JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link f86bbc935ba7a4acfd3ddc608207bf7e47c5d749 (Received 2013-07-04 13:25:48, http://www.kulichki.com/ )

URLStatus
www.kulichki.com/ saved 41279 bytes 13a0f2c01631765eb14d7490a640caedb1257db2

ad.adriver.ru/cgi-bin/undefined/masterh7.adriver.ru/images/0002636/0002636408/0/script.js?0 status: (referer=ad.adriver.ru/cgi-bin/erle.cgi?sid=4107&bt=49&target=blank&tail256=)

www.business.lbn.ru/jslib/m.js status: (referer=www.business.lbn.ru/cgi-bin/iframe/)

www.business.lbn.ru/cgi-bin/iframe/old-kulichki status: (referer=www.kulichki.com/)

ad.adriver.ru/cgi-bin/erle.cgi?sid=6441&bn=2&target=top&bt=2&pz=0&rnd=890500084 status: (referer=www.kulichki.com/)

content.adriver.ru/banners/0002186/0002186173/0/0.html?6441&125026&0&1&0&1562128567&0&0&html status: (referer=ad.adriver.ru/cgi-bin/erle.cgi?sid=6441&bn=1&target=top&bt=2&pz=0&rnd=1562128567)

ad.adriver.ru/cgi-bin/ status: (referer=ad.adriver.ru/cgi-bin/erle.cgi?sid=4107?target=blank?bt=16?pz=0?rnd=)

ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js status: (referer=www.business.lbn.ru/cgi-bin/iframe/)

ad.adriver.ru/cgi-bin/undefined/edp2.adriver.ru/images/0001411/0001411982/0/script.js?0 status: (referer=ad.adriver.ru/cgi-bin/erle.cgi?sid=4107?target=blank?bt=16?pz=0?rnd=)

ad.adriver.ru/cgi-bin/click.cgi?sid=4107&ad=277531&bid=1411982&bt=16&bn=0&pz=0&nid=0&ref=http:/www.kulichki.com/&custom=&xpid=BATLYEq3sVpfiGAISsj17V5ZHajs status: (referer=ad.adriver.ru/cgi-bin/erle.cgi?sid=4107?target=blank?bt=16?pz=0?rnd=)

ad.adriver.ru/cgi-bin/click.cgi?sid=4107&ad=277531&bid=2636408&bt=49&bn=0&pz=0&nid=0&ref=http:/www.kulichki.com/&custom=&xpid=BMymQ3grZaOOeCd7KedBDgrMciy0 status: (referer=ad.adriver.ru/cgi-bin/erle.cgi?sid=4107&bt=49&target=blank&tail256=)

click.readme.ru/informer/htm/21366.htm status: (referer=www.business.lbn.ru/cgi-bin/iframe/)

content.a/ status: (referer=ad.adriver.ru/cgi-bin/erle.cgi?sid=4107?target=blank?bt=16?pz=0?rnd=)

masterh7.adriver.ru/images/0000282/0000282891/0/index.html?params=rhost=ad.adriver.ru&sid=6441&ad=125026&bid=282891&ntype=4&pass=&bt=2&pz=0&bn=1&width=100&height=100&rnd=1562128567&geozoneid=288&rleurl=http:/www.bereg.ru/games/club/club.shtml& status: (referer=ad.adriver.ru/cgi-bin/erle.cgi?sid=6441&bn=1&target=top&bt=2&pz=0&rnd=1562128567)

content.adriver.ru/banners/0002186/0002186173/0/0.html?4107&277531&0&1&0&0&1&0&javascript status: (referer=ad.adriver.ru/cgi-bin/erle.cgi?sid=4107?target=blank?bt=16?pz=0?rnd=)

All Malicious or Suspicious Elements of Submission

suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
ad.adriver.ru/cgi-bin/erle.cgi?sid=6441&bn=1&target=top&bt=2&pz=0&rnd=1562128567 benign
[nothing detected] (iframe) ad.adriver.ru/cgi-bin/erle.cgi?sid=6441&bn=1&target=top&bt=2&pz=0&rnd=1562128567
     status: (referer=www.kulichki.com/)saved 821 bytes bb983cd4593a5228e8f229ebbd81005a763d67e6
     info: [iframe] masterh7.adriver.ru/images/0000282/0000282891/0/index.html?params=rhost%3Dad.adriver.ru%26sid%3D6441%26ad%3D125026%26bid%3D282891%26ntype%3D4%26pass%3D%26bt%3D2%26pz%3D0%26bn%3D1%26width%3D100%26height%3D100%26rnd%3D1562128567%26geozoneid%3D288%26rleurl%3Dhttp:/www.bereg.ru/games/club/club.shtml%26target%3D_blank%26sliceid%3D31690%26uid%3D0
     info: [iframe] content.adriver.ru/banners/0002186/0002186173/0/0.html?6441&125026&0&1&0&1562128567&0&0&html
     file: bb983cd4593a5228e8f229ebbd81005a763d67e6: 821 bytes

Decoded Files
bb98/3cd4593a5228e8f229ebbd81005a763d67e6 from ad.adriver.ru/cgi-bin/erle.cgi?sid=6441&bn=1&target=top&bt=2&pz=0&rnd=1562128567 (821 bytes, 13 hidden) download


rotabanner.kulichki.com/cgi-bin/iframe/ benign
[nothing detected] (iframe) rotabanner.kulichki.com/cgi-bin/iframe/
     status: (referer=www.kulichki.com/)saved 177 bytes 41d4f75127011fe9c431c135ee54c9d159e42e78
     file: 41d4f75127011fe9c431c135ee54c9d159e42e78: 177 bytes

Decoded Files
41d4/f75127011fe9c431c135ee54c9d159e42e78 from rotabanner.kulichki.com/cgi-bin/iframe/ (177 bytes) download


phonecards.kulichki.com/rate.php/i-ua,kz,ar,az,ca,ee,lt?style=1 benign
[nothing detected] (script) phonecards.kulichki.com/rate.php/i-ua,kz,ar,az,ca,ee,lt?style=1
     status: (referer=www.kulichki.com/)saved 2568 bytes 17e17ca79a3fe5d2d97aed6e8694e19d76abe850
     info: [img] www.pushline.com/cg/flags/ua.gif
     info: [img] www.pushline.com/cg/flags/kz.gif
     info: [img] www.pushline.com/cg/flags/ar.gif
     info: [img] www.pushline.com/cg/flags/az.gif
     info: [img] www.pushline.com/cg/flags/ca.gif
     info: [img] www.pushline.com/cg/flags/ee.gif
     info: [img] www.pushline.com/cg/flags/lt.gif
     file: 17e17ca79a3fe5d2d97aed6e8694e19d76abe850: 2568 bytes

Decoded Files
17e1/7ca79a3fe5d2d97aed6e8694e19d76abe850 from phonecards.kulichki.com/rate.php/i-ua,kz,ar,az,ca,ee,lt?style=1 (2568 bytes) download


www.business.lbn.ru/cgi-bin/iframe/ benign
[nothing detected] (iframe) www.business.lbn.ru/cgi-bin/iframe/
     status: (referer=www.kulichki.com/)saved 29379 bytes 2c020f81636dcddac0cfab63cc231ebc63a91a7b
     info: [script] ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js
     info: [script] www.business.lbn.ru/jslib/m.js
     info: [img] www.business.lbn.ru/skin/img/logo.png
     info: [iframe] click.readme.ru/informer/htm/21366.htm
     info: [img] counter.yadro.ru/hit?r
     info: [img]
     info: [img] count.rbc.ru/p567.gif
     info: [img] www.tns-counter.ru/V13a****ru/ru/UTF-8/tmsec=total/
     info: [img] img.readme.ru/news/200/60/c8/79413e6161d5cf84c62569e24426.jpg
     info: [img] img.readme.ru/news/200/31/2a/87a25dff3b668eceaa63cd2a5865.jpg
     info: [img] img.readme.ru/news/200/27/dd/9151f946e35d6e3381a59e6d15c7.jpg
     info: [img] img.readme.ru/news/200/f8/98/20cd4d15bc06839cfdc814a0d6d9.jpg
     info: [img] img.readme.ru/news/200/14/96/4bf76b2d05e76cbe6f05e2cc6149.jpg
     info: [img] img.readme.ru/news/200/d0/70/1e390243041141b5fea125511e47.jpg
     info: [img] counter.yadro.ru/logo?53.1
     info: [decodingLevel=0] found JavaScript
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
     file: 2c020f81636dcddac0cfab63cc231ebc63a91a7b: 29379 bytes
     file: a5ab1af01be5330829c636499369ab5fa4c71f46: 19991 bytes
     file: 90423742ac02071a60668d95571f66fb19226876: 19997 bytes
     file: c0832359d37e1f6b23acad5c1c7a3af2d60efe54: 20206 bytes
     file: 95425ed83b53c98f08c91ef6a2ee5bbdbec26b4a: 20398 bytes
     file: 147b44a3db371b2ef5940d785d61740a4f1d2eb7: 20112 bytes
     file: a91b9b5789b970eae31d6677ab614b8dbb3b552c: 20236 bytes
     file: f03c79bc9319fd13192dc7e814dda0505ec5bc5f: 29603 bytes
     file: 975601f4675f6dfce7493179a042571e7094beec: 29609 bytes
     file: 052f8b01a4ecca809c22f8b372c57997079eac09: 29818 bytes
     file: 2bc070e0908b36fa0bf983984f1db2e150eb6b3f: 30010 bytes
     file: 2e51849664b4dc1cde311658caf25b86b0ca2953: 29724 bytes
     file: 6de7412b68abcbd7035203ad0ec3ec61d08a26f3: 29848 bytes

Decoded Files
2c02/0f81636dcddac0cfab63cc231ebc63a91a7b from www.business.lbn.ru/cgi-bin/iframe/ (29379 bytes, 8954 hidden) download

a5ab/1af01be5330829c636499369ab5fa4c71f46 from www.business.lbn.ru/cgi-bin/iframe/ (19991 bytes, 335 hidden) download

9042/3742ac02071a60668d95571f66fb19226876 from www.business.lbn.ru/cgi-bin/iframe/ (19997 bytes, 335 hidden) download

c083/2359d37e1f6b23acad5c1c7a3af2d60efe54 from www.business.lbn.ru/cgi-bin/iframe/ (20206 bytes, 335 hidden) download