Author Topic: Suspicious code undefinedxundefinedxundefinedxundefined - promotional adware!  (Read 919 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33376
  • malware fighter
Detected Potential Corporate Privacy Violation....

Where we stumbled onto it: Results from scanning URL: htxp://
Number of sources found: 9
Number of sinks found: 2
GET -/files/bukutamu-zies-name.js HTTP/1.1
Magic: HTML document text\012 exported SGML document text
Size: 1588
Md5: dd2d6d01c8cebacbc39b6abd0352db63
  United States
AS15169 Google Inc.
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
suspicious: maxruntime exceeded 10 seconds (incomplete) found JavaScript
     error: undefined variable history
     error: undefined function history[_0x96d5[33]]
     error: undefined variable _0x96d5
     info: [var pu]
     info: [var newurl]
     info: [decodingLevel=1] found JavaScript

: [meta refresh]
     info: [decodingLevel=0] found JavaScript
     info: [windowlocation]
     info: [var location]
     info: [var newurl]
undefined variable str
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
     info: [iframe]
     info: [decodingLevel=0] found JavaScript
     error: undefined variable _0x9f08x2
     info: DecodedGenericCLSID detected D27CDB6E-AE6D-11cf-96B8-444553540000
     info: [element]
     info: [var pu]
     info: [var u]
     info: [var newurl]
     info: [decodingLevel=1] found JavaScript
     error: line:9: SyntaxError: XML tag name mismatch (expected embed):
          error: line:9: wf" quality="high" wmode="transparent" bgcolor="000000" width="800" height="50" align="middle" allowScriptAccess="sameDomain" type="application/x-shockwave-flash" pluginspage="
          error: line:9: ...^
info: [img]
     info: [decodingLevel=0] found JavaScript
     error: undefined variable Xr
     info: [var Xi]
     info: [var newurl]
     info: [img]

Is this obfuscated code analyzed here being blocked or not longer an online threat?

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: July 10, 2017, 06:33:57 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!