7Uxw6ih2CWwAwMgvg+iqWUoyMD3QAySvE8NQ5ENfE8Nl2IYCBKkxFCsBlJiKE4DKTH0PtRAEE5AD+RB5VKahCnNYp9m6ZRmOYo6eX+0kCYbAwBPgxTnnBag1wAAAABJRU5ErkJggg==
     info: [img] www.google.com/adsense/domains/data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABUAAAAVCAYAAACpF6WWAAAAXElEQVQ4y2P4/8/A7Uxw6ihuCUZGAyA+D6UxgDkGgoyEMR4j81gSlz6HpfB5BqK12BKDMVpMKWGYjWYGoaCQALUUBC+PyhdSvUwpXrs0ySd0ixHUTfvjxbSZGEA/QcU5yLp498AAAAASUVORK5CYII=
     info: [img] www.gstatic.com/images/icons/material/system/1x/18dp.png
     info: [img] afs.googleusercontent.com/amazon/icon-offsite-sl-7069-t4._V171196157_.png
     info: [img] www.google.com/adsense/domains/+T(t.url)+
     info: [script] www.google.com/adsense/domains/
     file: 5cc55b929e67b62dcd824c503c121f00bbd46a7b: 293492 bytes

Decoded Files
5cc5/5b929e67b62dcd824c503c121f00bbd46a7b from www.google.com/adsense/domains/caf.js (293492 bytes, 24 hidden) download


search-network-plus.com/?fp=dNe0/QvEvQ9ktQNkaox8fCmpR11M9XBEVcghiJaUqJRTUUX8sC/Zku+QYIvHKZLny+C7VJHTiCBs/SnkiJXxRg==&prvtof=/rIMYEW+wKQLCDA37EJH8jtmOiqOWkvN1Sf0RfDcdKOG5AdEjmwocQorAzIxIFkxhYkFNsgR5ygYRcvZh+12xg==&poru=dicX68sbOEpHL6Uqs10UndQ9poJG1lYd9haBl benign
[nothing detected] (frame) search-network-plus.com/?fp=dNe0/QvEvQ9ktQNkaox8fCmpR11M9XBEVcghiJaUqJRTUUX8sC/Zku+QYIvHKZLny+C7VJHTiCBs/SnkiJXxRg==&prvtof=/rIMYEW+wKQLCDA37EJH8jtmOiqOWkvN1Sf0RfDcdKOG5AdEjmwocQorAzIxIFkxhYkFNsgR5ygYRcvZh+12xg==&poru=dicX68sbOEpHL6Uqs10UndQ9poJG1lYd9haBlh2bm2UN5ogvH1cGHwiTTB4OYvvd7dRBYoFWgbGSU4+LY27I1aOpDQFc8YjgXx1X5Sp0d8E=&a=a&st=Internet
     status: (referer=search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1)saved 827 bytes b3155a7a01fd86ea26de0209705dadfb155e64ae
     info: [javascript variable] URL=ww2.search-network-plus.com/?folio=9POR7JU99
     info: [meta refresh] URL=ww2.search-network-plus.com/?folio=9POR7JU99
     file: b3155a7a01fd86ea26de0209705dadfb155e64ae: 827 bytes

Decoded Files
b315/5a7a01fd86ea26de0209705dadfb155e64ae from search-network-plus.com/?fp=dNe0/QvEvQ9ktQNkaox8fCmpR11M9XBEVcghiJaUqJRTUUX8sC/Zku+QYIvHKZLny+C7VJHTiCBs/SnkiJXxRg==&prvtof=/rIMYEW+wKQLCDA37EJH8jtmOiqOWkvN1Sf0RfDcdKOG5AdEjmwocQorAzIxIFkxhYkFNsgR5ygYRcvZh+12xg==&poru=dicX68sbOEpHL6Uqs10UndQ9poJG1lYd9haBl (827 bytes, 39 hidden) download