JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link 2e999ae3663a9db0af59040588fdce31ad99dee2 (Received 2018-08-11 01:47:53, script )

URLStatus
127.0.0.1/

xmlhttp/ status: (referer=http:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -2] Name or service not known>

.comQ/ status: (referer=http:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -2] Name or service not known>

https/ status: (referer=http:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -2] Name or service not known>

All Malicious or Suspicious Elements of Submission

suspicious: shellcode of length 12949/12992
malicious: shellcode URL=https
malicious: XOR key [shellcode]: 14
malicious: shellcode [xor] URL=.comQ
malicious: XOR key [shellcode]: 32
malicious: shellcode [xor] URL=xmlhttp
script malicious
[malicious:10] script
     info: [decodingLevel=0] found JavaScript
     error: undefined variable document.getElementsByTagName("head")[0]
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var document.getElementsByTagName("head")[0] = 1;
          error: line:1: ....^
     info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
     suspicious: shellcode of length 12949/12992
     malicious: shellcode URL=https
     malicious: XOR key [shellcode]: 14
     malicious: shellcode [xor] URL=.comQ
     malicious: XOR key [shellcode]: 32
     malicious: shellcode [xor] URL=xmlhttp
     info: DecodedIframe detected
     info: [element] URL=directss.jp-bank.japanpost.jp/ig.json
     info: [iframe] 127.0.0.1/
     info: [decodingLevel=1] found JavaScript
     error: undefined variable sh
     error: undefined function s.replace
     error: undefined variable s
     info: file: saved script to (acbed036a856e7151c90927aa9dc67a7e86fcf5d)
     file: acbed036a856e7151c90927aa9dc67a7e86fcf5d: 38981 bytes
     file: b26c948d30c5098b74281bee72c16c9ae602db58: 51684 bytes
     file: 638e9ee3948cd94aefc5c275bee497db7b8e1a03: 12949 bytes

Decoded Files
acbe/d036a856e7151c90927aa9dc67a7e86fcf5d from script (38981 bytes) download

b26c/948d30c5098b74281bee72c16c9ae602db58 from script (51684 bytes) download

638e/9ee3948cd94aefc5c275bee497db7b8e1a03 from script (12949 bytes) download


directss.jp-bank.japanpost.jp/ig.json benign
[nothing detected] (element) directss.jp-bank.japanpost.jp/ig.json
     status: (referer=http:/www.ask.com/web?q=puppies)saved 79 bytes 07daa324b0eaa51cd26c7cf7097e750d996d1c00
     info: [decodingLevel=0] found JavaScript
     error: undefined variable loadpljs
     error: undefined function loadpljs
     file: 07daa324b0eaa51cd26c7cf7097e750d996d1c00: 79 bytes

Decoded Files
07da/a324b0eaa51cd26c7cf7097e750d996d1c00 from directss.jp-bank.japanpost.jp/ig.json (79 bytes) download