A forum for reverse engineering, OS internals and malware analysis 

Ask your beginner questions here.
 #27994  by schnitzelattack
 Thu Mar 03, 2016 6:08 pm
Hi there,

Today, I accidentally clicked on a shortened url from a skype message. The contact is trusted, and probably got infected.

I did a quick scan of the url with various automated tools and got a few hits. The url also included a query string with my skype username.

Basically, it loads an obfuscated JavaScript file.

This is one report from an automated tool:
https://www.reverse.it/sample/9ab412136 ... onmentId=4

BehavesLike.JS.DownloaderShell

Another tool spit out: js.Phish

Don't know if these are platform independent or just Windows or OSX (or Linux)

I'm on a Linux machine.
Attachments
The script
(4.45 KiB) Downloaded 36 times