Is this EXP/JS.Expack.AH an IFrame trojan or Blacole malware or both?

See: http://zulu.zscaler.com/submission/show/fd3efc237fa35247585cc620ab4dcb7d-1355141858
Quttera finds potentially suspicious file:
twitter dot com/?iid=am-86526363013315658237783859&nid=23%2Brecipient&uid=519642271&utm_content=profile#%21/artsdoussie
File size[byte]:
67372
Severity:
Potentially Suspicious
Details:
Detected procedure that is commonly used in suspicious activity.
Reason:
Too low entropy detected in string ‘/[1]*[a-z_----------------------’ of length 213 which may points to obfuscation or shellcode.
MD5:
7905104656610F87BA32FE51AA3FBFBF
Quttera free url scan results
VT results: https://www.virustotal.com/file/dec5cd42423d799cc2fc5ecacc8e4f856de716c61d040e62d210bc20e20ae46c/analysis/

polonus


  1. a-z0-9_------------------------------------------------------------- ↩︎