JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link f86bbc935ba7a4acfd3ddc608207bf7e47c5d749 (Received 2013-07-04 13:25:48, http://www.kulichki.com/ )

URLStatus
www.kulichki.com/ saved 41279 bytes 13a0f2c01631765eb14d7490a640caedb1257db2

ad.adriver.ru/cgi-bin/undefined/masterh7.adriver.ru/images/0002636/0002636408/0/script.js?0 status: (referer=ad.adriver.ru/cgi-bin/erle.cgi?sid=4107&bt=49&target=blank&tail256=)

www.business.lbn.ru/jslib/m.js status: (referer=www.business.lbn.ru/cgi-bin/iframe/)

www.business.lbn.ru/cgi-bin/iframe/old-kulichki status: (referer=www.kulichki.com/)

ad.adriver.ru/cgi-bin/erle.cgi?sid=6441&bn=2&target=top&bt=2&pz=0&rnd=890500084 status: (referer=www.kulichki.com/)

content.adriver.ru/banners/0002186/0002186173/0/0.html?6441&125026&0&1&0&1562128567&0&0&html status: (referer=ad.adriver.ru/cgi-bin/erle.cgi?sid=6441&bn=1&target=top&bt=2&pz=0&rnd=1562128567)

ad.adriver.ru/cgi-bin/ status: (referer=ad.adriver.ru/cgi-bin/erle.cgi?sid=4107?target=blank?bt=16?pz=0?rnd=)

ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js status: (referer=www.business.lbn.ru/cgi-bin/iframe/)

ad.adriver.ru/cgi-bin/undefined/edp2.adriver.ru/images/0001411/0001411982/0/script.js?0 status: (referer=ad.adriver.ru/cgi-bin/erle.cgi?sid=4107?target=blank?bt=16?pz=0?rnd=)

ad.adriver.ru/cgi-bin/click.cgi?sid=4107&ad=277531&bid=1411982&bt=16&bn=0&pz=0&nid=0&ref=http:/www.kulichki.com/&custom=&xpid=BATLYEq3sVpfiGAISsj17V5ZHajs status: (referer=ad.adriver.ru/cgi-bin/erle.cgi?sid=4107?target=blank?bt=16?pz=0?rnd=)

ad.adriver.ru/cgi-bin/click.cgi?sid=4107&ad=277531&bid=2636408&bt=49&bn=0&pz=0&nid=0&ref=http:/www.kulichki.com/&custom=&xpid=BMymQ3grZaOOeCd7KedBDgrMciy0 status: (referer=ad.adriver.ru/cgi-bin/erle.cgi?sid=4107&bt=49&target=blank&tail256=)

click.readme.ru/informer/htm/21366.htm status: (referer=www.business.lbn.ru/cgi-bin/iframe/)

content.a/ status: (referer=ad.adriver.ru/cgi-bin/erle.cgi?sid=4107?target=blank?bt=16?pz=0?rnd=)

masterh7.adriver.ru/images/0000282/0000282891/0/index.html?params=rhost=ad.adriver.ru&sid=6441&ad=125026&bid=282891&ntype=4&pass=&bt=2&pz=0&bn=1&width=100&height=100&rnd=1562128567&geozoneid=288&rleurl=http:/www.bereg.ru/games/club/club.shtml& status: (referer=ad.adriver.ru/cgi-bin/erle.cgi?sid=6441&bn=1&target=top&bt=2&pz=0&rnd=1562128567)

content.adriver.ru/banners/0002186/0002186173/0/0.html?4107&277531&0&1&0&0&1&0&javascript status: (referer=ad.adriver.ru/cgi-bin/erle.cgi?sid=4107?target=blank?bt=16?pz=0?rnd=)

All Malicious or Suspicious Elements of Submission

suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
ad.adriver.ru/cgi-bin/erle.cgi?sid=6441&bn=1&target=top&bt=2&pz=0&rnd=1562128567 benign
[nothing detected] (iframe) ad.adriver.ru/cgi-bin/erle.cgi?sid=6441&bn=1&target=top&bt=2&pz=0&rnd=1562128567
     status: (referer=www.kulichki.com/)saved 821 bytes bb983cd4593a5228e8f229ebbd81005a763d67e6
     info: [iframe] masterh7.adriver.ru/images/0000282/0000282891/0/index.html?params=rhost%3Dad.adriver.ru%26sid%3D6441%26ad%3D125026%26bid%3D282891%26ntype%3D4%26pass%3D%26bt%3D2%26pz%3D0%26bn%3D1%26width%3D100%26height%3D100%26rnd%3D1562128567%26geozoneid%3D288%26rleurl%3Dhttp:/www.bereg.ru/games/club/club.shtml%26target%3D_blank%26sliceid%3D31690%26uid%3D0
     info: [iframe] content.adriver.ru/banners/0002186/0002186173/0/0.html?6441&125026&0&1&0&1562128567&0&0&html
     file: bb983cd4593a5228e8f229ebbd81005a763d67e6: 821 bytes

Decoded Files
bb98/3cd4593a5228e8f229ebbd81005a763d67e6 from ad.adriver.ru/cgi-bin/erle.cgi?sid=6441&bn=1&target=top&bt=2&pz=0&rnd=1562128567 (821 bytes, 13 hidden) download


rotabanner.kulichki.com/cgi-bin/iframe/ benign
[nothing detected] (iframe) rotabanner.kulichki.com/cgi-bin/iframe/
     status: (referer=www.kulichki.com/)saved 177 bytes 41d4f75127011fe9c431c135ee54c9d159e42e78
     file: 41d4f75127011fe9c431c135ee54c9d159e42e78: 177 bytes

Decoded Files
41d4/f75127011fe9c431c135ee54c9d159e42e78 from rotabanner.kulichki.com/cgi-bin/iframe/ (177 bytes) download


phonecards.kulichki.com/rate.php/i-ua,kz,ar,az,ca,ee,lt?style=1 benign
[nothing detected] (script) phonecards.kulichki.com/rate.php/i-ua,kz,ar,az,ca,ee,lt?style=1
     status: (referer=www.kulichki.com/)saved 2568 bytes 17e17ca79a3fe5d2d97aed6e8694e19d76abe850
     info: [img] www.pushline.com/cg/flags/ua.gif
     info: [img] www.pushline.com/cg