JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link b8842568c3104748ad74c906d9e8fd965660aac7 (Received 2018-10-09 00:50:04, ffe8db8803d5ead7a7c4d4dfd393e4601a91b867 )

URLStatus

All Malicious or Suspicious Elements of Submission

suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
suspicious: Warning detected /warning CVE-NO-MATCH Shellcode NOP len 9295 /warning CVE-NO-MATCH Shellcode Engine Binary Threshold /warning CVE-NO-MATCH Shellcode Engine Length 65536
malicious: shellcode of length 1305/104845199
malicious: shellcode URL=robsearch.info/tre/lena.exe/yH43995f87V0100f080006R00000000102T0f676fdc201l0409329
ww1.robsearch.info/?sub1=f01125ea-cb97-11e8-9d6b-de28b50651e5&gtnjs=1 benign
[nothing detected] (metarefresh) ww1.robsearch.info/?sub1=f01125ea-cb97-11e8-9d6b-de28b50651e5&gtnjs=1
     status: (referer=robsearch.info/tre/lena.exe/yH43995f87V0100f080006R00000000102T0f676fdc201l0409329)saved 70546 bytes 81aad6ef6ea78a2e343bea32ccb73e61207d4091
     info: [script] img.sedoparking.com/js/jquery-1.11.3.custom.min.js
     info: [img] ww1.robsearch.info/
     info: [decodingLevel=0] found JavaScript
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
     file: 81aad6ef6ea78a2e343bea32ccb73e61207d4091: 70546 bytes
     file: 9ce238c92563d945469a2ec2069ca994571f555a: 53269 bytes
     file: 932cd0303249eeaf56bc1f909a770ea74b8ca7a9: 53275 bytes
     file: afad205c3ab6ce2da8ee025b2e8bd9bfab68c5d6: 53484 bytes
     file: b182f357c45f8157925f6faa3288fd2102920f34: 53676 bytes
     file: 1b6976c013663656a883773678f223cccf62297c: 53390 bytes
     file: cef6ba05203f2bcec22f114e1f17b09676f555f3: 53514 bytes
     file: 06faa0c3b62282b35c6deb554e0bf8f59c80928f: 70838 bytes
     file: 0fbfb1de4754744d969c2c9088c1370841b9e141: 70844 bytes
     file: 236b67d6c3891f43b58817f6ef7d8184b3e6e9a6: 71053 bytes
     file: f6a9f1fc47b8f637ba9ba9e419d06ec0923295c3: 71245 bytes
     file: 5de991b98e40b81d640798505281f1230cf0b4c7: 70959 bytes
     file: 6a91f2ecceabe4a469934cf65d59ca36aa875e0d: 71083 bytes

Decoded Files
81aa/d6ef6ea78a2e343bea32ccb73e61207d4091 from ww1.robsearch.info/?sub1=f01125ea-cb97-11e8-9d6b-de28b50651e5&gtnjs=1 (70546 bytes, 3 hidden) download

9ce2/38c92563d945469a2ec2069ca994571f555a from ww1.robsearch.info/?sub1=f01125ea-cb97-11e8-9d6b-de28b50651e5&gtnjs=1 (53269 bytes) download

932c/d0303249eeaf56bc1f909a770ea74b8ca7a9 from ww1.robsearch.info/?sub1=f01125ea-cb97-11e8-9d6b-de28b50651e5&gtnjs=1 (53275 bytes) download

afad/205c3ab6ce2da8ee025b2e8bd9bfab68c5d6 from ww1.robsearch.info/?sub1=f01125ea-cb97-11e8-9d6b-de28b50651e5&gtnjs=1 (53484 bytes) download

b182/f357c45f8157925f6faa3288fd2102920f34 from ww1.robsearch.info/?sub1=f01125ea-cb97-11e8-9d6b-de28b50651e5&gtnjs=1 (53676 bytes) download

1b69/76c013663656a883773678f223cccf62297c from ww1.robsearch.info/?sub1=f01125ea-cb97-11e8-9d6b-de28b50651e5&gtnjs=1 (53390 bytes) download

cef6/ba05203f2bcec22f114e1f17b09676f555f3 from ww1.robsearch.info/?sub1=f01125ea-cb97-11e8-9d6b-de28b50651e5&gtnjs=1 (53514 bytes) download

06fa/a0c3b62282b35c6deb554e0bf8f59c80928f from ww1.robsearch.info/?sub1=f01125ea-cb97-11e8-9d6b-de28b50651e5&gtnjs=1 (70838 bytes, 3 hidden) download

0fbf/b1de4754744d969c2c9088c1370841b9e141 from ww1.robsearch.info/?sub1=f01125ea-cb97-11e8-9d6b-de28b50651e5&gtnjs=1 (70844 bytes, 3 hidden) download

236b/67d6c3891f43b58817f6ef7d8184b3e6e9a6 from ww1.robsearch.info/?sub1=f01125ea-cb97-11e8-9d6b-de28b50651e5&gtnjs=1 (71053 bytes, 3 hidden) download

f6a9/f1fc47b8f637ba9ba9e419d06ec0923295c3 from ww1.robsearch.info/?sub1=f01125ea-cb97-11e8-9d6b-de28b50651e5&gtnjs=1 (71245 bytes, 3 hidden) download

5de9/91b98e40b81d640798505281f1230cf0b4c7 from ww1.robsearch.info/?sub1=f01125ea-cb97-11e8-9d6b-de28b50651e5&gtnjs=1 (70959 bytes, 3 hidden) download

6a91/f2ecceabe4a469934cf65d59ca36aa875e0d from ww1.robsearch.info/?sub1=f01125ea-cb97-11e8-9d6b-de28b50651e5&gtnjs=1 (71083 bytes, 3 hidden) download


robsearch.info/tre/lena.exe/yH43995f87V0100f080006R00000000102T0f676fdc201l0409329 benign
[nothing detected] (shellcode) robsearch.info/tre/lena.exe/yH43995f87V0100f080006R00000000102T0f676fdc201l0409329
     status: (referer=http:/www.ask.com/web?q=puppies)saved 70688 bytes b0dc57c67bae2e88629612fd368c6eb44fdaac0d
     info: [meta refresh] URL=ww1.robsearch.info/?sub1=f01125ea-cb97-11e8-9d6b-de28b50651e5&gtnjs=1
     info: [script] img.sedoparking.com/js/jquery-1.11.3.custom.min.js
     info: [img] robsearch.info/tre/lena.exe/
     info: [decodingLevel=0] found JavaScript
     error: line:3: SyntaxError: missing = in XML attribute:
          error: line:3: <!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_PS1rJhOTm/66vAsIEo42y2gnQfZQkQhmSyoCUJQktQxak+tox7ZsFjjKJrZnak3iMHrB59aS0FIUxo4
          error: line:3: ..............^
     file: b0dc57c67bae2e88629612fd368c6eb44fdaac0d: 70688 bytes

Decoded Files
b0dc/57c67bae2e88629612fd368c6eb44fdaac0d from robsearch.info/tre/lena.exe/yH43995f87V0100f080006R00000000102T0f676fdc201l0409329 (70688 bytes, 3 hidden) download


upload malicious
[malicious:8] [PDF] upload
     info: [decodingLevel=0] JavaScript in PDF 8546 bytes, with 16860 bytes headers
     info: [decodingLevel=1] found JavaScript
     info: Decoding option app.viewerVersion=9.1 and app.viewerVersion=8.0,      15263 bytes
     info: Decoding option app.viewerVersion= and app.viewerVersion=7.0,      22 bytes
     suspicious: Warning detected /warning CVE-NO-MATCH Shellcode NOP len 9295 /warning CVE-NO-MATCH Shellcode Engine Binary Threshold /warning CVE-NO-MATCH Shellcode Engine Length 65536
     malicious: shellcode of length 1305/104845199
     malicious: shellcode URL=robsearch.info/tre/lena.exe/yH43995f87V0100f080006R00000000102T0f676fdc201l0409329
     info: [2] no JavaScript
     info: file: saved upload to (ffe8db8803d5ead7a7c4d4dfd393e4601a91b867)
     file: ffe8db8803d5ead7a7c4d4dfd393e4601a91b867: 14961 bytes
     file: 818ef0416480e3f83c8d1a1d4f0043a0814a98d0: 25406 bytes
     file: 5ae8c5080d37833fc5994f98012ab3d8ccd2ac23: 15263 bytes
     file: b86132f12e9a883a352e4ee6b22bc5115e5a25e4: 1305 bytes

Decoded Files
ffe8/db8803d5ead7a7c4d4dfd393e4601a91b867 from upload (14961 bytes, 2219 hidden) download

818e/f0416480e3f83c8d1a1d4f0043a0814a98d0 from upload (25406 bytes, 16860 hidden) download

5ae8/c5080d37833fc5994f98012ab3d8ccd2ac23 from upload (15263 bytes) download

b861/32f12e9a883a352e4ee6b22bc5115e5a25e4 from upload (1305 bytes, 546 hidden) download


img.sedoparking.com/js/jquery-1.11.3.custom.min.js benign
[nothing detected] (script) img.sedoparking.com/js/jquery-1.11.3.custom.min.js
     status: (referer=robsearch.info/tre/lena.exe/yH43995f87V0100f080006R00000000102T0f676fdc201l0409329)saved 63696 bytes 7c1807f9872e632869307819a1bf3e939fb6dac1
     info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
     info: [decodingLevel=0] found JavaScript
     error: undefined variable n
     file: 7c1807f9872e632869307819a1bf3e939fb6dac1: 63696 bytes

Decoded Files
7c18/07f9872e632869307819a1bf3e939fb6dac1 from img.sedoparking.com/js/jquery-1.11.3.custom.min.js (63696 bytes) download