generic_javascript_obfuscation in www.sc.pages05.net

On 2019-06-08T14:41:31.272168+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://www.sc.pages05.net/lp/static/js…

The suspicious code sample:

b'var b=[],d=0;256>d;d++)b[d]=-1;for(d=0;64>d;d++)b[c[d].charCodeAt(0)]=d;b[61]=-2;for(var c=Array(3*(a.length/4)),g=0,e=0,f=0,k=0,d=0;d<a.length;d++){var h=a.charAt(d),h="."==h?"\\n":"*"==h?"\\x3d' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!