generic_javascript_obfuscation5 in www.fundacioncanal.com

On 2020-06-30T20:18:05.079750+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://www.fundacioncanal.com/canaledu… referenced from https://www.fundacioncanal.com/canaledu… .

Code sample:

b'["volume","src","currentTime","muted","v\xc3\xaa\xc3\x9a\xc2\xb6*\'","paused","ended","n\xc3\xa7\xc3\x9fz\xc2\xb7\xc2\x9d","error","\xc2\x9d\xc3\xabp\xc2\xa2\xc2\xb9\x12\xc2\xb5\xc2\xab^","readyState","seeking","\xc2\xb1\xc3\xa7\xc2\xa4i\xc2\xb9^","currentSrc","preload","n\xc3\xa7\xc3\x9fz\xc2\xb7\xc2\x9dBytes","n\xc3\xa7\xc3\x9fz\xc2\xb7\xc2\x9dTime","initialTime","startOffsetTime","defaultPlaybackRate","\xc2\xa6V\xc2\xb2m\xc2\xa7$E\xc2\xab^","played","j\xc3\xabh\xc2\xa6V\xc2\xb2","loop","r\xc2\x89\xc3\xad\xc2\xae\xc2\x89l"],readOnlyProperties:["v\xc3\xaa\xc3\x9a\xc2\xb6*\'","paused","ended","n\xc3\xa7\xc3\x9fz\xc2\xb7\xc2\x9d","error","\xc2\x9d\xc3\xabp\xc2\xa2\xc2\xb9\x12\xc2\xb5\xc2\xab^","readyState","seeking","\xc2\xb1\xc3\xa7\xc2\xa4i\xc2\xb9^"],methods:["load","play","pause","canPlayType"],events:["loadstart","v\xc3\xaa\xc3\x9a\xc2\xb6*' … b'["v\xc3\xaa\xc3\x9a\xc2\xb6*\'","paused","ended","n\xc3\xa7\xc3\x9fz\xc2\xb7\xc2\x9d","error","\xc2\x9d\xc3\xabp\xc2\xa2\xc2\xb9\x12\xc2\xb5\xc2\xab^","readyState","seeking","\xc2\xb1\xc3\xa7\xc2\xa4i\xc2\xb9^"],methods:["load","play","pause","canPlayType"],events:["loadstart","v\xc3\xaa\xc3\x9a\xc2\xb6*\'change","loadedmetadata","loadeddata",' … b'["audio/mp3","audio/ogg","audio/oga","audio/wav","audio/x-wav","audio/wave","audio/x-pn-wav","audio/mpeg","audio/mp4","video/mp4","video/webm","video/ogg",' … b'[\'type="application/x-shockwave-flash"\',\'data="\'+r.options.pluginPath+r.options.filename+\'"\',\'id="__\'+r.id+\'"\',\'width="\'+S+\'"\',\'height="\'+b+"\'""]:[\'rV\xc2\xac\xc2\xb2\'"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"\',\'r\xc2\x87^m\xc2\xab\x1e"//download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"\',\'id="__\'+r.id+\'"\',\'width="\'+S+\'"\',' … b'[\'id="__\'+r.id+\'"\',\'name="__\'+r.id+\'"\',\'play="true"\',\'loop="false"\',\'\xc2\xaa\xc3\xa6\xc2\xa5\xc2\x8a\xc3\x9c"high"\',\'n\x07(\xc2\x96\xc2\x8a"#000000"\',\'wmode="transparent"\',\'allowScriptAccess="\'+r.options.shimScriptAccess+\'"\',\'jYh\xc3\x80[\xc2\xa5\xc2\x95\'+y\xc3\xa9"true"\',\'type="application/x-shockwave-flash"\',\'\xc2\xa6[\xc2\xa0\xc2\x8a{)j\x07"//www.macromedia.com/go/getflashplayer"\',\'src="\'+r.options.pluginPath+r.options.filename+\'"\',' … b'["mp4","m4v","ogg","ogv","webm","flv","mpeg","mov"].indexOf(i)?r="video/"+i:~["mp3","oga","wav","mid",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!