generic_javascript_obfuscation in www.awms.ws

On 2019-08-07T04:42:13.553248+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://www.awms.ws/

The suspicious code sample:

b'var _0x15a9=["\\x38\\x4D\\x6D\\x4D\\x74\\x42\\x79\\x40\\x4D\\x6E\\x38\\x66\\x2E\\x6E\\x66","\\x5A\\x71\\x36\\x57\\x38\\x50\\x42\\x61\\x31\\x75\\x59\\x4B\\x37\\x56\\x6C\\x47\\x72\\x68\\x6A\\x30\\x58\\x77\\x4D\\x6F\\x49\\x4F\\x70\\x46\\x53\\x33\\x44\\x79\\x73\\x64\\x51\\x67\\x6E\\x39\\x7A\\x45\\x62\\x35\\x4C\\x34\\x55\\x63\\x43\\x66\\x48\\x4E\\x74\\x6D\\x76\\x65\\x6B\\x32\\x41\\x52\\x69\\x4A\\x54\\x78","\\x6C\\x65\\x6E\\x67\\x74\\x68","","\\x63\\x68\\x61\\x72\\x41\\x74","\\x69\\x6E\\x64\\x65\\x78\\x4F\\x66","\\x65\\x6D\\x61\\x69\\x6C\\x3A\\x20\\x3C\\x61\\x20\\x68\\x72\\x65\\x66\\x3D\\x27\\x6D\\x61\\x69\\x6C\\x74\\x6F\\x3A","\\' … b'\\x74' … b'\\x42' … b'\\x79' … b'\\x40' … b'\\x6E' … b'\\x66' … b'\\x2E' … b'\\x6E' … b'\\x66' … b'\\x5A' … b'\\x71' … b'\\x57' … b'\\x50' … b'\\x42' … b'\\x61' … b'\\x75' … b'\\x59' … b'\\x4B' … b'\\x56' … b'\\x47' … b'\\x72' … b'\\x68' … b'\\x6A' … b'\\x58' … b'\\x77' … b'\\x6F' … b'\\x49' … b'\\x4F' … b'\\x70' … b'\\x46' … b'\\x44' … b'\\x79' … b'\\x64' … b'\\x51' … b'\\x67' … b'\\x6E' … b'\\x7A' … b'\\x45' … b'\\x62' … b'\\x55' … b'\\x66' … b'\\x48' … b'\\x4E' … b'\\x74' … b'\\x76' … b'\\x65' … b'\\x6B' … b'\\x41' … b'\\x52' … b'\\x69' … b'\\x4A' … b'\\x54' … b'\\x78' … b'\\x65' … b'\\x6E' … b'\\x67' … b'\\x74' … b'\\x68' … b'\\x68' … b'\\x61' … b'\\x72' … b'\\x41' … b'\\x74' … b'\\x69' … b'\\x6E' … b'\\x64' … b'\\x65' … b'\\x78' … b'\\x4F' … b'\\x66' … b'\\x65' … b'\\x61' … b'\\x69' … b'\\x20' … b'\\x61' … b'\\x20' … b'\\x68' … b'\\x72' … b'\\x65' … b'\\x66' … b'\\x27' … b'\\x61' … b'\\x69' … b'\\x74' … b'\\x6F' … b'\\x27' … b'\\x61' … b'\\x6E' … b'\\x61' … b'\\x67' … b'\\x65' … b'\\x72' … b'\\x40' … b'\\x61' … b'\\x77' … b'\\x2E' … b'\\x77' … b'\\x2F' … b'\\x61' … b'\\x77' … b'\\x72' … b'\\x69' … b'\\x74' … b'\\x65'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!