JavaScript_obfuscation in storoukr.net

On 2019-05-12T21:40:48.901084+00:00 we found suspicious pattern JavaScript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://storoukr.net/cdn/wow/8.22.32/wo…

The suspicious code sample:

b'var _0x301848' … b'var _0x2c6eda' … b'var _0xd3ef3d' … b'var _0xb54583' … b'_0x301848=_0x432ce4' … b'_0x4b0fd0=_0x432ce4' … b'_0x6f0ff2=_0x432ce4' … b'_0x3e8718=_0x848223' … b'_0x2c6eda=_0x2efc86' … b'_0x36497d=_0x2efc86' … b'_0x549832=_0x2efc86' … b'_0x19e773=_0x2efc86' … b'_0x169d4d=_0x2efc86' … b'_0x36f079=_0x53fb2c' … b'_0x3df075=_0x2efc86' … b'_0x1f0f72=_0x2efc86' … b'_0x2c09d7=_0x53fb2c' … b'_0x4c168f=_0x2efc86' … b'_0x2981ed=_0x53fb2c' … b'_0x5d352d=_0x2efc86' … b'_0x33628c=_0x53fb2c' … b'_0x5d11ff=_0x2efc86' … b'_0x5f1e3c=_0x2efc86' … b'_0x21fd03=_0x2efc86' … b'_0x3b7a84=_0x2efc86' … b'_0x1f1642(' … b'_0x2efc86(' … b'_0x2efc86(' … b'_0x2efc86(' … b'_0x2efc86(' … b'_0x2efc86(' … b'_0x53fb2c(' … b'_0x2efc86(' … b'_0x2efc86(' … b'_0x53fb2c(' … b'_0x2efc86(' … b'_0x53fb2c(' … b'_0x2efc86(' … b'_0x53fb2c(' … b'_0x2efc86(' … b'_0x2efc86(' … b'_0x2efc86(' … b'_0x2efc86(' … b'_0x53fb2c(' … b'_0x981a4a(' … b'_0x4a9aeb(' … b'_0x5134b2(' … b'_0x350c4c(' … b'_0x2b6a3f(' … b'_0x188411(' … b'_0x1a5df8(' … b'_0x543d46(' … b'_0x1481c8(' … b'_0x2523c3(' … b'_0x1d86d0(' … b'_0x1715eb(' … b'_0x4a9aeb(' … b'_0x188411(' … b'_0x2523c3(' … b'_0x1481c8(' … b'_0x1a5df8(' … b'_0x5134b2(' … b'_0x1d86d0(' … b'_0x350c4c(' … b'_0x543d46(' … b'_0x2b6a3f(' … b'_0x981a4a(' … b'function _0x1f1642(' … b'function _0x53fb2c(' … b'function _0x981a4a(' … b'function _0x4a9aeb(' … b'function _0x5134b2(' … b'function _0x350c4c(' … b'function _0x2b6a3f(' … b'function _0x188411(' … b'function _0x1a5df8(' … b'function _0x543d46(' … b'function _0x1481c8(' … b'function _0x2523c3(' … b'function _0x1d86d0(' … b'function _0x1715eb(' … b'return _0x848223' … b'return _0x4fbc18' … b'return _0x40acb3' … b'return _0x549832' … b'return _0x549832' … b'return _0x549832'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!