JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link 4c2db81279caf285a90e535a5cec14f7ed1ce04b (Received 2017-04-17 03:37:29, 00601560.pdf )

URLStatus

All Malicious or Suspicious Elements of Submission

malicious: Utilprintf CVE-2008-2992 detected
malicious: collectEmailInfo CVE-2007-5659 detected
malicious: CollabgetIcon CVE-2009-0927 detected
suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Length 65536 /warning CVE-NO-MATCH Shellcode NOP len 253 /warning CVE-NO-MATCH Shellcode NOP len 9999 /warning CVE-NO-MATCH Shellcode NOP len 261899 /warning CVE-NO-MATCH Shellcode NOP len 231 /warning CVE-NO-MATCH Shellcode Engine Binary Threshold
malicious: shellcode of length 307/231
malicious: shellcode URL=search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=3
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
suspicious: Warning detected /warning CVE-NO-MATCH Shellcode NOP len 261899 /warning CVE-NO-MATCH Shellcode NOP len 231 /warning CVE-NO-MATCH Shellcode Engine Binary Threshold /warning CVE-NO-MATCH Shellcode Engine Length 65536 /warning CVE-NO-MATCH Shellcode NOP len 253 /warning CVE-NO-MATCH Shellcode NOP len 9999
search-network-plus.com/px.js?ch=1 benign
[nothing detected] (script) search-network-plus.com/px.js?ch=1
     status: (referer=search-network-plus.com/?fp=ggnqzw/RBrr691qrL1bcsd/JwpWTL/irrQpkm/1bfuFmVIVSHCH/jjJVfWdSnA7Mw7Drn7pd472W6gaoqXbSNQ==&prvtof=4C/8xI71lT8KdcRtyMT5pELXnjMARVfxKZWKze6mRSdkZna3TeIVZiG9yqqODLxGDPH83rbSozWfSUOK7p3Dig==&poru=18StFVcTbesTCYhQt/InHBqom7AZa5n5SEbT6CDtrrXMqt41Z0OjlkR4qn6t37E8m7eB+ITssPDtdimFg8/CjJBJyNz2l8zSziqMsAAb5yM=&a=a&st=Internet)saved 346 bytes 9c2c50edcf576453ccc07bf65668bd23c76e8663
     file: 9c2c50edcf576453ccc07bf65668bd23c76e8663: 346 bytes

Decoded Files
9c2c/50edcf576453ccc07bf65668bd23c76e8663 from search-network-plus.com/px.js?ch=1 (346 bytes) download


search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=3 benign
[nothing detected] (shellcode) search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=3
     status: (referer=http:/www.ask.com/web?q=puppies)saved 3198 bytes 00572dc9fb0e245cde3849e31dca8fe1c6a4a52c
     info: [frame] search-network-plus.com/?fp=ggnqzw%2FRBrr691qrL1bcsd%2FJwpWTL%2FirrQpkm%2F1bfuFmVIVSHCH%2FjjJVfWdSnA7Mw7Drn7pd472W6gaoqXbSNQ%3D%3D&prvtof=4C%2F8xI71lT8KdcRtyMT5pELXnjMARVfxKZWKze6mRSdkZna3TeIVZiG9yqqODLxGDPH83rbSozWfSUOK7p3Dig%3D%3D&poru=18StFVcTbesTCYhQt%2FInHBqom7AZa5n5SEbT6CDtrrXMqt41Z0OjlkR4qn6t37E8m7eB%2BITssPDtdimFg8%2FCjJBJyNz2l8zSziqMsAAb5yM%3D&a=a&st=Internet
     file: 00572dc9fb0e245cde3849e31dca8fe1c6a4a52c: 3198 bytes

Decoded Files
0057/2dc9fb0e245cde3849e31dca8fe1c6a4a52c from search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=3 (3198 bytes, 134 hidden) download


search-network-plus.com/px.js?ch=2 benign
[nothing detected] (script) search-network-plus.com/px.js?ch=2
     status: (referer=search-network-plus.com/?fp=ggnqzw/RBrr691qrL1bcsd/JwpWTL/irrQpkm/1bfuFmVIVSHCH/jjJVfWdSnA7Mw7Drn7pd472W6gaoqXbSNQ==&prvtof=4C/8xI71lT8KdcRtyMT5pELXnjMARVfxKZWKze6mRSdkZna3TeIVZiG9yqqODLxGDPH83rbSozWfSUOK7p3Dig==&poru=18StFVcTbesTCYhQt/InHBqom7AZa5n5SEbT6CDtrrXMqt41Z0OjlkR4qn6t37E8m7eB+ITssPDtdimFg8/CjJBJyNz2l8zSziqMsAAb5yM=&a=a&st=Internet)saved 346 bytes 9c2c50edcf576453ccc07bf65668bd23c76e8663
     file: 9c2c50edcf576453ccc07bf65668bd23c76e8663: 346 bytes

Decoded Files
9c2c/50edcf576453ccc07bf65668bd23c76e8663 from search-network-plus.com/px.js?ch=2 (346 bytes) download


i3.cdn-image.com/___/pics/7417/png.js benign
[nothing detected] (script) i3.cdn-image.com/___/pics/7417/png.js
     status: (referer=search-network-plus.com/?fp=ggnqzw/RBrr691qrL1bcsd/JwpWTL/irrQpkm/1bfuFmVIVSHCH/jjJVfWdSnA7Mw7Drn7pd472W6gaoqXbSNQ==&prvtof=4C/8xI71lT8KdcRtyMT5pELXnjMARVfxKZWKze6mRSdkZna3TeIVZiG9yqqODLxGDPH83rbSozWfSUOK7p3Dig==&poru=18StFVcTbesTCYhQt/InHBqom7AZa5n5SEbT6CDtrrXMqt41Z0OjlkR4qn6t37E8m7eB+ITssPDtdimFg8/CjJBJyNz2l8zSziqMsAAb5yM=&a=a&st=Internet)saved 6690 bytes f30201caf8b122e7cfa6d7e0d8325063fb6892ec
     file: f30201caf8b122e7cfa6d7e0d8325063fb6892ec: 6690 bytes

Decoded Files
f302/01caf8b122e7cfa6d7e0d8325063fb6892ec from i3.cdn-image.com/___/pics/7417/png.js (6690 bytes, 4 hidden) download


search-network-plus.com/?fp=ggnqzw/RBrr691qrL1bcsd/JwpWTL/irrQpkm/1bfuFmVIVSHCH/jjJVfWdSnA7Mw7Drn7pd472W6gaoqXbSNQ==&prvtof=4C/8xI71lT8KdcRtyMT5pELXnjMARVfxKZWKze6mRSdkZna3TeIVZiG9yqqODLxGDPH83rbSozWfSUOK7p3Dig==&poru=18StFVcTbesTCYhQt/InHBqom7AZa5n5SEbT6 benign
[nothing detected] (frame) search-network-plus.com/?fp=ggnqzw/RBrr691qrL1bcsd/JwpWTL/irrQpkm/1bfuFmVIVSHCH/jjJVfWdSnA7Mw7Drn7pd472W6gaoqXbSNQ==&prvtof=4C/8xI71lT8KdcRtyMT5pELXnjMARVfxKZWKze6mRSdkZna3TeIVZiG9yqqODLxGDPH83rbSozWfSUOK7p3Dig==&poru=18StFVcTbesTCYhQt/InHBqom7AZa5n5SEbT6CDtrrXMqt41Z0OjlkR4qn6t37E8m7eB+ITssPDtdimFg8/CjJBJyNz2l8zSziqMsAAb5yM=&a=a&st=Internet
     status: (referer=search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=3)saved 19528 bytes d634d5ea6916df5f19fe72996028a8deeae10663
     info: [script] search-network-plus.com/px.js?ch=1
     info: [script] search-network-plus.com/px.js?ch=2
     info: [script] i3.cdn-image.com/___/js/min.js?v1.9
     info: [img] i1.cdn-image.com/___/pics/8243/logo.png
     info: [script] i3.cdn-image.com/___/pics/7417/png.js
     file: d634d5ea6916df5f19fe72996028a8deeae10663: 19528 bytes

Decoded Files
d634/d5ea6916df5f19fe72996028a8deeae10663 from search-network-plus.com/?fp=ggnqzw/RBrr691qrL1bcsd/JwpWTL/irrQpkm/1bfuFmVIVSHCH/jjJVfWdSnA7Mw7Drn7pd472W6gaoqXbSNQ==&prvtof=4C/8xI71lT8KdcRtyMT5pELXnjMARVfxKZWKze6mRSdkZna3TeIVZiG9yqqODLxGDPH83rbSozWfSUOK7p3Dig==&poru=18StFVcTbesTCYhQt/InHBqom7AZa5n5SEbT6 (19528 bytes, 812 hidden) download


i3.cdn-image.com/___/js/min.js?v1.9 benign
[nothing detected] (script) i3.cdn-image.com/___/js/min.js?v1.9
     status: (referer=search-network-plus.com/?fp=ggnqzw/RBrr691qrL1bcsd/JwpWTL/irrQpkm/1bfuFmVIVSHCH/jjJVfWdSnA7Mw7Drn7pd472W6gaoqXbSNQ==&prvtof=4C/8xI71lT8KdcRtyMT5pELXnjMARVfxKZWKze6mRSdkZna3TeIVZiG9yqqODLxGDPH83rbSozWfSUOK7p3Dig==&poru=18StFVcTbesTCYhQt/InHBqom7AZa5n5SEbT6CDtrrXMqt41Z0OjlkR4qn6t37E8m7eB+ITssPDtdimFg8/CjJBJyNz2l8zSziqMsAAb5yM=&a=a&st=Internet)saved 8637 bytes 08a910093f0bd0f0bacfa68b3a4464ae8f08cf9b
     file: 08a910093f0bd0f0bacfa68b3a4464ae8f08cf9b: 8637 bytes

Decoded Files
08a9/10093f0bd0f0bacfa68b3a4464ae8f08cf9b from i3.cdn-image.com/___/js/min.js?v1.9 (8637 bytes, 4 hidden) download


upload malicious
[malicious:10] [PDF] upload
     info: [decodingLevel=0] JavaScript in PDF 84009 bytes, with 87 bytes headers
     info: [decodingLevel=1] found JavaScript
     malicious: Utilprintf CVE-2008-2992 detected
     malicious: collectEmailInfo CVE-2007-5659 detected
     malicious: CollabgetIcon CVE-2009-0927 detected
     suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Length 65536 /warning CVE-NO-MATCH Shellcode NOP len 253 /warning CVE-NO-MATCH Shellcode NOP len 9999 /warning CVE-NO-MATCH Shellcode NOP len 261899 /warning CVE-NO-MATCH Shellcode NOP len 231 /warning CVE-NO-MATCH Shellcode Engine Binary Threshold
     malicious: shellcode of length 307/231
     malicious: shellcode URL=search-network-plus.com/load.php?a=a&st=Internet Explorer 6.0&e=3
     info: [decodingLevel=2] found JavaScript
     error: undefined function sly
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
     info: Decoding option app.viewerVersion=8.0,      1106 bytes
     info: Decoding option app.viewerVersion=9.1,      0 bytes
     info: Decoding option app.viewerVersion=,      1649 bytes
     suspicious: Warning detected /warning CVE-NO-MATCH Shellcode NOP len 261899 /warning CVE-NO-MATCH Shellcode NOP len 231 /warning CVE-NO-MATCH Shellcode Engine Binary Threshold /warning CVE-NO-MATCH Shellcode Engine Length 65536 /warning CVE-NO-MATCH Shellcode NOP len 253 /warning CVE-NO-MATCH Shellcode NOP len 9999
     info: file: saved upload to (6045554853a61681d7264260cdd1072bbdc113ac)
     file: 6045554853a61681d7264260cdd1072bbdc113ac: 607083 bytes
     file: 6d364e74f510fb513547ab20cc9520a429e2b5e2: 84096 bytes
     file: 5494d4abd36dd1e91f2f3e47de24af065bccf880: 6784 bytes
     file: be7f8a77f560360e6ba0956f7f0855f26ce3e9a4: 307 bytes
     file: 66e47054b4f6401dbfb29ccf2366c3da29196f14: 6925 bytes
     file: 197c34c4f8fce9ef026fd33602faa7200e5391a6: 1649 bytes

Decoded Files
6045/554853a61681d7264260cdd1072bbdc113ac from upload (607083 bytes, 501889 hidden) download

6d36/4e74f510fb513547ab20cc9520a429e2b5e2 from upload (84096 bytes, 87 hidden) download

5494/d4abd36dd1e91f2f3e47de24af065bccf880 from upload (6784 bytes) download

be7f/8a77f560360e6ba0956f7f0855f26ce3e9a4 from upload (307 bytes, 127 hidden) download

66e4/7054b4f6401dbfb29ccf2366c3da29196f14 from upload (6925 bytes, 141 hidden) download

197c/34c4f8fce9ef026fd33602faa7200e5391a6 from upload (1649 bytes) download