JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link 6aa3136de0a6ce93d7cd0c098b916ad92762cbac (Received 2017-04-17 03:36:37, d4abd36dd1e91f2f3e47de24af065bccf880 )

URLStatus
ww2.search-network-plus.com/rg-erdr.php?_rpo=t status: (referer=ww2.search-network-plus.com/?folio=9POR7JU99)

All Malicious or Suspicious Elements of Submission

suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
suspicious: Warning detected /warning CVE-NO-MATCH Shellcode NOP len 231 /warning CVE-NO-MATCH Shellcode Engine Binary Threshold /warning CVE-NO-MATCH Shellcode Engine Length 65536 /warning CVE-NO-MATCH Shellcode NOP len 253 /warning CVE-NO-MATCH Shellcode NOP len 9999 /warning CVE-NO-MATCH Shellcode NOP len 261899
suspicious: shellcode of length 307/231
malicious: shellcode URL=search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=3
malicious: Alert detected /alert CVE-2008-2992 util.printf length (7,296)
suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Length 65536
suspicious: shellcode of length 318/170
malicious: shellcode URL=search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1
search-network-plus.com/?fp=kZdaykAVjmhY7gFmIewSNlaDqp+2lhirxgNB9dXWl5F+O4nf0jc2P8RoAX17kMDaxJRBytdw+g+FDdXNFf2zTg==&prvtof=yy0flwCqa8kznO2TIvrHl1P26Z+yO6Iu1OZN+D0WwPHt85cQKfYuAX++C/d1U8JK+8PP03MHewHBKcbr5g8gEQ==&poru=eCJVmUbwXYtAQrcyQsoxM7RDmZSv6Wc1P7oYP benign
[nothing detected] (frame) search-network-plus.com/?fp=kZdaykAVjmhY7gFmIewSNlaDqp+2lhirxgNB9dXWl5F+O4nf0jc2P8RoAX17kMDaxJRBytdw+g+FDdXNFf2zTg==&prvtof=yy0flwCqa8kznO2TIvrHl1P26Z+yO6Iu1OZN+D0WwPHt85cQKfYuAX++C/d1U8JK+8PP03MHewHBKcbr5g8gEQ==&poru=eCJVmUbwXYtAQrcyQsoxM7RDmZSv6Wc1P7oYP3kyoT96Q/KQY1pcGdhgiUycgjktPy7VoX/uy9i0SU+hnFJV4Lvae06kSRonc0GorF9HAs=&a=a&st=Internet
     status: (referer=search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1)saved 827 bytes b3155a7a01fd86ea26de0209705dadfb155e64ae
     info: [javascript variable] URL=ww2.search-network-plus.com/?folio=9POR7JU99
     info: [meta refresh] URL=ww2.search-network-plus.com/?folio=9POR7JU99
     file: b3155a7a01fd86ea26de0209705dadfb155e64ae: 827 bytes

Decoded Files
b315/5a7a01fd86ea26de0209705dadfb155e64ae from search-network-plus.com/?fp=kZdaykAVjmhY7gFmIewSNlaDqp+2lhirxgNB9dXWl5F+O4nf0jc2P8RoAX17kMDaxJRBytdw+g+FDdXNFf2zTg==&prvtof=yy0flwCqa8kznO2TIvrHl1P26Z+yO6Iu1OZN+D0WwPHt85cQKfYuAX++C/d1U8JK+8PP03MHewHBKcbr5g8gEQ==&poru=eCJVmUbwXYtAQrcyQsoxM7RDmZSv6Wc1P7oYP (827 bytes, 39 hidden) download


search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=3 benign
[nothing detected] (shellcode) search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=3
     status: (referer=http:/www.ask.com/web?q=puppies)saved 19 bytes 175b8ceb0a406bdf015edeb59d2847be2fe4f847
     file: 175b8ceb0a406bdf015edeb59d2847be2fe4f847: 19 bytes

Decoded Files
175b/8ceb0a406bdf015edeb59d2847be2fe4f847 from search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=3 (19 bytes) download


search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1 benign
[nothing detected] (shellcode) search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1
     status: (referer=http:/www.ask.com/web?q=puppies)saved 3210 bytes 9761557763c0c90c0d81d7a407c5b9bff9041d3b
     info: [frame] search-network-plus.com/?fp=kZdaykAVjmhY7gFmIewSNlaDqp%2B2lhirxgNB9dXWl5F%2BO4nf0jc2P8RoAX17kMDaxJRBytdw%2Bg%2BFDdXNFf2zTg%3D%3D&prvtof=yy0flwCqa8kznO2TIvrHl1P26Z%2ByO6Iu1OZN%2BD0WwPHt85cQKfYuAX%2B%2BC%2Fd1U8JK%2B8PP03MHewHBKcbr5g8gEQ%3D%3D&poru=eCJVmUbwXYtAQrcyQsoxM7RDmZSv6Wc1P7oYP3kyoT96Q%2FKQY1pcGdhgiUycgjktPy7VoX%2F%2Fuy9i0SU%2BhnFJV4Lvae06kSRonc0GorF9HAs%3D&a=a&st=Internet
     info: [decodingLevel=0] found JavaScript
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
     file: 9761557763c0c90c0d81d7a407c5b9bff9041d3b: 3210 bytes
     file: 65174b558214c66dcf37f79a88d608cc27a68b27: 1541 bytes
     file: 07f64ee33e2848532662f82ceeed89dbdb9ff525: 1547 bytes
     file: e4c80ab2b6ec4bf2669a55a5768afbe8fa43f2c4: 1756 bytes
     file: 4377f77ccbc852a61eb7a0874fc6e3e9968efe59: 1948 bytes
     file: 868f9c72dccb32f6445556d0d486cf097c01bb0b: 1662 bytes
     file: 5c06386d0c9afc3eb9d1949d7d4ad336706430a5: 1786 bytes
     file: 6684d830e22b34582636b602eb9a0e1adff111e5: 3494 bytes
     file: 1edd476f3fc942cdbacfbd1dee5772fb678bbf86: 3500 bytes
     file: 593791f185199df2953b3cec0ccfd97b4bbbb44d: 3709 bytes
     file: 98e973382ca83b0ce57ce576c43bc037cfabbccc: 3901 bytes
     file: 2edfffc65a27a9c1365b6ccccfa56ecbc470c19b: 3615 bytes
     file: e52ec33a769a6acd9166708b8d37b2e86768f2ab: 3739 bytes

Decoded Files
9761/557763c0c90c0d81d7a407c5b9bff9041d3b from search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1 (3210 bytes, 134 hidden) download

6517/4b558214c66dcf37f79a88d608cc27a68b27 from search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1 (1541 bytes, 101 hidden) download

07f6/4ee33e2848532662f82ceeed89dbdb9ff525 from search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1 (1547 bytes, 101 hidden) download

e4c8/0ab2b6ec4bf2669a55a5768afbe8fa43f2c4 from search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1 (1756 bytes, 101 hidden) download

4377/f77ccbc852a61eb7a0874fc6e3e9968efe59 from search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1 (1948 bytes, 101 hidden) download

868f/9c72dccb32f6445556d0d486cf097c01bb0b from search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1 (1662 bytes, 101 hidden) download

5c06/386d0c9afc3eb9d1949d7d4ad336706430a5 from search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1 (1786 bytes, 101 hidden) download

6684/d830e22b34582636b602eb9a0e1adff111e5 from search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1 (3494 bytes, 134 hidden) download

1edd/476f3fc942cdbacfbd1dee5772fb678bbf86 from search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1 (3500 bytes, 134 hidden) download

5937/91f185199df2953b3cec0ccfd97b4bbbb44d from search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1 (3709 bytes, 134 hidden) download

98e9/73382ca83b0ce57ce576c43bc037cfabbccc from search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1 (3901 bytes, 134 hidden) download

2edf/ffc65a27a9c1365b6ccccfa56ecbc470c19b from search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1 (3615 bytes, 134 hidden) download

e52e/c33a769a6acd9166708b8d37b2e86768f2ab from search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1 (3739 bytes, 134 hidden) download


ww2.search-network-plus.com/?folio=9POR7JU99 benign
[nothing detected] (metarefresh) ww2.search-network-plus.com/?folio=9POR7JU99
     status: (referer=search-network-plus.com/?fp=kZdaykAVjmhY7gFmIewSNlaDqp+2lhirxgNB9dXWl5F+O4nf0jc2P8RoAX17kMDaxJRBytdw+g+FDdXNFf2zTg==&prvtof=yy0flwCqa8kznO2TIvrHl1P26Z+yO6Iu1OZN+D0WwPHt85cQKfYuAX++C/d1U8JK+8PP03MHewHBKcbr5g8gEQ==&poru=eCJVmUbwXYtAQrcyQsoxM7RDmZSv6Wc1P7oYP3kyoT96Q/KQY1pcGdhgiUycgjktPy7VoX/uy9i0SU+hnFJV4Lvae06kSRonc0GorF9HAs=&a=a&st=Internet)saved 14230 bytes ff604b3da22c42f0d72774d8895cdfd0b3e3deb1
     info: [meta refresh] URL=ww2.search-network-plus.com/rg-erdr.php?_rpo=t
     info: [script] ww2.search-network-plus.com/px.js?ch=1
     info: [script] ww2.search-network-plus.com/px.js?ch=2
     info: [script] www.google.com/adsense/domains/caf.js
     info: [img] d3ujb2t8x8alxd.cloudfront.net/rmgpsc/7867/logo1.png
     info: [script] d258j801nsw1p7.cloudfront.net/rmgdsc/newcafv2.js?ver=5
     file: ff604b3da22c42f0d72774d8895cdfd0b3e3deb1: 14230 bytes

Decoded Files
ff60/4b3da22c42f0d72774d8895cdfd0b3e3deb1 from ww2.search-network-plus.com/?folio=9POR7JU99 (14230 bytes, 754 hidden) download


d258j801nsw1p7.cloudfront.net/rmgdsc/newcafv2.js?ver=5 benign
[nothing detected] (script) d258j801nsw1p7.cloudfront.net/rmgdsc/newcafv2.js?ver=5
     status: (referer=ww2.search-network-plus.com/?folio=9POR7JU99)saved 10836 bytes b2dbb2e24b2e30797be9355351b3469be52e42c8
     file: b2dbb2e24b2e30797be9355351b3469be52e42c8: 10836 bytes

Decoded Files
b2db/b2e24b2e30797be9355351b3469be52e42c8 from d258j801nsw1p7.cloudfront.net/rmgdsc/newcafv2.js?ver=5 (10836 bytes, 4623 hidden) download


ww2.search-network-plus.com/px.js?ch=2 benign
[nothing detected] (script) ww2.search-network-plus.com/px.js?ch=2
     status: (referer=ww2.search-network-plus.com/?folio=9POR7JU99)saved 346 bytes 9c2c50edcf576453ccc07bf65668bd23c76e8663
     file: 9c2c50edcf576453ccc07bf65668bd23c76e8663: 346 bytes

Decoded Files
9c2c/50edcf576453ccc07bf65668bd23c76e8663 from ww2.search-network-plus.com/px.js?ch=2 (346 bytes) download


ww2.search-network-plus.com/px.js?ch=1 benign
[nothing detected] (script) ww2.search-network-plus.com/px.js?ch=1
     status: (referer=ww2.search-network-plus.com/?folio=9POR7JU99)saved 346 bytes 9c2c50edcf576453ccc07bf65668bd23c76e8663
     file: 9c2c50edcf576453ccc07bf65668bd23c76e8663: 346 bytes

Decoded Files
9c2c/50edcf576453ccc07bf65668bd23c76e8663 from ww2.search-network-plus.com/px.js?ch=1 (346 bytes) download


www.google.com/adsense/domains/caf.js benign
[nothing detected] (script) www.google.com/adsense/domains/caf.js
     status: (referer=ww2.search-network-plus.com/?folio=9POR7JU99)saved 293492 bytes 5cc55b929e67b62dcd824c503c121f00bbd46a7b
     info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
     info: [img] pagead2.googlesyndication.com/pagead/images/white.png
     info: [img] pagead2.googlesyndication.com/pagead/images/black.png
     info: [img] www.gstatic.com/domainads/images/chevron-white.png
     info: [img] www.google.com/adsense/domains/
     info: [iframe] www.google.com/adsense/domains/
     info: [img] www.gstatic.com/images/icons/material/system/1x/grey600_18dp.png
     info: [img] www.google.com/adsense/domains/data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABUAAAAVCAYAAACpF6WWAAAAXklEQVQ4y2P4/8/A7Uxw6ih2CWwAwMgvg+iqWUoyMD3QAySvE8NQ5ENfE8Nl2IYCBKkxFCsBlJiKE4DKTH0PtRAEE5AD+RB5VKahCnNYp9m6ZRmOYo6eX+0kCYbAwBPgxTnnBag1wAAAABJRU5ErkJggg==
     info: [img] www.google.com/adsense/domains/data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABUAAAAVCAYAAACpF6WWAAAAXElEQVQ4y2P4/8/A7Uxw6ihuCUZGAyA+D6UxgDkGgoyEMR4j81gSlz6HpfB5BqK12BKDMVpMKWGYjWYGoaCQALUUBC+PyhdSvUwpXrs0ySd0ixHUTfvjxbSZGEA/QcU5yLp498AAAAASUVORK5CYII=
     info: [img] www.gstatic.com/images/icons/material/system/1x/18dp.png
     info: [img] afs.googleusercontent.com/amazon/icon-offsite-sl-7069-t4._V171196157_.png
     info: [img] www.google.com/adsense/domains/+T(t.url)+
     info: [script] www.google.com/adsense/domains/
     file: 5cc55b929e67b62dcd824c503c121f00bbd46a7b: 293492 bytes

Decoded Files
5cc5/5b929e67b62dcd824c503c121f00bbd46a7b from www.google.com/adsense/domains/caf.js (293492 bytes, 24 hidden) download


upload malicious
[malicious:10] upload
     suspicious: Warning detected /warning CVE-NO-MATCH Shellcode NOP len 231 /warning CVE-NO-MATCH Shellcode Engine Binary Threshold /warning CVE-NO-MATCH Shellcode Engine Length 65536 /warning CVE-NO-MATCH Shellcode NOP len 253 /warning CVE-NO-MATCH Shellcode NOP len 9999 /warning CVE-NO-MATCH Shellcode NOP len 261899
     suspicious: shellcode of length 307/231
     malicious: shellcode URL=search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=3
     info: [decodingLevel=0] found JavaScript
     error: undefined function sly
     malicious: Alert detected /alert CVE-2008-2992 util.printf length (7,296)
     suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Length 65536
     suspicious: shellcode of length 318/170
     malicious: shellcode URL=search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=1
     info: [1] no JavaScript
     info: file: saved upload to (5494d4abd36dd1e91f2f3e47de24af065bccf880)
     file: 5494d4abd36dd1e91f2f3e47de24af065bccf880: 6784 bytes
     file: be7f8a77f560360e6ba0956f7f0855f26ce3e9a4: 307 bytes
     file: 09cefb24a588ab0fc1dac483667d263110415dc0: 1106 bytes
     file: 28411df7f727d776ae20e9c19a9f617dddad2f75: 318 bytes

Decoded Files
5494/d4abd36dd1e91f2f3e47de24af065bccf880 from upload (6784 bytes) download

be7f/8a77f560360e6ba0956f7f0855f26ce3e9a4 from upload (307 bytes, 127 hidden) download

09ce/fb24a588ab0fc1dac483667d263110415dc0 from upload (1106 bytes) download

2841/1df7f727d776ae20e9c19a9f617dddad2f75 from upload (318 bytes, 120 hidden) download


www.google.com/adsense/domains/ benign
[nothing detected] (script) www.google.com/adsense/domains/
     status: (referer=www.google.com/adsense/domains/caf.js)saved 164 bytes 805d159f9900361b06cc204d50edbd2e54a74c6c
     file: 805d159f9900361b06cc204d50edbd2e54a74c6c: 164 bytes

Decoded Files
805d/159f9900361b06cc204d50edbd2e54a74c6c from www.google.com/adsense/domains/ (164 bytes) download