JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link 892857bffe70f142f0b35679207d4bce9d5214c3 (Received 2018-10-12 01:53:11, ffe8db8803d5ead7a7c4d4dfd393e4601a91b867 )

URLStatus

All Malicious or Suspicious Elements of Submission

suspicious: Warning detected /warning CVE-NO-MATCH Shellcode NOP len 9295 /warning CVE-NO-MATCH Shellcode Engine Binary Threshold /warning CVE-NO-MATCH Shellcode Engine Length 65536
malicious: shellcode of length 1305/104845199
malicious: shellcode URL=robsearch.info/tre/lena.exe/yH43995f87V0100f080006R00000000102T0f676fdc201l0409329
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
upload malicious
[malicious:8] [PDF] upload
     info: [decodingLevel=0] JavaScript in PDF 8546 bytes, with 16860 bytes headers
     info: [decodingLevel=1] found JavaScript
     info: Decoding option app.viewerVersion=9.1 and app.viewerVersion=8.0,      15263 bytes
     info: Decoding option app.viewerVersion= and app.viewerVersion=7.0,      22 bytes
     suspicious: Warning detected /warning CVE-NO-MATCH Shellcode NOP len 9295 /warning CVE-NO-MATCH Shellcode Engine Binary Threshold /warning CVE-NO-MATCH Shellcode Engine Length 65536
     malicious: shellcode of length 1305/104845199
     malicious: shellcode URL=robsearch.info/tre/lena.exe/yH43995f87V0100f080006R00000000102T0f676fdc201l0409329
     info: [2] no JavaScript
     info: file: saved upload to (ffe8db8803d5ead7a7c4d4dfd393e4601a91b867)
     file: ffe8db8803d5ead7a7c4d4dfd393e4601a91b867: 14961 bytes
     file: 818ef0416480e3f83c8d1a1d4f0043a0814a98d0: 25406 bytes
     file: 5ae8c5080d37833fc5994f98012ab3d8ccd2ac23: 15263 bytes
     file: b86132f12e9a883a352e4ee6b22bc5115e5a25e4: 1305 bytes

Decoded Files
ffe8/db8803d5ead7a7c4d4dfd393e4601a91b867 from upload (14961 bytes, 2219 hidden) download

818e/f0416480e3f83c8d1a1d4f0043a0814a98d0 from upload (25406 bytes, 16860 hidden) download

5ae8/c5080d37833fc5994f98012ab3d8ccd2ac23 from upload (15263 bytes) download

b861/32f12e9a883a352e4ee6b22bc5115e5a25e4 from upload (1305 bytes, 546 hidden) download


robsearch.info/tre/lena.exe/yH43995f87V0100f080006R00000000102T0f676fdc201l0409329 benign
[nothing detected] (shellcode) robsearch.info/tre/lena.exe/yH43995f87V0100f080006R00000000102T0f676fdc201l0409329
     status: (referer=http:/www.ask.com/web?q=puppies)saved 70688 bytes 4979c489eae85b6d6e58a94e9d56dda9bfa869a6
     info: [meta refresh] URL=ww1.robsearch.info/?sub1=4093405a-cdfc-11e8-8332-7727506136a7&gtnjs=1
     info: [script] img.sedoparking.com/js/jquery-1.11.3.custom.min.js
     info: [img] robsearch.info/tre/lena.exe/
     info: [decodingLevel=0] found JavaScript
     error: line:3: SyntaxError: missing = in XML attribute:
          error: line:3: <!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_ToNk4O8rqa/ePgBkbyxrVAWxYbcqPuaCiO4fi0RqkOgUHwCk2aV2QdHkQIrLTA0Vp5AoIJsPF40Uw5c
          error: line:3: ..............^
     file: 4979c489eae85b6d6e58a94e9d56dda9bfa869a6: 70688 bytes

Decoded Files
4979/c489eae85b6d6e58a94e9d56dda9bfa869a6 from robsearch.info/tre/lena.exe/yH43995f87V0100f080006R00000000102T0f676fdc201l0409329 (70688 bytes, 3 hidden) download


img.sedoparking.com/js/jquery-1.11.3.custom.min.js benign
[nothing detected] (script) img.sedoparking.com/js/jquery-1.11.3.custom.min.js
     status: (referer=ww1.robsearch.info/?sub1=4093405a-cdfc-11e8-8332-7727506136a7&gtnjs=1)saved 63696 bytes 7c1807f9872e632869307819a1bf3e939fb6dac1
     info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
     file: 7c1807f9872e632869307819a1bf3e939fb6dac1: 63696 bytes

Decoded Files
7c18/07f9872e632869307819a1bf3e939fb6dac1 from img.sedoparking.com/js/jquery-1.11.3.custom.min.js (63696 bytes) download


ww1.robsearch.info/?sub1=4093405a-cdfc-11e8-8332-7727506136a7&gtnjs=1 benign
[nothing detected] (metarefresh) ww1.robsearch.info/?sub1=4093405a-cdfc-11e8-8332-7727506136a7&gtnjs=1
     status: (referer=robsearch.info/tre/lena.exe/yH43995f87V0100f080006R00000000102T0f676fdc201l0409329)saved 70546 bytes dd41f81262ca6fd26e178a02e2f20cccb1e31095
     info: [script] img.sedoparking.com/js/jquery-1.11.3.custom.min.js
     info: [img] ww1.robsearch.info/
     info: [decodingLevel=0] found JavaScript
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
     file: dd41f81262ca6fd26e178a02e2f20cccb1e31095: 70546 bytes
     file: e5084ceb1d9e1baf0ea560efb666b64fd175087a: 53269 bytes
     file: 24b06ea7337c688556619708c1ecade299711d13: 53275 bytes
     file: 1dd871bbeb71f151c67126e6e6f16d1d955f45e5: 53484 bytes
     file: c615c751b78c9ae707b5d5bba7850714a6ae90d8: 53676 bytes
     file: 5a79fe7b1750714a4b9046f5cc96f287ecc40409: 53390 bytes
     file: 9406bbc62d5cdc69e7d52733942d4452c6a82cd8: 53514 bytes
     file: 643eafbe069d2867eebd6ce0b1755e198366365c: 70838 bytes
     file: d3c2c48263adfe933bb522f4c28beefd45c556e1: 70844 bytes
     file: addb56f324c566463645e9049931e945a5655661: 71053 bytes
     file: 2a09c38c49a6b609e7c5c5faaf1cceed03da1a24: 71245 bytes
     file: 5468e8fc9901a85e0c66e79921e176fa889607c0: 70959 bytes
     file: 24dad8a55cd566e462e6e91b1387e883acbdf302: 71083 bytes

Decoded Files
dd41/f81262ca6fd26e178a02e2f20cccb1e31095 from ww1.robsearch.info/?sub1=4093405a-cdfc-11e8-8332-7727506136a7&gtnjs=1 (70546 bytes, 3 hidden) download

e508/4ceb1d9e1baf0ea560efb666b64fd175087a from ww1.robsearch.info/?sub1=4093405a-cdfc-11e8-8332-7727506136a7&gtnjs=1 (53269 bytes) download

24b0/6ea7337c688556619708c1ecade299711d13 from ww1.robsearch.info/?sub1=4093405a-cdfc-11e8-8332-7727506136a7&gtnjs=1 (53275 bytes) download

1dd8/71bbeb71f151c67126e6e6f16d1d955f45e5 from ww1.robsearch.info/?sub1=4093405a-cdfc-11e8-8332-7727506136a7&gtnjs=1 (53484 bytes) download

c615/c751b78c9ae707b5d5bba7850714a6ae90d8 from ww1.robsearch.info/?sub1=4093405a-cdfc-11e8-8332-7727506136a7&gtnjs=1 (53676 bytes) download

5a79/fe7b1750714a4b9046f5cc96f287ecc40409 from ww1.robsearch.info/?sub1=4093405a-cdfc-11e8-8332-7727506136a7&gtnjs=1 (53390 bytes) download

9406/bbc62d5cdc69e7d52733942d4452c6a82cd8 from ww1.robsearch.info/?sub1=4093405a-cdfc-11e8-8332-7727506136a7&gtnjs=1 (53514 bytes) download

643e/afbe069d2867eebd6ce0b1755e198366365c from ww1.robsearch.info/?sub1=4093405a-cdfc-11e8-8332-7727506136a7&gtnjs=1 (70838 bytes, 3 hidden) download

d3c2/c48263adfe933bb522f4c28beefd45c556e1 from ww1.robsearch.info/?sub1=4093405a-cdfc-11e8-8332-7727506136a7&gtnjs=1 (70844 bytes, 3 hidden) download

addb/56f324c566463645e9049931e945a5655661 from ww1.robsearch.info/?sub1=4093405a-cdfc-11e8-8332-7727506136a7&gtnjs=1 (71053 bytes, 3 hidden) download

2a09/c38c49a6b609e7c5c5faaf1cceed03da1a24 from ww1.robsearch.info/?sub1=4093405a-cdfc-11e8-8332-7727506136a7&gtnjs=1 (71245 bytes, 3 hidden) download

5468/e8fc9901a85e0c66e79921e176fa889607c0 from ww1.robsearch.info/?sub1=4093405a-cdfc-11e8-8332-7727506136a7&gtnjs=1 (70959 bytes, 3 hidden) download

24da/d8a55cd566e462e6e91b1387e883acbdf302 from ww1.robsearch.info/?sub1=4093405a-cdfc-11e8-8332-7727506136a7&gtnjs=1 (71083 bytes, 3 hidden) download