Avast Community

Is this script resource (shellcode malware) a threat?

Viruses and worms

polonus June 14, 2012, 3:08pm 1

See: hxtp://sitecheck.sucuri.net/results/www.sanpatrick.com/
Shell code malcode:
wXw.sanpatrick.com/ScriptResource.axd?d=106U0c2z65hQclldO1xIIhLl9ssS2Y6_tyZ34EjFrsRzCdVual-PaUho-8r5U97PBSoJ5IlPdeXn1-HCHNZj2DxLYGX_zi9b7cWNX-rGw15sEUBT_1RYpiaXP4N-tZD5sUwysGlr5rQCrtxb5jAYVNjOcTtk-18b3dBWVPTsOP13wH0&t=ffffffffb868b5f4 suspicious
[suspicious:5] (ipaddr:62.93.168.101) (script) wXw.sanpatrick.com/ScriptResource.axd?d=106U0c2z65hQclldO1xIIhLl9ssS2Y6_tyZ34EjFrsRzCdVual-PaUho-8r5U97PBSoJ5IlPdeXn1-HCHNZj2DxLYGX_zi9b7cWNX-rGw15sEUBT_1RYpiaXP4N-tZD5sUwysGlr5rQCrtxb5jAYVNjOcTtk-18b3dBWVPTsOP13wH0&t=ffffffffb868b5f4
status: (referer=wXw.sanpatrick.com/)saved 311158 bytes a60eebf85e0f09b430778cf767151e920c66bd87
info: [decodingLevel=0] found JavaScript
suspicious: shellcode of length 2273/2272

Avast webshield should detect this as JS;Packed-Y[Trj]

polonus

Announcements