polonus
1
See: https://www.virustotal.com/nl/url/1d7742f47669af4787e6de93171c6c575333d4960110df37dcdfa1e05667310a/analysis/
and http://urlquery.net/queued.php?id=50877084
Malware list in question: http://malwareurls.joxeankoret.com/normal.txt
Suspicious file flagged by Quttera’s:
index.html
Severity: Suspicious
Reason: Detected encoded JavaScript code commonly used to hide suspicious behaviour.
Details: Detected encoded JavaScript code used to hide suspicious activity
Threat dump: View code here: http://jsunpack.jeek.org/?report=568ad24205f37408701b6dab5f5167dd04e0216a
File size[byte]: 24487
File type: ASCII
MD5: 0194BA04E5C2DBBB364898A71A68E585
Scan duration[sec]: 0.008000
This going here: http://jsunpack.jeek.org/?report=50f67c1a221c0717061754dccc2e6f2a58836945
IDS alert ET CURRENT_EVENTS DNS Query to a *.pw domain - Likely Hostile
Read on decimal obfuscated script here: http://hidka.tistory.com/entry/Decimal-Obfuscated author = Hakawati_HiDKa
Ever changing resolve - e.g. to Suspect - please check list for unknown includes
htxp://s84.cnzz.com/stat.php?id=3482680&web_id=3482680&show=pic
htxp://chat.53kf.com/kf.php?arg=9youidc&style=1
polonus
Pondus
2