JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link e376ee7d9cef5e26eab639d2e4fc6a265b02d450 (Received 2017-05-19 00:32:17, script )

URLStatus
apis.google.com/js/platform.js?publisherid=117406334945440166508 status: (referer=www.xosohomnay.com/)

admicro1.vcmedia.vn/codes/36919.ads status: (referer=www.xosohomnay.com.vn/adbox/xshn/auto.html)

src.xosohomnay.com.vn/jquery/jquery-ui/jquery-ui.min.js?v=332 status: (referer=www.xosohomnay.com/)

ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js status: (referer=chat.trumxoso.com/)

=hostname&&"chat.trumxoso.com"/ status: (referer=http:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -2] Name or service not known>

chat.trumxoso.com/template/simel.js?v=8 status: (referer=chat.trumxoso.com/)

admicro1.vcmedia.vn/codes/36923.ads status: (referer=www.xosohomnay.com.vn/adbox/xshn/auto.html)

admicro1.vcmedia.vn/codes/36927.ads status: (referer=www.xosohomnay.com.vn/adbox/xshn/auto.html)

www.xosohomnay.com")/ status: (referer=http:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -2] Name or service not known>

src.xosohomnay.com.vn/Scripts/system.js?v=332 status: (referer=www.xosohomnay.com/)

admicro1.vcmedia.vn/codes/36921.ads status: (referer=www.xosohomnay.com.vn/adbox/xshn/auto.html)

chat.trumxoso.com/template/ui.js?v=13 status: (referer=chat.trumxoso.com/)

chat.trumxoso.com/template/sounds/ion.sound.min.js status: (referer=chat.trumxoso.com/)

chat.trumxoso.com/template/socket.io.js status: (referer=chat.trumxoso.com/)

admicro1.vcmedia.vn/codes/36925.ads status: (referer=www.xosohomnay.com.vn/adbox/xshn/auto.html)

chat.trumxoso.com/template/io.js?v=15 status: (referer=chat.trumxoso.com/)

code.jquery.com/ui/1.12.0/jquery-ui.js status: (referer=chat.trumxoso.com/)

All Malicious or Suspicious Elements of Submission

suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Binary Threshold
suspicious: shellcode of length 7518/7478
malicious: shellcode URL==hostname&&"chat.trumxoso.com"
malicious: shellcode URL=www.xosohomnay.com")
malicious: shellcode URL="
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
script malicious
[malicious:8] script
     info: [decodingLevel=0] found JavaScript
     error: undefined variable io
     error: undefined function io
     suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Binary Threshold
     suspicious: shellcode of length 7518/7478
     malicious: shellcode URL==hostname&&"chat.trumxoso.com"
     malicious: shellcode URL=www.xosohomnay.com")
     malicious: shellcode URL="
     info: [windowlocation] URL=www.xosohomnay.com
     info: [var location] URL=www.xosohomnay.com
     info: [var newurl] URL=www.xosohomnay.com
     info: [img] 127.0.0.1/
     info: [img] 127.0.0.1/template/chao.gif
     info: [decodingLevel=1] found JavaScript
     error: undefined variable _4927
     error: undefined variable _7104
     info: [decodingLevel=2] found JavaScript
     info: file: saved script to (6779e5ba4897e146efda08249388827316e2ecca)
     file: 6779e5ba4897e146efda08249388827316e2ecca: 35564 bytes
     file: d023b648bc962f8ad76e1e1828fb4b0631a7097c: 32022 bytes
     file: 9d9cc6f709c05550eca360e335cf4a15426f3cac: 7518 bytes
     file: a93ec09dde760205a5ff8118ac64c4eac338ad28: 171 bytes

Decoded Files
6779/e5ba4897e146efda08249388827316e2ecca from script (35564 bytes) download

d023/b648bc962f8ad76e1e1828fb4b0631a7097c from script (32022 bytes, 56 hidden) download

9d9c/c6f709c05550eca360e335cf4a15426f3cac from script (7518 bytes, 69 hidden) download

a93e/c09dde760205a5ff8118ac64c4eac338ad28 from script (171 bytes) download


www.xosohomnay.com.vn/adbox/xshn/auto.html benign
[nothing detected] (iframe) www.xosohomnay.com.vn/adbox/xshn/auto.html
     status: (referer=www.xosohomnay.com/)saved 5251 bytes 0957a614f64c413845ee2bcecf4f5c7b6d7be2bc
     info: [script] admicro1.vcmedia.vn/codes/36919.ads
     info: [script] admicro1.vcmedia.vn/codes/36921.ads
     info: [script] admicro1.vcmedia.vn/codes/36923.ads
     info: [script] admicro1.vcmedia.vn/codes/36927.ads
     info: [script] admicro1.vcmedia.vn/codes/36925.ads
     file: 0957a614f64c413845ee2bcecf4f5c7b6d7be2bc: 5251 bytes

Decoded Files
0957/a614f64c413845ee2bcecf4f5c7b6d7be2bc from www.xosohomnay.com.vn/adbox/xshn/auto.html (5251 bytes, 268 hidden) download


www.xosohomnay.com/ benign
[nothing detected] (var newurl) www.xosohomnay.com/
     status: (referer=http:/www.ask.com/web?q=puppies)saved 127205 bytes a18514c73311e00e616e75dc3d461f602436f955
     info: [script] apis.google.com/js/platform.js?publisherid=117406334945440166508
     info: [script] src.xosohomnay.com.vn/jquery/jquery.js?v=332
     info: [script] src.xosohomnay.com.vn/jquery/jquery.fullscreen-0.4.2.min.js
     info: [script] src.xosohomnay.com.vn/jquery/html2canvas.min.js
     info: [script] src.xosohomnay.com.vn/jquery/jquery-ui/jquery-ui.min.js?v=332
     info: [script] src.xosohomnay.com.vn/Scripts/system.js?v=332
     info: [img] src.xosohomnay.com/upload/logo/LXoSoHomNay.png
     info: [iframe] www.xosohomnay.com.vn/adbox/xshn/auto.html
     info: [img] www.xosohomnay.com/upload/images/icons/doi-so-trung-xskt.gif
     info: [img] www.xosohomnay.com/upload/images/icons/Xo-So-Max-4D.png
     info: [iframe] dlvs.vn/comment/
     info: [img] src.xosohomnay.com.vn/upload/images/icons/btnxoay.png
     info: [img] sstatic1.histats.com/0.gif?3215426&101
     info: [iframe] chat.trumxoso.com/?f=r
     info: [iframe] chat.trumxoso.com/
     info: [decodingLevel=0] found JavaScript
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
     file: a18514c73311e00e616e75dc3d461f602436f955: 127205 bytes
     file: 7bca9dd7195265ec77ce6ae06eacdb4abb5a15d1: 127397 bytes
     file: 21dc8512d61347fe2330c5ee039836c1602647ed: 127403 bytes
     file: e843babd53815baee4bda23b5dcdbd1d1d2c862e: 127612 bytes
     file: c5fdbc86729f3192c74cb5a6914ed015c25026f3: 127804 bytes
     file: 663d0f7126b124994b0d9a0aca99a23535d69df0: 127518 bytes
     file: 3118fd99dc3103a2f0487cdbea29f080373e3554: 127642 bytes

Decoded Files
a185/14c73311e00e616e75dc3d461f602436f955 from www.xosohomnay.com/ (127205 bytes, 22939 hidden) download

7bca/9dd7195265ec77ce6ae06eacdb4abb5a15d1 from www.xosohomnay.com/ (127397 bytes, 22939 hidden) download

21dc/8512d61347fe2330c5ee039836c1602647ed from www.xosohomnay.com/ (127403 bytes, 22939 hidden) download

e843/babd53815baee4bda23b5dcdbd1d1d2c862e from www.xosohomnay.com/ (127612 bytes, 22939 hidden) download

c5fd/bc86729f3192c74cb5a6914ed015c25026f3 from www.xosohomnay.com/ (127804 bytes, 22939 hidden) download

663d/0f7126b124994b0d9a0aca99a23535d69df0 from www.xosohomnay.com/ (127518 bytes, 22939 hidden) download

3118/fd99dc3103a2f0487cdbea29f080373e3554 from www.xosohomnay.com/ (127642 bytes, 22939 hidden) download


dlvs.vn/comment/ benign
[nothing detected] (iframe) dlvs.vn/comment/
     status: (referer=www.xosohomnay.com/)saved 1892 bytes 0e72c666ead861839fde173f7bde7403db04c3f4
     info: [script] ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
     file: 0e72c666ead861839fde173f7bde7403db04c3f4: 1892 bytes

Decoded Files
0e72/c666ead861839fde173f7bde7403db04c3f4 from dlvs.vn/comment/ (1892 bytes, 67 hidden) download


chat.trumxoso.com/?f=r benign
[nothing detected] (iframe) chat.trumxoso.com/?f=r
     status: (referer=www.xosohomnay.com/)saved 6812 bytes 4a99c04265842911d4b95932478cbcd26f208216
     info: [script] chat.trumxoso.com/template/socket.io.js
     info: [script] ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
     info: [script] chat.trumxoso.com/template/sounds/ion.sound.min.js
     info: [script] code.jquery.com/ui/1.12.0/jquery-ui.js
     info: [script] chat.trumxoso.com/template/simel.js?v=8
     info: [img] chat.trumxoso.com/template/login-fb.png
     info: [img] chat.trumxoso.com/template/login-gg.png
     info: [script] chat.trumxoso.com/template/io.js?v=15
     info: [script] chat.trumxoso.com/template/ui.js?v=13
     info: [img] sstatic1.histats.com/0.gif?3808683&101
     file: 4a99c04265842911d4b95932478cbcd26f208216: 6812 bytes

Decoded Files
4a99/c04265842911d4b95932478cbcd26f208216 from chat.trumxoso.com/?f=r (6812 bytes, 773 hidden) download


src.xosohomnay.com.vn/jquery/html2canvas.min.js benign
[nothing detected] (script) src.xosohomnay.com.vn/jquery/html2canvas.min.js
     status: (referer=www.xosohomnay.com/)saved 36985 bytes bb20ca86b627499dca1bcc9e24d11996746c27e4
     file: bb20ca86b627499dca1bcc9e24d11996746c27e4: 36985 bytes

Decoded Files
bb20/ca86b627499dca1bcc9e24d11996746c27e4 from src.xosohomnay.com.vn/jquery/html2canvas.min.js (36985 bytes, 1 hidden) download


src.xosohomnay.com.vn/jquery/jquery.fullscreen-0.4.2.min.js benign
[nothing detected] (script) src.xosohomnay.com.vn/jquery/jquery.fullscreen-0.4.2.min.js
     status: (referer=www.xosohomnay.com/)saved 4925 bytes 0c4e5c013ae7f935af2f0a7d00ad43c7252bc165
     file: 0c4e5c013ae7f935af2f0a7d00ad43c7252bc165: 4925 bytes

Decoded Files
0c4e/5c013ae7f935af2f0a7d00ad43c7252bc165 from src.xosohomnay.com.vn/jquery/jquery.fullscreen-0.4.2.min.js (4925 bytes) download


src.xosohomnay.com.vn/jquery/jquery.js?v=332 benign
[nothing detected] (script) src.xosohomnay.com.vn/jquery/jquery.js?v=332
     status: (referer=www.xosohomnay.com/)saved 143957 bytes 672b8247be1c11a0450edf7685b35808c65f9fac
     info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
     file: 672b8247be1c11a0450edf7685b35808c65f9fac: 143957 bytes

Decoded Files
672b/8247be1c11a0450edf7685b35808c65f9fac from src.xosohomnay.com.vn/jquery/jquery.js?v=332 (143957 bytes) download