JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link 90e16c4e63c81fe0d39ff0026af384d3688b6f59 (Received 2017-04-17 11:40:17, script )

URLStatus
127.0.0.1/about:blank

127.0.0.1/fg/show.php?ajax=1&r=0.31254002318791385

sploitme.com.cn/fg/load.php?e=1 status: (referer=http:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -2] Name or service not known>

127.0.0.1/undefined

All Malicious or Suspicious Elements of Submission

malicious: MSOfficeSnapshotViewer CVE-2008-2463 detected F0E42D50-368C-11D0-AD81-00A0C90DC8D9
malicious: MSOfficeWebComponents CVE-2009-1136 detected msDataSourceObject OWC10.Spreadsheet
malicious: COMObjectInstantiationMemoryCorruption CVE-2005-2127 detected EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F
malicious: MSDirectShowCLSID CVE-2008-0015 detected 0955AC62-BF2E-4CBA-A2B9-A63F772D46CF
malicious: Alert detected /alert CVE-2009-1136 msDataSourceObject /alert CVE-2008-2463 PrintSnapshot
suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Binary Threshold /warning CVE-NO-MATCH Shellcode Engine Length 130770
script malicious
[malicious:10] script
     info: [decodingLevel=0] found JavaScript
     error: ./pre.js:249: SyntaxError: unterminated string literal:
          error: ./pre.js:249: location.href = "about:blank
          error: ./pre.js:249: ................^
     info: DecodedGenericCLSID detected 7F5B7F63-F06F-4331-8A26-339E03C0AE3D EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F D0C07D56-7C69-43F1-B4A0-25F5A11FAB19 0006F03A-0000-0000-C000-000000000046 BD96C556-65A3-11D0-983A-00C04FC29E36 06723E09-F4C2-43c8-8358-09FCD1DB0766 E8CCCDDF-CA28-496b-B050-6C07C962476B 0955AC62-BF2E-4CBA-A2B9-A63F772D46CF 639F725F-1B2D-4831-A9FD-874847682010 AB9BCEDD-EC7E-47E1-9322-D4A210617116 6e32070a-766d-4ee6-879c-dc1fa91d2fc3 6414512B-B978-451D-A0D8-FCFDF33E833C F0E42D50-368C-11D0-AD81-00A0C90DC8D9 BA018599-1DB3-44f9-83B4-461454C84BF8 0006F033-0000-0000-C000-000000000046
     malicious: MSOfficeSnapshotViewer CVE-2008-2463 detected F0E42D50-368C-11D0-AD81-00A0C90DC8D9
     malicious: MSOfficeWebComponents CVE-2009-1136 detected msDataSourceObject OWC10.Spreadsheet
     malicious: COMObjectInstantiationMemoryCorruption CVE-2005-2127 detected EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F
     malicious: MSDirectShowCLSID CVE-2008-0015 detected 0955AC62-BF2E-4CBA-A2B9-A63F772D46CF
     info: ActiveXDataObjectsMDAC detected MSXML2.ServerXMLHTTP Microsoft.XMLHTTP
     malicious: Alert detected /alert CVE-2009-1136 msDataSourceObject /alert CVE-2008-2463 PrintSnapshot
     suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Binary Threshold /warning CVE-NO-MATCH Shellcode Engine Length 130770
     info: DecodedMsg detected /info.ActiveXObject Msxml2.XMLHTTP /info.ActiveXObject snpvw.Snapshot Viewer Control.1 /info.ActiveXObject OWC10.Spreadsheet
     info: [javascript variable] URL=sploitme.com.cn/fg/load.php?e=1
     info: [open] URL=127.0.0.1/fg/show.php?ajax=1&r=0.31254002318791385
     info: [setAttribute src] URL=127.0.0.1/about:blank
     info: [element] URL=127.0.0.1/undefined
     info: [var urltofile] URL=sploitme.com.cn/fg/load.php?e=1
     info: [var newurl] URL=sploitme.com.cn/fg/load.php?e=1
     info: [decodingLevel=1] found JavaScript
     error: line:3: SyntaxError: missing ; before statement:
          error: line:3: ;');document.write('bof=string(1400,unescape("%ff")) + string(1000,unescape("%0c"))');document.write('IWinAmpActiveX.ConvertFile bof,1,1,1,1,1');document.write('IWinAmpActiveX.ConvertFile bof,1,1,1,1,1');document.write('IWinAmpActiveX.ConvertFile bof,1,1,
          error: line:3: .^
     error: line:116: SyntaxError: unterminated string literal:
          error: line:116: location.href = "about:blank
          error: line:116: ................^
     info: file: saved script to (c8dfa88017343655935c1b6bce763ca473730cd5)
     file: c8dfa88017343655935c1b6bce763ca473730cd5: 40322 bytes
     file: 1e376c35cd983daf723e4b4b620c5e9046312bef: 14646 bytes

Decoded Files
c8df/a88017343655935c1b6bce763ca473730cd5 from script (40322 bytes, 15 hidden) download

1e37/6c35cd983daf723e4b4b620c5e9046312bef from script (14646 bytes) download