generic_javascript_obfuscation in pandafiles.com

On 2019-05-12T23:52:11.039452+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page http://pandafiles.com/f585a494c48812fc/…

The suspicious code sample:

b'atob' … b'atob' … b'atob' … b'atob' … b'atob' … b'atob' … b'atob' … b'atob' … b'atob' … b'atob' … b'atob' … b'atob' … b"'prepareProxyRedirect'" … b"'getElementsByTagName'" … b"'stopImmediatePropagation'" … b"'clearTimeoutIGhhcyBub3QgYmVlbiBkZWZpbmVk'" … b"'removeQWxsTGlzdGVuZXJz'" … b"'getExtentionDialyUrl'" … b"'removeRXZlbnRMaXN0ZW5lcg=='" … b"'getBoundingClientRect'" … b"'broadcastQ2FsbHNpZ24='" … b"'zfgloadedinterstitial'" … b"'objectLCBpZnJhbWUsIGVtYmVkLCB2aWRlbywgYXVkaW8='" … b"'SFRUUF9NRVRIT0RfPOST'" … b"'returnIChmdW5jdGlvbigpIHt9LmNvbnN0cnVjdG9yKCJyZXR1cm4gdGhpcyIpKCApKTs='" … b"'e6kz2vrsXyi29a475Esyz087zhZdpyz3p9zR3mr8m0olUq1y0p7rdFveh480rtX3k1c04wlV4ymdutx1Fkqjyn31s'" … b"'fkoMlw6Gr8oP8adA3woKkydPfkoOlw6Wr8oYxk6'" … b"'9ybwqsxtVmsvoatwiOnog5zwzyAwj7v0s15Xw6szoipnW5i7esypgHypp7lwx6Le1xljk3sQclppym1tUixxx9l14'" … b"'wunIdwcAj8uTpkcWvwuPqi5G7kuF265B8inJpkc'" … b'"metaRedirectWrapperTopAds"'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!