generic_javascript_obfuscation5 in aulavirtual.enap.edu.pe

On 2020-05-23T18:35:25.891920+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://aulavirtual.enap.edu.pe/lib/req… referenced from https://aulavirtual.enap.edu.pe/ .

Code sample:

b'["jquery","core/modal_events","core/modal_registry","core/modal","core/modal_save_cancel","core/modal_confirm","core/modal_cancel","core/\xc2\xb5\xc3\xa9\xc2\xa9\xc2\x95\xc2\xab^s","core/notification",' … b'["jquery","core/ajax","core/\xc2\xb5\xc3\xa9\xc2\xa9\xc2\x95\xc2\xab^s","core/notification","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\x8bk","core/config","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\xaa\xc3\xa5","core/form-j\xc3\xabhr\xc2\x89\xc2\xa9\xc2\x95\xc3\xab^",' … b'["core/mustache","jquery","core/ajax","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\x8bk","core/notification","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\xaa\xc3\xa5","core/config","core/localstorage","core/icon_system","core/event","r\xc2\x8a\xc3\x9e\xc3\xbf+\xc2\xa2",' … b'["#f3c300","#875692","#f38400","#a1caf1","#be0032","#c2b280","#7f180d","#008856","#e68fac",' … b'["auto-start","auto","auto-end","top-start","top","top-end","right-start","right","right-end","bottom-end","bottom","bottom-start","left-end","left","left-start"],sa=ra.slice(3),ta={FLIP:"flip",CLOCKWISE:"clockwise",COUNTERCLOCKWISE:"r\xc2\x8b\xc2\xa7\xc2\xb5\xc3\xaa\xc3\x9c\xc2\x96\xc2\x87$\xc3\x82+\x1e"},ua={shift:{order:100,enabled:!0,fn:ca},offset:{order:200,enabled:!0,fn:aa,offset:0},preventOverflow:{order:300,enabled:!0,fn:ba,priority:["left","right","top","bottom"],padding:5,boundariesElement:"\xc2\xb1\xc3\x8a\xc3\xa8\xc2\x96S\xc3\x9a\xc2\xad\xc3\xa9\xc3\xad"},\xc2\x91\xc3\xa7\xc2\xa9N\xc2\x88\x1e\xc2\xb6\x17\xc2\xab:{order:400,enabled:!0' … b'["jquery","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\x8bk","core/notification","core_q\xc2\xa9^\xc2\x9d\xc3\x96\xc2\xab/selectors","core_q\xc2\xa9^\xc2\x9d\xc3\x96\xc2\xab/events","core_q\xc2\xa9^\xc2\x9d\xc3\x96\xc2\xab/view_manager","core_q\xc2\xa9^\xc2\x9d\xc3\x96\xc2\xab/repository","core/modal_factory","core_q\xc2\xa9^\xc2\x9d\xc3\x96\xc2\xab/modal_event_form","core/modal_events",' … b'["jquery","core/event","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\x8bk","core/notification","core/\xc2\xb5\xc3\xa9\xc2\xa9\xc2\x95\xc2\xab^s","core/custom_interaction_events","core/modal","core/modal_registry","core/fragment","core_q\xc2\xa9^\xc2\x9d\xc3\x96\xc2\xab/events",' … b'["jquery","core/ajax","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\x8bk","core/\xc2\xb5\xc3\xa9\xc2\xa9\xc2\x95\xc2\xab^s","core/notification","core/custom_interaction_events","core/modal_events","core/modal_factory","core_q\xc2\xa9^\xc2\x9d\xc3\x96\xc2\xab/modal_event_form","core_q\xc2\xa9^\xc2\x9d\xc3\x96\xc2\xab/summary_modal","core_q\xc2\xa9^\xc2\x9d\xc3\x96\xc2\xab/repository","core_q\xc2\xa9^\xc2\x9d\xc3\x96\xc2\xab/events","core_q\xc2\xa9^\xc2\x9d\xc3\x96\xc2\xab/view_manager","core_q\xc2\xa9^\xc2\x9d\xc3\x96\xc2\xab/crud",' … b'["jquery","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\x8bk","core/notification","core/custom_interaction_events","core/modal","core/modal_registry","core/modal_factory","core/modal_events","core_q\xc2\xa9^\xc2\x9d\xc3\x96\xc2\xab/repository","core_q\xc2\xa9^\xc2\x9d\xc3\x96\xc2\xab/events",' … b'["jquery","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\x8bk","core/notification","core/custom_interaction_events","core/modal","core/modal_registry","core/modal_factory","core/modal_events","core_q\xc2\xa9^\xc2\x9d\xc3\x96\xc2\xab/modal_event_form","core_q\xc2\xa9^\xc2\x9d\xc3\x96\xc2\xab/repository","core_q\xc2\xa9^\xc2\x9d\xc3\x96\xc2\xab/events","core_q\xc2\xa9^\xc2\x9d\xc3\x96\xc2\xab/modal_delete",' … b'["jquery","core/\xc2\xb5\xc3\xa9\xc2\xa9\xc2\x95\xc2\xab^s","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\x8bk","core/notification","core_q\xc2\xa9^\xc2\x9d\xc3\x96\xc2\xab/repository","core_q\xc2\xa9^\xc2\x9d\xc3\x96\xc2\xab/events","core_q\xc2\xa9^\xc2\x9d\xc3\x96\xc2\xab/selectors","core/modal_factory","core/modal_events",' … b'["jquery","core/ajax","core/\xc2\xb5\xc3\xa9\xc2\xa9\xc2\x95\xc2\xab^s","core/notification","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\x8bk","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\xaa\xc3\xa5","r\xc2\x8a\xc3\x9e\xc3\xbf+\xc2\xa2","core/modal_factory","core/modal_events",' … b'["jquery","core/key_codes","core/pubsub","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\x8bk","core_message/message_drawer_router","core_message/message_drawer_routes","core_message/message_drawer_events","core_message/message_drawer_view_overview_section","core_message/message_repository",' … b'["jquery","core/custom_interaction_events","core/notification","core/pubsub","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\x8bk","core/\xc2\xb5\xc3\xa9\xc2\xa9\xc2\x95\xc2\xab^s","core/user_date","core_message/message_repository","core_message/message_drawer_events","core_message/message_drawer_router","core_message/message_drawer_routes","core_message/message_drawer_lazy_load_list",' … b'["jquery","core/auto_rows","core/backoff_timer","core/custom_interaction_events","core/notification","core/pubsub","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\x8bk","core_message/message_repository","core_message/message_drawer_events","core_message/message_drawer_view_conversation_constants","core_message/message_drawer_view_conversation_patcher","core_message/message_drawer_view_conversation_renderer","core_message/message_drawer_view_conversation_state_manager","core_message/message_drawer_router",' … b'["jquery","core/custom_interaction_events","core/pubsub","core_message/message_drawer_view_contact","core_message/message_drawer_view_r\xc2\x89\xc3\xadi\xc3\x8bl","core_message/message_drawer_view_conversation","core_message/message_drawer_view_group_info","core_message/message_drawer_view_overview","core_message/message_drawer_view_search","core_message/message_drawer_view_\xc2\xb1\xc3\xabm\xc2\x8ax,","core_message/message_drawer_router","core_message/message_drawer_routes","core_message/message_drawer_events",' … b'["jquery","core/fragment","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\x8bk","core/modal_events","core/modal_factory","core/notification","core/custom_interaction_events","core_\xc2\xaa\xc3\xa7\xc2\xac\xc2\xb6*\'/repository",' … b'["core/\xc2\xb5\xc3\xa9\xc2\xa9\xc2\x95\xc2\xab^s","jquery","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\x8bk","core/config","core/notification","core/modal_factory","core/modal_events","core/fragment",' … b'["jquery","r\xc2\x8a\xc3\x9e\xc3\xbf+\xc2\xa2","core/notification","core/\xc2\xb5\xc3\xa9\xc2\xa9\xc2\x95\xc2\xab^s","core/fragment","core/ajax","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\x8bk","mod_assign/grading_form_change_checker","mod_assign/grading_events",' … b'["jquery","core/ajax","core/notification","core/\xc2\xb5\xc3\xa9\xc2\xa9\xc2\x95\xc2\xab^s","mod_lti/events","mod_lti/keys","mod_lti/tool_type","mod_lti/tool_proxy",' … b'["jquery","core/ajax","core/notification","core/\xc2\xb5\xc3\xa9\xc2\xa9\xc2\x95\xc2\xab^s","core/modal_factory","mod_lti/tool_type","mod_lti/events","mod_lti/keys",' … b'["jquery","core/ajax","core/notification","core/\xc2\xb5\xc3\xa9\xc2\xa9\xc2\x95\xc2\xab^s","mod_lti/events","mod_lti/tool_proxy","mod_lti/tool_type","mod_lti/keys",' … b'["height=600","width=800","top=0","left=0","menubar=0","location=0","scrollbars","resizable","toolbar","status","directories=0","fullscreen=0","dependent"];window.openpopup(a,{url:b.attr("href"),name:"\xc2\xaa\xc3\xa7\xc2\xac\xc2\xb6*\'preview",options:c.join(",' … b'["jquery","core/ajax","core/\xc2\xb5\xc3\xa9\xc2\xa9\xc2\x95\xc2\xab^s","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\x8bk","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\xaa\xc3\xa5","core/notification","core/custom_interaction_events","core/popover_region_controller","message_popup/notification_repository",' … b'["jquery","block_myoverview/repository","core/paged_content_factory","core/pubsub","core/custom_interaction_events","core/notification","core/\xc2\xb5\xc3\xa9\xc2\xa9\xc2\x95\xc2\xab^s","core_course/events","block_myoverview/selectors",' … b'["jquery","core/ajax","core/notification","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\x8bk","core/modal_factory","core/modal_events","core/\xc2\xb5\xc3\xa9\xc2\xa9\xc2\x95\xc2\xab^s","tool_dataprivacy/data_request_modal",' … b'["jquery","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\x8bk","core/ajax","core/notification","core/\xc2\xb5\xc3\xa9\xc2\xa9\xc2\x95\xc2\xab^s","core/modal_factory","core/modal_events","core/fragment","tool_dataprivacy/add_purpose",' … b'["jquery","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\xaa\xc3\xa5","core/\xc2\xb5\xc3\xa9\xc2\xa9\xc2\x95\xc2\xab^s","core/notification","r\xc2\x8a\xc3\x9e\xc3\xbe\xc3\x8bk","core/ajax","tool_lp/dragdrop-reorder","tool_lp/tree","tool_lp/dialogue","tool_lp/menubar","tool_lp/r\xc2\x89\xc2\xa9z\xc3\x97\xc2\xa7s*brG\xc2\xab","tool_lp/competency_\xc2\xa2\xc3\xab\\\xc2\xa2g\xc2\xac","tool_lp/competencyruleconfig",' … b'["left","right","top","bottom"];break;case"right":e=["right","left","top","bottom"];break;case"top":e=["top","bottom","right","left"];break;case"bottom":e=["bottom","top","right",' … b'["right","left","top","bottom"];break;case"top":e=["top","bottom","right","left"];break;case"bottom":e=["bottom","top","right",' … b'["theme_boost/aria","theme_boost/pending","theme_boost/util","theme_boost/alert","theme_boost/button","theme_boost/q\xc2\xaa\xc3\xa8\xc2\xba\xc3\x87\xc2\xa5","theme_boost/r\xc2\x89ej\xc2\x9b\x1e","theme_boost/v\xc2\xba)v\xc2\x8c\'","theme_boost/modal","theme_boost/scrollspy","theme_boost/tab","theme_boost/tooltip","theme_boost/popover"],~\xc3\xa9\xc3\x9c\xc2\xb6*\'(b){a("body").popover({trigger:"focus",selector:"[data-toggle=popover][data-trigger!=hover]"}),d.define(a("body"),[d.events.escape]),a("body").on(d.events.escape,"[data-toggle=popover]",~\xc3\xa9\xc3\x9c\xc2\xb6*\'(){a(this).popover("hide")}' … b'["body#page-mod-assign-mod","body#page-mod-choice-mod","body#page-mod-turnitintool-mod","body#page-mod-workshop-mod"],O=["body#page-mod-url-mod","body#page-mod-\xc2\xad\xc3\xab(\xc2\xba\xc2\xb7\x1e-mod","body#page-mod-folder-mod","body#page-mod-imscp-mod","body#page-mod-lightboxgallery-mod","body#page-mod-scorm-mod"];0===a(N.join()).length&&(a(H).append(L),a(H).append(a("#fitem_id_showdescription"))),a(O.join()).length>0&&i.get_strings([{key:"multimediacard",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!