[Analysis] some suspicious files

# Analysis Encoded Script, HaiDong, 100917

// script.js

Suspicious URL is encoded by URL Encoding method, The result of decode is like below..

// www.openovation.co.kr/images/xxx.jpg

This use ms10-018
So, decode the payload > you will see hxxp://www.ticket365.co.kr/filedata/xxx/xxx.exe

k.exe is Win-Trojan/Agent in V3

thanks