Analysis report for http://terrilyoguez.blogspot.com/
Sample Overview
| URL | http://terrilyoguez.blogspot.com/ |
|---|---|
| MD5 | d37dc2c90f080f58b971036f1794f32e |
| Analysis Started | 2010-01-31 22:21:34 |
| Report Generated | 2010-01-31 22:22:15 |
| Jsand version | 1.03.02 |
See the report for domain terrilyoguez.blogspot.com.
Detection results
| Detector | Result |
|---|---|
| Jsand 1.03.02 | suspicious |
This resource appears to be involved in the Koobface malware campaign.
Exploits
No exploits were identified.Deobfuscation results
Evals
- (repeated 2 times)
document.referrer
- (repeated 2 times)
window.redirect
- (repeated 1 time)
location.href
- (repeated 1 time)
location.search
- (repeated 1 time)
window.location.href = window.redirect;
- (repeated 1 time)
window.attachEvent('onunload', exiter);
Writes
- (repeated 1 time)
<OBJECT id="iie" width="0" height="0" style="position:absolute; left:0;top:0;" CLASSID= "CLSID:6BF52A52-394A-11d3-B153-00C04F79FAA6" type="application/x-oleobject"> <PARAM NAME= "SendPlayStateChangeEvents" VALUE="True"> <PARAM NAME="AutoStart" VALUE="True"> <PARAM name="uiMode" value="none"> <PARAM name="PlayCount" value="9999"></OBJECT>
Network Activity
Requests
| URL | Status | Content Type |
|---|---|---|
| http://terrilyoguez.blogspot.com/ | 200 | text/html |
| http://gxf.co.il/index.php/?go | 200 | text/javascript |
| http://96.231.223.38/go.js?0x3E8/view/console=yes/?go | 200 | text/javascript |
| http://84.109.44.226/go.js?0x3E8/view/console=yes/?go | 200 | text/javascript |
| http://180.131.238.240/go.js?0x3E8/view/console=yes/?go | 200 | text/javascript |
| http://76.216.122.115/go.js?0x3E8/view/console=yes/?go | 200 | text/javascript |
| http://79.178.36.253/go.js?0x3E8/view/console=yes/?go | 200 | text/javascript |
| http://109.64.8.65/go.js?0x3E8/view/console=yes/?go | 200 | text/javascript |
| http://97.95.134.150/go.js?0x3E8/view/console=yes/?go | 200 | text/javascript |
| http://173.16.43.77/go.js?0x3E8/view/console=yes/?go | Timeout | application/x-empty |
| http://24.99.102.143/go.js?0x3E8/view/console=yes/?go | 200 | text/javascript |
| http://109.66.11.75/go.js?0x3E8/view/console=yes/?go | 200 | text/javascript |
| http://209.169.109.40/go.js?0x3E8/view/console=yes/?go | 200 | text/javascript |
| http://98.206.46.123/go.js?0x3E8/view/console=yes/?go | 200 | text/javascript |
| http://98.250.100.19/go.js?0x3E8/view/console=yes/?go | 200 | text/javascript |
| http://77.127.42.217/go.js?0x3E8/view/console=yes/?go | 200 | text/javascript |
| http://174.102.116.127/go.js?0x3E8/view/console=yes/?go | 200 | text/javascript |
| http://75.75.42.202/go.js?0x3E8/view/console=yes/?go | 200 | text/javascript |
| http://89.138.87.80/go.js?0x3E8/view/console=yes/?go | 200 | text/javascript |
| http://84.110.141.98/go.js?0x3E8/view/console=yes/?go | 200 | text/javascript |
| http://97.96.232.201/go.js?0x3E8/view/console=yes/?go | 200 | text/javascript |
| http://93.172.193.116/go.js?0x3E8/view/console=yes/?go | 200 | text/javascript |
| about:blank | 200 | text/html |
| http://93.172.193.116/d=gxf.co.il/0x3E8/view/console=yes/?go | 200 | text/html |
| http://93.172.193.116/d=gxf.co.il/0x3E8/view/console=yes/player.swf?pid=6123 | 200 | application/x-shockwave-flash |
Redirects
No redirects.ActiveX controls
-
6BF52A52-394A-11D3-B153-00C04F79FAA6 Name Arg0 Count Methods launchURL http://coloradowin.com/?pid=312s02&sid=4db12f
1 http://93.172.193.116/d=gxf.co.il/0x3E8/view/console=yes/?go
1 Name Value Count Attributes PlayCount 9999
1 uiMode none
1 AutoStart True
1 SendPlayStateChangeEvents True
1 -
D27CDB6E-AE6D-11CF-96B8-444553540000 Name Value Count Attributes bgcolor #000000
1 movie player.swf?pid=6123
1 allowScriptAccess sameDomain
1 allowFullScreen false
1 menu false
1 quality high
1
Shellcode and Malware
No shellcode was identified.
Additional (potential) malware:
| URL | Type | Hash | Analysis |
|---|---|---|---|
| http://93.172.193.116/d=gxf.co.il/0x3E8/view/console=yes/?go | N/A | N/A |
|
| http://coloradowin.com/?pid=312s02&sid=4db12f | N/A | N/A |
|