Wepawet » Report for 4c478d7f87d8e3ea1060b149ef477b30

Analysis report for http://armorizetest.blogspot.com

Sample Overview

URL	http://armorizetest.blogspot.com
MD5	4c478d7f87d8e3ea1060b149ef477b30
Analysis Started	2010-08-12 10:50:47
Report Generated	2010-08-12 10:51:45
Jsand version	1.02.02

See the report for domain armorizetest.blogspot.com.

Detection results

Detector	Result
Jsand 1.02.02	benign

Exploits

No exploits were identified.

Deobfuscation results

Evals

ClassGRPC____NIXVBS_wrapperPrivatem_IntendedPrivatem_AuthPublicSubSetIntendedName(name)If
isEmpty(m_Intended)Thenm_Intended = nameEndIfEndSubPublicSubSetAuth(auth)IfisEmpty(m_Auth)
Thenm_Auth = authEndIfEndSubPublicSubSendMessage(data)GRPC____NIXVBS_handle_message(data)
EndSubPublicFunctionGetAuthToken()GetAuthToken = m_AuthEndFunctionPublicSubCreateChannel(
channel, auth)CallGRPC____NIXVBS_create_channel(m_Intended, channel, auth)EndSubEndClass
FunctionGRPC____NIXVBS_get_wrapper(name, auth)DimwrapSetwrap = NewGRPC____NIXVBS_wrapper
wrap.SetIntendedNamenamewrap.SetAuthauthSetGRPC____NIXVBS_get_wrapper = wrapEndFunction

(repeated 1 time)

```
var _WidgetManager
```
(repeated 2 times)
```
var _WidgetInfo
```
(repeated 2 times)
```
var _AdSenseView
```
(repeated 2 times)
```
var _BlogArchiveView
```
(repeated 2 times)
```
var _AttributionView
```
(repeated 2 times)
```
var BLOG_CMT_XpcBlogspot
```
(repeated 2 times)
```
var _BlogView
```
(repeated 2 times)
```
var _BlogListView
```
(repeated 2 times)
```
var _CustomSearchView
```
(repeated 2 times)
```
var _FeedView
```
(repeated 2 times)
```
var _FollowersView
```
(repeated 2 times)
```
var _GadgetView
```
(repeated 2 times)
```
var _ImageView
```
(repeated 2 times)
```
var _UploadSimpleImage
```
(repeated 2 times)

var _singleImageConfig_successfulUploadCallback

(repeated 2 times)

```
var _singleImageConfig_resetCallback
```
(repeated 2 times)
```
var _SIV_getScaledContainerWidth
```
(repeated 2 times)
```
var _SIV_getContainerWidth
```
(repeated 2 times)
```
var _SIV_setConfigurationOptions
```
(repeated 2 times)
```
var _HeaderView
```
(repeated 2 times)
```
var _TextView
```
(repeated 2 times)
```
var _HTMLView
```
(repeated 2 times)
```
var _LabelView
```
(repeated 2 times)
```
var _TextListView
```
(repeated 2 times)
```
var _LinkListView
```
(repeated 2 times)
```
var _BloggerButtonView
```
(repeated 2 times)
```
var _MapsView
```
(repeated 2 times)
```
var _NavbarView
```
(repeated 2 times)
```
var _NewsBarView
```
(repeated 2 times)
```
var _PageListView
```
(repeated 2 times)
```
var _PollView
```
(repeated 2 times)
```
var _PopularPostsView
```
(repeated 2 times)
```
var _ProfileView
```
(repeated 2 times)
```
var _RelatedPostsView
```
(repeated 2 times)
```
var _SlideshowView
```
(repeated 2 times)
```
var _StatsView
```
(repeated 2 times)
```
var _SubscribeView
```
(repeated 2 times)
```
var _SW_toggleReaderList
```
(repeated 2 times)
```
var _SW_hideReaderList
```
(repeated 2 times)
```
var _VideoBarView
```
(repeated 2 times)

Writes

<div id="widgetbox_widget_parent_0" style="line-height:0"></div>

(repeated 1 time)

<script type="text/javascript"src="http://www.google.com/friendconnect/script/friendconnect.js">
</script>

(repeated 1 time)

<a id="b-query-icon" onclick="document.getElementById(&quot;searchthis&quot;).submit();" title=
"Search this blog"></a>

(repeated 1 time)

<a id="b-flag-this" class="b-link" tabindex="6" title=
"Notify Blogger about objectionable content on this page." onclick=
"window.open(&quot;http://www.google.com/support/blogger/bin/request.py?page\x3dmain_tos\x26blog_ID\
x3d5204100777629224505\x26blog_URL\x3dhttp://armorizetest.blogspot.com/&quot;)"><span class=
"flag-text">Report Abuse</span></a>

(repeated 1 time)

Network Activity

Requests

URL	Status	Content Type
http://armorizetest.blogspot.com	200	text/html
about:blank	200	text/html
http://cdn.widgetserver.com/syndication/subscriber/InsertWidget.js	200	text/javascript
http://cdn.widgetserver.com/syndication/subscriber/Main.js?39866	200	text/javascript
http://www.google.com/friendconnect/script/friendconnect.js	200	text/javascript
http://www.blogger.com/static/v1/widgets/781223880-widgets.js	200	text/javascript
http://www.blogger.com/navbar.g?targetBlogID=5204100777629224505&blogName=Armorize+test+blog&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=BLUE&layoutType=LAYOUTS&searchRoot=http://armorizetest.blogspot.com/search&blogLocale=en&homepageUrl=http://armorizetest.blogspot.com/	200	text/javascript

Redirects

No redirects.

ActiveX controls

ShockwaveFlash.ShockwaveFlash.7
Name Arg0 Count
Methods

GetVariable
$version
1

ShockwaveFlash.ShockwaveFlash.7
	Name	Arg0	Count
Methods	GetVariable	$version	1

Shellcode and Malware

No shellcode was identified.

No additional malware was retrieved.