JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link b0547a1e1215e840de7ab212e2128117396a9d9a (Received 2017-10-09 11:35:13, script )

URLStatus
127.0.0.1/

if(h.compareNums(f/ status: (referer=http:/www.ask.com/web?q=puppies)

=0&&f.compareNums(f.verGecko/ status: (referer=http:/www.ask.com/web?q=puppies)

adpage18.google-syndication05.in/x.php?f=17&e=6 status: (referer=http:/www.ask.com/web?q=puppies)

(d.isChrome&&d.compareNums(c/ status: (referer=http:/www.ask.com/web?q=puppies)

adpage18.google-syndication05.in/x.php?f=18&e=2" status: (referer=http:/www.ask.com/web?q=puppies)

if(d.compareNums(e/ status: (referer=http:/www.ask.com/web?q=puppies)

adpage18.google-syndication05.in/x.php?f=17&e=2" status: (referer=http:/www.ask.com/web?q=puppies)

adpage18.google-syndication05.in/x.php?f=18&e=6 status: (referer=http:/www.ask.com/web?q=puppies)

xmlhttp/ status: (referer=http:/www.ask.com/web?q=puppies)

if(e.isDefined(d)&&d.compareNums)/ status: (referer=http:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -2] Name or service not known>

if(f.isGecko&&f.compareNums(f.verGecko/ status: (referer=http:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -2] Name or service not known>

o=h.compareNums(f/ status: (referer=http:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -2] Name or service not known>

(h.isGecko&&h.compareNums(h.verGecko/ status: (referer=http:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -2] Name or service not known>

return d.compareNums(h/ status: (referer=http:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -2] Name or service not known>

=0&&d.compareNums(c/ status: (referer=http:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -2] Name or service not known>

i=(e.compareNums(e.formatNum(q)/ status: (referer=http:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -2] Name or service not known>

if(h.compareNums(l.join("/ status: (referer=http:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -2] Name or service not known>

if(o.childNodes.length==1&&(j.isGecko&&j.compareNums(j.verGecko/ status: (referer=http:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -2] Name or service not known>

if((d.isGecko&&d.compareNums(d.verGecko/ status: (referer=http:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -2] Name or service not known>

All Malicious or Suspicious Elements of Submission

suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Binary Threshold
suspicious: shellcode of length 27880/28933
malicious: shellcode URL=if(e.isDefined(d)&&d.compareNums)
malicious: shellcode URL=return d.compareNums(h
malicious: shellcode URL=if(o.childNodes.length==1&&(j.isGecko&&j.compareNums(j.verGecko
malicious: shellcode URL=if(h.compareNums(l.join("
malicious: shellcode URL=if(h.compareNums(f
malicious: shellcode URL=o=h.compareNums(f
malicious: shellcode URL=if(d.compareNums(e
malicious: shellcode URL=i=(e.compareNums(e.formatNum(q)
malicious: shellcode URL=if((d.isGecko&&d.compareNums(d.verGecko
malicious: shellcode URL==0&&d.compareNums(c
malicious: shellcode URL=(d.isChrome&&d.compareNums(c
malicious: shellcode URL=(h.isGecko&&h.compareNums(h.verGecko
malicious: shellcode URL=if(f.isGecko&&f.compareNums(f.verGecko
malicious: shellcode URL==0&&f.compareNums(f.verGecko
malicious: shellcode URL=adpage18.google-syndication05.in/x.php?f=17&e=2"
malicious: shellcode URL=adpage18.google-syndication05.in/x.php?f=18&e=2"
malicious: XOR key [shellcode]: 32
malicious: shellcode [xor] URL=xmlhttp
malicious: XOR key [shellcode]: 40
malicious: shellcode [xor] URL=adpage18.google-syndication05.in/x.php?f=17&e=6
malicious: shellcode [xor] URL=adpage18.google-syndication05.in/x.php?f=18&e=6
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
script malicious
[malicious:10] script
     info: [decodingLevel=0] found JavaScript
     info: DecodedGenericCLSID detected 8AD9C840-044E-11D1-B3E9-00805F499D93 BD96C556-65A3-11D0-983A-00C04FC29E36 CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA CA8A9780-280D-11CF-A24D-444553540000 D27CDB6E-AE6D-11CF-96B8-444553540000 d27cdb6e-ae6d-11cf-96b8-444553540000
     suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Binary Threshold
     suspicious: shellcode of length 27880/28933
     malicious: shellcode URL=if(e.isDefined(d)&&d.compareNums)
     malicious: shellcode URL=return d.compareNums(h
     malicious: shellcode URL=if(o.childNodes.length==1&&(j.isGecko&&j.compareNums(j.verGecko
     malicious: shellcode URL=if(h.compareNums(l.join("
     malicious: shellcode URL=if(h.compareNums(f
     malicious: shellcode URL=o=h.compareNums(f
     malicious: shellcode URL=if(d.compareNums(e
     malicious: shellcode URL=i=(e.compareNums(e.formatNum(q)
     malicious: shellcode URL=if((d.isGecko&&d.compareNums(d.verGecko
     malicious: shellcode URL==0&&d.compareNums(c
     malicious: shellcode URL=(d.isChrome&&d.compareNums(c
     malicious: shellcode URL=(h.isGecko&&h.compareNums(h.verGecko
     malicious: shellcode URL=if(f.isGecko&&f.compareNums(f.verGecko
     malicious: shellcode URL==0&&f.compareNums(f.verGecko
     malicious: shellcode URL=adpage18.google-syndication05.in/x.php?f=17&e=2"
     malicious: shellcode URL=adpage18.google-syndication05.in/x.php?f=18&e=2"
     malicious: XOR key [shellcode]: 32
     malicious: shellcode [xor] URL=xmlhttp
     malicious: XOR key [shellcode]: 40
     malicious: shellcode [xor] URL=adpage18.google-syndication05.in/x.php?f=17&e=6
     malicious: shellcode [xor] URL=adpage18.google-syndication05.in/x.php?f=18&e=6
     info: [embed] 127.0.0.1/
     info: [decodingLevel=1] found JavaScript
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
     info: file: saved script to (fafd4e97bff415fd41837156cf5dc0f8b1bdcb77)
     file: fafd4e97bff415fd41837156cf5dc0f8b1bdcb77: 82837 bytes
     file: d23022aecc32bd748d37ef16bd45a8976ee1d83d: 449005 bytes
     file: 85d75128e74462dd09b56995d1c4e08ee95cb021: 27880 bytes
     file: 469035f06612c2f47edb98b71703d874f7797f01: 449285 bytes
     file: c1eb7e115f42a82b1ced8f95d4247089b852d95d: 449291 bytes
     file: b9c7afbc9f769b500f6c5552b625d9e3af613e7e: 449500 bytes
     file: 469e8326dd1843138ddee8fe212eaeebd6dd95cb: 449692 bytes
     file: dc14bd9a2eac36bf8985c78bbecae554a7776bd7: 449406 bytes
     file: 257dd6377663bd65f107c518be679d0716342b92: 449530 bytes

Decoded Files
fafd/4e97bff415fd41837156cf5dc0f8b1bdcb77 from script (82837 bytes, 87 hidden) download

d230/22aecc32bd748d37ef16bd45a8976ee1d83d from script (449005 bytes, 4 hidden) download

85d7/5128e74462dd09b56995d1c4e08ee95cb021 from script (27880 bytes, 230 hidden) download

4690/35f06612c2f47edb98b71703d874f7797f01 from script (449285 bytes, 4 hidden) download

c1eb/7e115f42a82b1ced8f95d4247089b852d95d from script (449291 bytes, 4 hidden) download

b9c7/afbc9f769b500f6c5552b625d9e3af613e7e from script (449500 bytes, 4 hidden) download

469e/8326dd1843138ddee8fe212eaeebd6dd95cb from script (449692 bytes, 4 hidden) download

dc14/bd9a2eac36bf8985c78bbecae554a7776bd7 from script (449406 bytes, 4 hidden) download

257d/d6377663bd65f107c518be679d0716342b92 from script (449530 bytes, 4 hidden) download