generic_javascript_obfuscation in www.google.com

On 2018-12-06T12:36:34.269367+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page http://www.google.com/xjs/_/js/k=xjs.hp… referenced from https://ugrastes.uk/ .

The suspicious code sample:

b'var c=[a],d=b.length-1;0<=d;--d)c.push(typeof b[d],b[d]);return c.join("\\x0B' … b'\\xa0' … b'\\xa0' … b'\\x08' … b'\\x08' … b'\\x0B' … b'\\xa0' … b'\\x00' … b'\\x08' … b'\\x0a' … b'\\x1f' … b'\\x0B' … b'\\x00' … b'\\x1f' … b'\\x7f' … b'\\x00' … b'\\x1f' … b'\\x7f' … b'\\xff' … b'\\x00' … b'\\x00' … b'\\x00' … b'"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="' … b'%20'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!