generic_javascript_obfuscation in an.yandex.ru

On 2020-01-13T21:46:36.955720+00:00 we found pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://an.yandex.ru/partner-code-bun... referenced from http://fleurmusic.com/ .

Code sample:

b'var t=[];return this.isCompactWarning()&&t.push("__compact-warning"),t},e.prototype.renderButtonBig=~\xef\xbf\xbd\xdc\xb6*\'(){return this.renderButtonBigImpl("big")},e.prototype.renderButtonBigPrice=~\xef\xbf\xbd\xdc\xb6*\'(){return this.renderButtonBigImplPrice("big")},e.prototype.renderButtonMedium=~\xef\xbf\xbd\xdc\xb6*\'(){return this.renderButtonBigImpl("medium")},e.prototype.renderButtonMediumPrice=~\xef\xbf\xbd\xdc\xb6*\'(){return this.renderButtonBigImplPrice("medium")},e.prototype.renderButtonGeo=~\xef\xbf\xbd\xdc\xb6*\'(){if(!this.props.context.getTheme().isButtonVisible)ret' … b'var a=["__warning","__warning_"+(i.important?"important":"normal")];return t&&a.push("__warning_"+t),s.create("yatag",{resourceId:"warning",class:e.apply(void 0,a),style:r,onClick:i.important?void 0:~\xef\xbf\xbd\xdc\xb6*\'(t){return t.preventDefault()}},s.create(h.Scroll,null,s.create("yatag",{class:e("__warning-text")},s.create(b.Text,{text:i.text}))))},e.prototype.renderLogo=~\xef\xbf\xbd\xdc\xb6*\'(t,e){void 0===t&&(t="default");var i=this.b_,n=this.logo,o=this.props.adv.url;if(!n||!n.title)return null;var r=t.split(" "),p=k.concatMod' … b'var c=[(a=t.text.params,s=i(95).PARAMS_DELIMITER,a?a.split(s):null),o(i(7).i18n("SMART_CLOTHES_SIZES",e)+": ",t.text.sizes),o(i(7).i18n("SMART_CLOTHES_CONSIST",e)+": ",t.text.consist),t.text.description],l=r+p,d=0;d<c.length;d++)""!==c[d]&&null!==c[d]&&(l=i(93).addStringToBody(l,n(c[d])+".",!0));return l}(t,e),q\xef\xbf\xbde\xef\xbf\xbd\xef\xbf\xbdl:[]}}},~\xef\xbf\xbd\xdc\xb6*\'(t,e,i){"use strict";Object.defineProperty(e,"__esModule",{value:!0}),e["default"]=~\xef\xbf\xbd\xdc\xb6*\'(t,e){var n=~\xef\xbf\xbd\xdc\xb6*\'(t,e){var n=[];if(t.price.current){var o=i(7).i18n("SMART_MARK' … b'var n=[];if(t.price.current){var o=i(7).i18n("SMART_MARKET_BODY",e,{price:i(39).preparePriceText(t.price)})+".";n.push(o)}var r=i(39).prepareMarket\x0e+\x1c\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbdText(t.price,e);return""!==r&&n.push(r),n.join(" ")}(t,e),o=t.text.params.split(i(95).PARAMS_DELIMITER),r=i(93).addToBody(n,o,!0),a=r.body,s=r.q\xef\xbf\xbde\xef\xbf\xbd\xef\xbf\xbdl;return a=i(93).appendDescription(a,i(38).prettify(t.text.description)),{title:i(94).prepareTitle(t.text.name),domain:t.domain||"",body:a,q\xef\xbf\xbde\xef\xbf\xbd\xef\xbf\xbdl:s}}},~\xef\xbf\xbd\xdc\xb6*\'(t,e,i){"use strict";Object.define' … b'var e=[];return e.push(".",t.id," .p23f6d8cb{display:inline !important}.",t.id," .tab57db25{\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd~Z0-wrap:break-word !important;word-wrap:break-word !important;-webkit-hyphens:auto !important;-ms-hyphens:auto !important;hyphens:auto !important}"),e.join("")}},~\xef\xbf\xbd\xdc\xb6*\'(t,e){t.exports=~\xef\xbf\xbd\xdc\xb6*\'(t){var e=[];return e.push(".",t.id," .odd58dbab,.",t.id," .v6829a493 b{font-weight:700 !important}.",t.id," .odd58dbab{white-space:nowrap !important;max-width:100% !important;display:inline-block !important}"),e.joi' … b'var e=[];return e.push(".",t.id," .odd58dbab,.",t.id," .v6829a493 b{font-weight:700 !important}.",t.id," .odd58dbab{white-space:nowrap !important;max-width:100% !important;display:inline-block !important}"),e.join("")}},~\xef\xbf\xbd\xdc\xb6*\'(t,e){t.exports=~\xef\xbf\xbd\xdc\xb6*\'(t){var e=[];return e.push(".",t.id," .oa2a4c77c{\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd~Z0:hidden !important;margin-top:.2em !important;color:",new t.utils.Color(t.settings.textColor||"#000").setAlpha(.55)," !important}.",t.id," .l25e5e2a9{\xef\xbf\xbd\xef\xbf\xbd"\xef\xbf\xbd*\':relative !important;margin-top:.1em ' … b'var e=[];return e.push(".",t.id," .oa2a4c77c{\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd~Z0:hidden !important;margin-top:.2em !important;color:",new t.utils.Color(t.settings.textColor||"#000").setAlpha(.55)," !important}.",t.id," .l25e5e2a9{\xef\xbf\xbd\xef\xbf\xbd"\xef\xbf\xbd*\':relative !important;margin-top:.1em !important}.",t.id,\' .l25e5e2a9:before{\xef\xbf\xbd\xef\xbf\xbd"\xef\xbf\xbd*\':i\xef\xbf\xbd(\xef\xbf\xbd\xef\xbf\xbd^ !important;left:0 !important;top:0 !important;content:"\\u2022" !important}.\',t.id," .e584c4fa1{display:table-cell !important;padding-left:.7em !important}"),e.join("")}},~\xef\xbf\xbd\xdc\xb6*\'(t,e,i){"use ' … b'var e=[];return e.push(".",t.id," .tbc0e1295{display:inline !important}.",t.id," .d80f042db .ddf5ca0a3{border:none !important;color:#fff !important;font-weight:700 !important;font-size:16px !important;text-shadow:#333 0 0 50px !important}.",t.id," .nb478b30e{display:inline !important;font-weight:700 !important}.",t.id," .wa4d16aa3{font-size:10px !important;line-height:13px !important;height:13px !important;display:inline-block !important;padding:0 8px !important;background-color:#feda5b !important;white-spa' … b'var e=[];return e.push(".",t.id," img.x1e08bd79{\xef\xbf\xbd\xef\xbf\xbd"\xef\xbf\xbd*\':relative !important;margin-top:",t.utils.browser.isIEQuirks?"0":"-0.2em"," !important;margin-right:.3em !important;width:1em !important;height:1em !important;min-width:8px !important;max-width:16px !important;min-height:8px !important;max-height:16px !important;display:inline-block !important;\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xc6\xa5-align:middle !important}.",t.id," img.k3a2e7ccf{width:16px !important;height:16px !important}.",t.id," img.hbcfd6875{background-color:#fff !impor' … b'var e=[];return e.push(".",t.id," .jab9c67d6{display:inline-block !important}"),e.join("")}},~\xef\xbf\xbd\xdc\xb6*\'(t,e,i){"use strict";var n=i(1),o=i(0),r=n.createComponent({render:~\xef\xbf\xbd\xdc\xb6*\'(){var t=this.props.separator,e=this.getChildren(),i=e.length-1,n=[];return o.each(e,~\xef\xbf\xbd\xdc\xb6*\'(e,o){n.push(e),o<i&&n.push(t)}),n}});t.exports=r},~\xef\xbf\xbd\xdc\xb6*\'(t,e,i){"use strict";var n=i(7),o=i(1),r=i(6),a=i(653),s=o.createComponent(r,{name:"yap-geo",shouldRender:~\xef\xbf\xbd\xdc\xb6*\'(){return this.props.adv.geoDistance},afterRender:~\xef\xbf\xbd\xdc\xb6*\'(){this.push' … b'var e=[];return e.push(".",t.id," .mda61b3b7{padding:16px 0 !important;min-height:120px !important}.",t.id," .tc1145fb{margin-bottom:20px !important}.",t.id," .d170f5fe1{margin:16px 20px 0 !important}.",t.id," .q7d953d3d{margin:7px 20px 0 !important}.",t.id," .b9fd5ebb3{font-size:13px !important}.",t.id," .ef9c76e60,.",t.id," .vf566e663,.",t.id," .h296a2d28,.",t.id," .wd5c7c990{margin:16px 20px 0 !important}.",t.id," .wd5c7c990{margin-top:0 !important}.",t.id," .t28429e{font-size:1.2em !important}.",t.id," ' … b'var e=[];return e.push(".",t.id,"{max-width:inherit !important;max-height:inherit !important}.",t.id," .g7417822a{width:",t.width," !important;height:",t.height," !important;\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd~Z0:hidden !important;max-width:",t.\xef\xbf\xbd\xef\xbf\xbdV\xef\xbf\xbd\xef\xbf\xbda," !important;max-height:",t.maxHeight," !important}.",t.id," .a939c4aa3 .efaf99916{\xef\xbf\xbd\xef\xbf\xbd"\xef\xbf\xbd*\':i\xef\xbf\xbd(\xef\xbf\xbd\xef\xbf\xbd^ !important}.",t.id," .a939c4aa3 .i71a7e608{\xef\xbf\xbd\xef\xbf\xbd"\xef\xbf\xbd*\':i\xef\xbf\xbd(\xef\xbf\xbd\xef\xbf\xbd^ !important;margin-right:0 !important;margin-bottom:0 !important}.",t.id," .h1799b8fc{visibility:hidd' … b'var e=[];return e.push(".",t.id," .eb4894021{font-size:9px !important}.",t.id," .c56b35d95{line-height:10px !important;\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xc6\xa5-align:bottom !important}.",t.id," .nb824b188:hover .c56b35d95,.",t.id," .c56b35d95{border-bottom-style:none !important}.",t.id," .a1ff0ce67 .eb4894021{line-height:16px !important}.",t.id," .a1ff0ce67 .c56b35d95{\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xc6\xa5-align:middle !important;line-height:9px !important}"),e.join("")}},~\xef\xbf\xbd\xdc\xb6*\'(t,e,i){"use strict";var n=i(711);t.exports=n.BlockElasticPogodaGrid},~\xef\xbf\xbd\xdc\xb6*\'(t,e,' … b'var e=[];return e.push(".",t.id," .g7417822a .efaf99916{top:14px !important}.",t.id," .g7417822a .s55b1faec{height:auto !important;\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xc6\xa5-align:middle !important}.",t.id," .a2f8d05d9 .eb4894021{top:0 !important;margin-top:0 !important}"),e.join("")}},~\xef\xbf\xbd\xdc\xb6*\'(t,e,i){"use strict";var n,o=(n=~\xef\xbf\xbd\xdc\xb6*\'(t,e){return(n=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&~\xef\xbf\xbd\xdc\xb6*\'(t,e){t.__proto__=e}||~\xef\xbf\xbd\xdc\xb6*\'(t,e){for(var i in e)e.hasOwnProperty(i)&&(t[i]=e[i])})(t,e)},~\xef\xbf\xbd\xdc\xb6*\'(t,e){~\xef\xbf\xbd\xdc\xb6*\' i(){this.constr' … b'var e=[];return e.push(".",t.id," .f4af60a82 .efaf99916,.",t.id," .a19a388a6 .efaf99916{margin:0 !important}"),e.join("")}},~\xef\xbf\xbd\xdc\xb6*\'(t,e,i){"use strict";var n=i(739);t.exports=n.BlockYaMailMobileMiddle},~\xef\xbf\xbd\xdc\xb6*\'(t,e,i){"use strict";var n,o=(n=~\xef\xbf\xbd\xdc\xb6*\'(t,e){return(n=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&~\xef\xbf\xbd\xdc\xb6*\'(t,e){t.__proto__=e}||~\xef\xbf\xbd\xdc\xb6*\'(t,e){for(var i in e)e.hasOwnProperty(i)&&(t[i]=e[i])})(t,e)},~\xef\xbf\xbd\xdc\xb6*\'(t,e){~\xef\xbf\xbd\xdc\xb6*\' i(){this.constructor=t}n(t,e),t.prototype=null===e?Object.create(e):' … b'\\xa0' … b'\\xab' … b'\\xab' … b'\\xbb' … b'\\xa0' … b'\\xa0' … b'\\xa0' … b'\\xa0' … b'\\xa0' … b'\\xab' … b'\\xbb' … b'\\xa0' … b'\\xa0' … b'\\xa0' … b'\\xa0' … b'\\xa0' … b'\\xa0' … b'\\xa0' … b'\\xa0' … b'\\xf6' … b'\\xe7' … b'\\xe7' … b'\\xf6' … b'\\xf6' … b'\\xab' … b'\\xbb' … b'\\xe7' … b'\\xf6' … b'\\xa0' … b'\\xa0' … b'\\xa0' … b'\\xa0' … b'\\xa0' … b'\\xa0' … b'\\xa0' … b'\\xa0' … b'\\xa0' … b'\\xa0' … b'\\xa0' … b'\\xa0' … b'\\xa0' … b'"pcodeStaticJsonp10121"' … b'"pcodeStaticJsonp10121"' … b'"RtbManagerBeforeRenderRtb"' … b'"RtbManagerDataPreparedRtb"' … b'"RtbBlockCreateWrapper"' … b'"RtbManagerBlockRenderedRtb"' … b'"RtbManagerBlockReadyRtb"' … b'"ComponentBlockBeforeRender"' … b'"ComponentBlockReadyToRender"' … b'"ComponentBlockMounted"' … b'"ComponentBlockDisplayed"' … b'"DirectManagerBlockRendered"' … b'"onChangeVisibilityImageAdaptive"' … b'"yaSafeFrameAsyncCallbacks"' … b'"SafeframeResourceError"' … b'"isSimilarExperimentTarget"' … b'"adapterComponentBlock"' … b'"leaderboardVertical0318"' … b'"ExternalResourceError"' … b'"mailruExtensibleMobile"' … b'"adapterComponentBlock"' … b'"adapterComponentBlock"' … b'"adapterComponentBlock"' … b'"adapterComponentBlock"' … b'"adapterComponentBlock"' … b'"adapterComponentBlock"'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!