polonus
34
Hi czardas,
Let us go both the extra mile together to delve somewhat deeper to see what is really going on here.
I opened the link you gave at jsunpack and then I ran the copied contents of the zipfile code through Bintxt
and later saved that txt as zip file, see this attached file below and see that it is clean according to my scan here:
https://www.virustotal.com/en/file/b84719bfec48d38f8ce12064863270570ef503fb83d26d4486de5587d0a4500a/analysis/
Now alternately I scanned the live link you gave with Anubis and then we see this in the Device Control Communication:
unnamed file 0x00120028 2 This could perform File Modification and Destruction,
and is therefore considered possibly malware related,
This all could still stay in the false positive realm, but then also consider the insecurities I found on that uri with Asafaweb.
Excessive headers warning, clickjacking warning - all low hanging fruit data ready for “hacker/attacker Ltd” :D.
So see scan results here for that uri at Kundenserver with above insecurity flags:
https://asafaweb.com/Scan?Url=www.czardas.co.uk
Now I think we are near a conclusion, aren’t we? Yes test the binairies against each other, please.
polonus