jsunpack - a generic JavaScript unpacker

mpsnare.iesnare.com/snare.js suspicious

[suspicious:5] (ipaddr:74.121.30.151) mpsnare.iesnare.com/snare.js
status: (referer=http:/twitter.com/trends/)saved 31596 bytes f26c0e69e4c7766a72513a770bc399061780830a
info: [embed] mpsnare.iesnare.com/
info: [decodingLevel=0] found JavaScript
suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Binary Threshold
info: [setAttribute src] URL=mpsnare.iesnare.com/script/logo.js
info: [decodingLevel=1] found JavaScript
info: file: saved mpsnare.iesnare.com/snare.js to (f26c0e69e4c7766a72513a770bc399061780830a)
file: f26c0e69e4c7766a72513a770bc399061780830a: 31596 bytes
file: db3e730c998132a55c220c41ff53e445ca9d98ea: 627 bytes

Decoded Files

f26c/0e69e4c7766a72513a770bc399061780830a from mpsnare.iesnare.com/snare.js (31596 bytes) download

/* Copyright(c) 2011, iovation, inc. All rights reserved. Version: 3.1.1 */ window.io_last_error="";function __if_a(){return window.io_last_error;}function __if_b(_if_ey){window.io_last_error=_if_ey;}function __if_c(_if_ey,_if_ez){var _i_a=_if_ez.toString();if(_if_ez instanceof Error&&typeof(_if_ez.description)!='undefined')_i_a=_if_ez.description;window.io_last_error=_if_ey+" "+_i_a;}function __if_d(_if_fa,_i_eu){if(typeof(window.io_bbout_element_id)=="undefined"){__if_b("io_bbout_element_id is not defined");return;}var _i_b=_i_aa.getElementById(window.io_bbout_element_id);_i_b["value"]=_if_fa;}function __if_e(_if_fa,_if_fb){var _i_c=(typeof(window.io_bb_callback)!="undefined")?window.io_bb_callback:__if_d;_i_c(_if_fa,_if_fb);}var _i_d={__if_p:function(_if_fc){return _if_fc.getUTCFullYear()+"/"+this.__if_ad((_if_fc.getUTCMonth()+1),2)+"/"+this.__if_ad(_if_fc.getUTCDate(),2)+" "+this.__if_ad(_if_fc.getUTCHours(),2)+":"+this.__if_ad(_if_fc.getUTCMinutes(),2)+":"+this.__if_ad(_if_fc.getUTCSeconds(),2);},__if_r:function(_if_fd,_i_m){var _i_e=_if_fd.toString(16);return(_i_m)?this.__if_ad(_i_e,_i_m):_i_e;},__if_u:function(_i_bz){var _i_f="";for(var _i_g=0;_i_g<_i_bz.length;_i_g++){var _i_h=_i_bz.charCodeAt(_i_g);if(_i_h>=56320&&_i_h<57344)continue;if(_i_h>=55296&&_i_h<56320){if(_i_g+1>=_i_bz.length)continue;var _i_i=_i_bz.charCodeAt(++_i_g);if(_i_i<56320||_i_h>=56832)continue;_i_h=((_i_h-55296)<<10)+(s-56320)+65536;}if(_i_h<128)_i_f+=String.fromCharCode(_i_h);else if(_i_h<2048)_i_f+=String.fromCharCode(192+(_i_h>>6),128+(_i_h&63));else if(_i_h<65536)_i_f+=String.fromCharCode(224+(_i_h>>12),128+((_i_h>>6)&63),128+(_i_h&63));else _i_f+=String.fromCharCode(240+(_i_h>>18),128+((_i_h>>12)&63),128+((_i_h>>6)&63),128+(_i_h&63));}return _i_f;},__if_y:function(_if_fe){if(typeof(encodeURIComponent)=="function")return encodeURIComponent(_if_fe);var _i_j=this.__if_u(_if_fe);var _i_f="";for(var _i_g=0;_i_g<_i_j.length;_i_g++){var _i_k=_i_j.charAt(_i_g);var _i_l=new RegExp("[a-zA-Z0-9-_.!~*'()]");_i_f+=(_i_l.test(_i_k)==-1)?"%"+this.__if_r(_i_k.charCodeAt(0)):_i_k;}return _i_f;},__if_ad:function(_i_bz,_if_ff){var _i_m="";var _i_n=_if_ff-_i_bz.length;while(_i_m.length<_i_n)_i_m+="0";return _i_m+_i_bz;}};var _i_o={_i_ej:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",__if_aj:function(_i_bz){var _i_e="";for(var _i_g=0;_i_g<_i_bz.length;_i_g+=3){var _i_p=_i_bz.charCodeAt(_i_g);var _i_q=_i_bz.charCodeAt(_i_g+1);var _i_r=_i_bz.charCodeAt(_i_g+2);var _i_s=_i_p>>2;var _i_t=((_i_p&3)<<4)|(_i_q>>4);var _i_u=((_i_q&15)<<2)|(_i_r>>6);var _i_v=_i_r&63;if(isNaN(_i_q)){_i_u=_i_v=64;}else if(isNaN(_i_r)){_i_v=64;}_i_e=_i_e+this._i_ej.charAt(_i_s)+this._i_ej.charAt(_i_t)+this._i_ej.charAt(_i_u)+this._i_ej.charAt(_i_v);}return _i_e;},__if_aq:function(_i_bz){var _i_w="";var _i_x,chr2,chr3="";var _i_s,_i_t,_i_u,_i_v="";var _i_g=0;var _i_y=/[^A-Za-z0-9\+\/\=]/g;if(_i_y.exec(_i_bz))return "";do{_i_s=this._i_ej.indexOf(_i_bz.charAt(_i_g++));_i_t=this._i_ej.indexOf(_i_bz.charAt(_i_g++));_i_u=this._i_ej.indexOf(_i_bz.charAt(_i_g++));_i_v=this._i_ej.indexOf(_i_bz.charAt(_i_g++));_i_x=(_i_s<<2)|(_i_t>>4);chr2=((_i_t&15)<<4)|(_i_u>>2);chr3=((_i_u&3)<<6)|_i_v;_i_w=_i_w+String.fromCharCode(_i_x);if(_i_u!=64)_i_w=_i_w+String.fromCharCode(chr2);if(_i_v!=64)_i_w=_i_w+String.fromCharCode(chr3);_i_x=chr2=chr3="";_i_s=_i_t=_i_u=_i_v="";}while(_i_g<_i_bz.length);return _i_w;}};var _i_z={_i_ek:false,_i_el:12,_i_em:false,_i_en:"",_i_eo:"",_i_ep:true};if(typeof(window.io_install_stm)!="boolean")window.io_install_stm=_i_z._i_ek;if(typeof(window.io_install_flash)!="boolean")window.io_install_flash=_i_z._i_em;if(typeof(window.io_exclude_stm)!="number")window.io_exclude_stm=_i_z._i_el;if(window.io_stm_cab_url===undefined)window.io_stm_cab_url=_i_o.__if_aq("aHR0cHM6Ly9tcHNuYXJlLmllc25hcmUuY29t")+"/StmOCX.cab";if(window.io_install_stm_error_handler===undefined)window.io_install_stm_error_handler=_i_z._i_en;if(window.io_flash_needs_update_handler===undefined)window.io_flash_needs_update_handler=_i_z._i_eo;if(typeof(window.io_enable_rip)!="boolean")window.io_enable_rip=_i_z._i_ep;var _i_aa={getElementById:function(_if_fg){if(_if_fg===undefined)return null;if(typeof(_if_fg)=="object"&&_if_fg.tagName)return _if_fg;if(document.all&&document.getElementsByName){var _i_ab=document.getElementsByName(_if_fg);for(var _i_g=0;_i_g<_i_ab.length;_i_g++)if(_i_ab[_i_g]._i_dc&&_i_ab[_i_g]._i_dc==_if_fg)return _i_ab[_i_g];}if(document.getElementById)return document.getElementById(_if_fg);return null;}};var _i_ac={__if_az:function(_if_fh,_if_ey){var _i_ad=[0x1010400,0,0x10000,0x1010404,0x1010004,0x10404,0x4,0x10000,0x400,0x1010400,0x1010404,0x400,0x1000404,0x1010004,0x1000000,0x4,0x404,0x1000400,0x1000400,0x10400,0x10400,0x1010000,0x1010000,0x1000404,0x10004,0x1000004,0x1000004,0x10004,0,0x404,0x10404,0x1000000,0x10000,0x1010404,0x4,0x1010000,0x1010400,0x1000000,0x1000000,0x400,0x1010004,0x10000,0x10400,0x1000004,0x400,0x4,0x1000404,0x10404,0x1010404,0x10004,0x1010000,0x

db3e/730c998132a55c220c41ff53e445ca9d98ea from mpsnare.iesnare.com/snare.js (627 bytes, 125 hidden) download

Submission permanent link c76f7e446f040ff5c262d1f27a8e8f1c591c7c50 (Received 2012-05-10 10:07:25, mpsnare.iesnare.com/snare.js )

All Malicious or Suspicious Elements of Submission

URL	Status
mpsnare.iesnare.com/snare.js	saved 31596 bytes f26c0e69e4c7766a72513a770bc399061780830a