generic_javascript_obfuscation in b9good.com

On 2019-05-13T04:05:45.873033+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page http://b9good.com/new/180131.html

The suspicious code sample:

b'atob' … b'atob' … b'atob' … b'atob' … b'atob' … b'atob' … b"'getElementsByTagName'" … b"'stopImmediatePropagation'" … b"'clearTimeoutIGhhcyBub3QgYmVlbiBkZWZpbmVk'" … b"'removeQWxsTGlzdGVuZXJz'" … b"'getExtentionDialyUrl'" … b"'removeRXZlbnRMaXN0ZW5lcg=='" … b"'getBoundingClientRect'" … b"'zfgloadedinterstitial'" … b"'returnIChmdW5jdGlvbigpIHt9LmNvbnN0cnVjdG9yKCJyZXR1cm4gdGhpcyIpKCApKTs='" … b"'b1l4jztdK1kk0s1yqOdz2uaxpvIlhfkf0vyHghzrr559Uqlkr37mqLabiiyttjL5db69dwp'" … b"'211A8djNep1E9bcVfnuHwpjX211Ixnc'" … b"'0k62pbb5V6wocjfb5Cbijb30roAsukjtguzBoz69taluXnpkb0a5mY4k6zi01sLr01ojgf8O3fgwg4onP9r4j0wny'" … b"'nueFt6wJa8lCgk3Hb3a7xDhiwHyklKt6wAzieXgk3'"

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!