JavaScript_obfuscation in pushanert.com

On 2019-02-07T08:26:42.425260+00:00 we found suspicious pattern JavaScript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://pushanert.com/ntfc.php?zoneid...

The suspicious code sample:

b'var _0x131256' … b'var _0x5098c6' … b'var _0x124eba' … b'var _0x2d8b3b' … b'var _0x1c72ba' … b'var _0x50ad0f' … b'_0x131256=_0x4f41e1' … b'_0x43d021=_0x890353' … b'_0x3e821e=_0x4f41e1' … b'_0x1e532b=_0x890353' … b'_0x5098c6=_0x45411f' … b'_0x17bbcd=_0x45411f' … b'_0x1fda23=_0x45411f' … b'_0x5cb53f=_0x1fda23' … b'_0x2d8b3b=_0x4c7f97' … b'_0x18369b=_0x3f2dae' … b'_0x50ad0f=_0x124eba' … b'_0x4406f2=_0x50ad0f' … b'_0x329496=_0x50ad0f' … b'_0x4f41e1(' … b'_0x890353(' … b'_0x4f41e1(' … b'_0x890353(' … b'_0x890353(' … b'_0x56ce71(' … b'_0x4c7f97(' … b'_0x3f2dae(' … b'_0x3f2dae(' … b'_0x5d20ae(' … b'_0x124eba(' … b'function _0x890353(' … b'function _0x56ce71(' … b'function _0x3f2dae(' … b'function _0x5d20ae(' … b'return _0x1e3f41'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!