generic_javascript_obfuscation5 in portal.al.go.leg.br

On 2020-06-30T21:25:07.868956+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://portal.al.go.leg.br/packs/js/ap… referenced from http://portal.al.go.leg.br/ .

Code sample:

b'["\xc2\xa2p\xc2\xa1jx\x1e","onClose","onDayCreate","onDestroy","onKeyDown","onMonthChange","onOpen","onParseConfig","onReady","onValueUpdate","\xc2\xa2v\x1ej\xc2\xb0\xc2\xa1jx\x1e",' … b'["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],\xc2\x96\xc2\x89\xc3\xa0\xc2\x85\xc2\xa9\xc3\x9d:["Sunday","Monday","Tuesday","Wednesday","N\x1b\xc2\xab\xc2\xb1\xc3\x96\xc2\xb2","Friday","I\xc2\xabn\xc2\xad\xc3\x96\xc2\xb2"]},months:{shorthand:["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],\xc2\x96\xc2\x89\xc3\xa0\xc2\x85\xc2\xa9\xc3\x9d:["January","\x15\xc3\xa6\xc3\xab\xc2\xb9\xc2\xaa\xc3\xb2","March","April","May","June","July","August","September","October","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xb7\xc2\xab",' … b'["Sunday","Monday","Tuesday","Wednesday","N\x1b\xc2\xab\xc2\xb1\xc3\x96\xc2\xb2","Friday","I\xc2\xabn\xc2\xad\xc3\x96\xc2\xb2"]},months:{shorthand:["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],\xc2\x96\xc2\x89\xc3\xa0\xc2\x85\xc2\xa9\xc3\x9d:["January","\x15\xc3\xa6\xc3\xab\xc2\xb9\xc2\xaa\xc3\xb2","March","April","May","June","July","August","September","October","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xb7\xc2\xab",' … b'["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],\xc2\x96\xc2\x89\xc3\xa0\xc2\x85\xc2\xa9\xc3\x9d:["January","\x15\xc3\xa6\xc3\xab\xc2\xb9\xc2\xaa\xc3\xb2","March","April","May","June","July","August","September","October","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xb7\xc2\xab",' … b'["January","\x15\xc3\xa6\xc3\xab\xc2\xb9\xc2\xaa\xc3\xb2","March","April","May","June","July","August","September","October","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xb7\xc2\xab",' … b'["_showTimeInput","latestSelectedDateObj","_hideNextMonthArrow","_hidePrevMonthArrow","__hideNextMonthArrow","__hidePrevMonthArrow","\xc2\x8a\xc3\x83(n)^","isOpen","\xc2\xb1\xc3\xa9^r\xc3\x97\xc2\x9dDateElem","minDateHasTime","maxDateHasTime","days","daysContainer","_input","_\xc2\xa6\xc2\x8b"\xc2\xb6*\'Element","innerContainer","rContainer","\xc2\x9a\xc2\x89\xc3\xad\xc2\x84\xc3\x96\xc2\xaf","todayDateElem","calendarContainer","weeku\xc2\xac\xc2\x82\xc2\xa2{Z\xc2\x8aw\xc2\xab","\xc2\xa6\xc2\xb7\xc2\xaf2\xc2\x89\xc3\xad\xc2\x84\xc3\x96\xc2\xaf","\xc2\x9d\xc3\xacm2\xc2\x89\xc3\xad\xc2\x84\xc3\x96\xc2\xaf","monthsDropdownContainer","currentMonthElement","currentYearElement","navigationCurrentMonth","\xc2\xb1\xc3\xa9^r\xc3\x97\xc2\x9dDateEle' … b'["wrap","weekNumbers","allowInput","clickOpens","time_24hr","enableTime","noCalendar","j[H\xc2\x9e\xc2\x9b\xc2\xad","shorthandCurrentMonth","inline","static","enableSeconds","disableMobile"],o=e({},m,JSON.parse(JSON.stringify(p.dataset||{}))),i={};v.config.parseDate=o.parseDate,v.config.formatDate=o.formatDate,Object.defineProperty(v.config,"enable",' … b'["Dom","Seg","Ter","Qua","Qui","Sex","S\xc3\xa1b"],\xc2\x96\xc2\x89\xc3\xa0\xc2\x85\xc2\xa9\xc3\x9d:["Domingo","Segunda-feira","Ter\xc3\xa7a-feira","Quarta-feira","Quinta-feira","Sexta-feira","S\xc3\xa1bado"]},months:{shorthand:["Jan","Fev","Mar","Abr","Mai","Jun","Jul","Ago","Set","Out","Nov","Dez"],\xc2\x96\xc2\x89\xc3\xa0\xc2\x85\xc2\xa9\xc3\x9d:["Janeiro","Fevereiro","Mar\xc3\xa7o","Abril","Maio","Junho","Julho","Agosto","I\xc3\xab^\xc2\x99\xc2\xba\xc3\xa8","Outubro","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xba\xc3\xa8",' … b'["Domingo","Segunda-feira","Ter\xc3\xa7a-feira","Quarta-feira","Quinta-feira","Sexta-feira","S\xc3\xa1bado"]},months:{shorthand:["Jan","Fev","Mar","Abr","Mai","Jun","Jul","Ago","Set","Out","Nov","Dez"],\xc2\x96\xc2\x89\xc3\xa0\xc2\x85\xc2\xa9\xc3\x9d:["Janeiro","Fevereiro","Mar\xc3\xa7o","Abril","Maio","Junho","Julho","Agosto","I\xc3\xab^\xc2\x99\xc2\xba\xc3\xa8","Outubro","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xba\xc3\xa8",' … b'["Jan","Fev","Mar","Abr","Mai","Jun","Jul","Ago","Set","Out","Nov","Dez"],\xc2\x96\xc2\x89\xc3\xa0\xc2\x85\xc2\xa9\xc3\x9d:["Janeiro","Fevereiro","Mar\xc3\xa7o","Abril","Maio","Junho","Julho","Agosto","I\xc3\xab^\xc2\x99\xc2\xba\xc3\xa8","Outubro","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xba\xc3\xa8",' … b'["Janeiro","Fevereiro","Mar\xc3\xa7o","Abril","Maio","Junho","Julho","Agosto","I\xc3\xab^\xc2\x99\xc2\xba\xc3\xa8","Outubro","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xba\xc3\xa8",' … b'["nome","cargo","rg","cpf","\xc2\xb5\xc3\xa9^~\xc2\x89\xc3\x9e","celular","zw^\xc2\xad\xc3\xa7(","email","veiculo","midiaImpressa","midiaOnline","midiaRadio","midiaTv","midiaOutra",' … b'["altFormat","ariaDateFormat","dateFormat"],g={string:["j[H\xc2\x9e\xc2\x9b\xc2\xadClass","conjunction","mode","nextArrow","\xc2\xa6\xc2\x8b"\xc2\xb6*\'","prevArrow"],boolean:["allowInput","j[H\xc2\x9e\xc2\x9b\xc2\xad","animate","clickOpens","closeOnSelect","disableMobile","enableSeconds","enableTime","inline","noCalendar","shorthandCurrentMonth","static","time_24hr","weekNumbers","wrap"],date:["maxDate","minDate","maxTime","minTime","now"],array:["disable","enable","disableDaysOfWeek","zv\xc2\x9b\xc2\x95\xc3\xa0\xc3\x9a\xc3\x8a\xc3\x83\xc2\x9fY\xc3\xa7\xc2\xa4"],number:["defaultHour","defaultMinute","defaultSecon' … b'["j[H\xc2\x9e\xc2\x9b\xc2\xadClass","conjunction","mode","nextArrow","\xc2\xa6\xc2\x8b"\xc2\xb6*\'","prevArrow"],boolean:["allowInput","j[H\xc2\x9e\xc2\x9b\xc2\xad","animate","clickOpens","closeOnSelect","disableMobile","enableSeconds","enableTime","inline","noCalendar","shorthandCurrentMonth","static","time_24hr","weekNumbers","wrap"],date:["maxDate","minDate","maxTime","minTime","now"],array:["disable","enable","disableDaysOfWeek","zv\xc2\x9b\xc2\x95\xc3\xa0\xc3\x9a\xc3\x8a\xc3\x83\xc2\x9fY\xc3\xa7\xc2\xa4"],number:["defaultHour","defaultMinute","defaultSeconds","hourIncrement","minuteIncrement","showMonths"],ar' … b'["allowInput","j[H\xc2\x9e\xc2\x9b\xc2\xad","animate","clickOpens","closeOnSelect","disableMobile","enableSeconds","enableTime","inline","noCalendar","shorthandCurrentMonth","static","time_24hr","weekNumbers","wrap"],date:["maxDate","minDate","maxTime","minTime","now"],array:["disable","enable","disableDaysOfWeek","zv\xc2\x9b\xc2\x95\xc3\xa0\xc3\x9a\xc3\x8a\xc3\x83\xc2\x9fY\xc3\xa7\xc2\xa4"],number:["defaultHour","defaultMinute","defaultSeconds","hourIncrement","minuteIncrement","showMonths"],arrayOrString:["defaultDate"]},v=["change","open","close","monthChange","yearChange","' … b'["maxDate","minDate","maxTime","minTime","now"],array:["disable","enable","disableDaysOfWeek","zv\xc2\x9b\xc2\x95\xc3\xa0\xc3\x9a\xc3\x8a\xc3\x83\xc2\x9fY\xc3\xa7\xc2\xa4"],number:["defaultHour","defaultMinute","defaultSeconds","hourIncrement","minuteIncrement","showMonths"],arrayOrString:["defaultDate"]},v=["change","open","close","monthChange","yearChange","ready","valueUpdate","dayCreate"],y=["calendarContainer","currentYearElement","days","daysContainer","input","\xc2\x9d\xc3\xacm2\xc2\x89\xc3\xad\xc2\x84\xc3\x96\xc2\xaf","\xc2\x9a\xc2\x89\xc3\xad\xc2\x84\xc3\x96\xc2\xaf","\xc2\xa6\xc2\xb7\xc2\xaf2\xc2\x89\xc3\xad\xc2\x84\xc3\x96\xc2\xaf","rContainer","\xc2\xb1\xc3\xa9^r\xc3\x97\xc2\x9dDateElem","todayD' … b'["disable","enable","disableDaysOfWeek","zv\xc2\x9b\xc2\x95\xc3\xa0\xc3\x9a\xc3\x8a\xc3\x83\xc2\x9fY\xc3\xa7\xc2\xa4"],number:["defaultHour","defaultMinute","defaultSeconds","hourIncrement","minuteIncrement","showMonths"],arrayOrString:["defaultDate"]},v=["change","open","close","monthChange","yearChange","ready","valueUpdate","dayCreate"],y=["calendarContainer","currentYearElement","days","daysContainer","input","\xc2\x9d\xc3\xacm2\xc2\x89\xc3\xad\xc2\x84\xc3\x96\xc2\xaf","\xc2\x9a\xc2\x89\xc3\xad\xc2\x84\xc3\x96\xc2\xaf","\xc2\xa6\xc2\xb7\xc2\xaf2\xc2\x89\xc3\xad\xc2\x84\xc3\x96\xc2\xaf","rContainer","\xc2\xb1\xc3\xa9^r\xc3\x97\xc2\x9dDateElem","todayDateElem","weeku\xc2\xac\xc2\x82\xc2\xa2{Z\xc2\x8aw\xc2\xab"],b={"%Y":"Y","%y":"y","%' … b'["defaultHour","defaultMinute","defaultSeconds","hourIncrement","minuteIncrement","showMonths"],arrayOrString:["defaultDate"]},v=["change","open","close","monthChange","yearChange","ready","valueUpdate","dayCreate"],y=["calendarContainer","currentYearElement","days","daysContainer","input","\xc2\x9d\xc3\xacm2\xc2\x89\xc3\xad\xc2\x84\xc3\x96\xc2\xaf","\xc2\x9a\xc2\x89\xc3\xad\xc2\x84\xc3\x96\xc2\xaf","\xc2\xa6\xc2\xb7\xc2\xaf2\xc2\x89\xc3\xad\xc2\x84\xc3\x96\xc2\xaf","rContainer","\xc2\xb1\xc3\xa9^r\xc3\x97\xc2\x9dDateElem","todayDateElem","weeku\xc2\xac\xc2\x82\xc2\xa2{Z\xc2\x8aw\xc2\xab"],b={"%Y":"Y","%y":"y","%C":"Y","%m":"m","%-m":"n","%_m":"n","%B":"F","%^B":"F","%b":"M","%^b":"M' … b'["defaultDate"]},v=["change","open","close","monthChange","yearChange","ready","valueUpdate","dayCreate"],y=["calendarContainer","currentYearElement","days","daysContainer","input","\xc2\x9d\xc3\xacm2\xc2\x89\xc3\xad\xc2\x84\xc3\x96\xc2\xaf","\xc2\x9a\xc2\x89\xc3\xad\xc2\x84\xc3\x96\xc2\xaf","\xc2\xa6\xc2\xb7\xc2\xaf2\xc2\x89\xc3\xad\xc2\x84\xc3\x96\xc2\xaf","rContainer","\xc2\xb1\xc3\xa9^r\xc3\x97\xc2\x9dDateElem","todayDateElem","weeku\xc2\xac\xc2\x82\xc2\xa2{Z\xc2\x8aw\xc2\xab"],b={"%Y":"Y","%y":"y","%C":"Y","%m":"m","%-m":"n","%_m":"n","%B":"F","%^B":"F","%b":"M","%^b":"M","%h":"M","%^h":"M","%d":"d","%-d":"j","%e":"j","%H":"H","%k":"H","%I":"h","%l":"h","%P":"K","%p":"K","%M":"i' … b'["change","open","close","monthChange","yearChange","ready","valueUpdate","dayCreate"],y=["calendarContainer","currentYearElement","days","daysContainer","input","\xc2\x9d\xc3\xacm2\xc2\x89\xc3\xad\xc2\x84\xc3\x96\xc2\xaf","\xc2\x9a\xc2\x89\xc3\xad\xc2\x84\xc3\x96\xc2\xaf","\xc2\xa6\xc2\xb7\xc2\xaf2\xc2\x89\xc3\xad\xc2\x84\xc3\x96\xc2\xaf","rContainer","\xc2\xb1\xc3\xa9^r\xc3\x97\xc2\x9dDateElem","todayDateElem","weeku\xc2\xac\xc2\x82\xc2\xa2{Z\xc2\x8aw\xc2\xab"],b={"%Y":"Y","%y":"y","%C":"Y","%m":"m","%-m":"n","%_m":"n","%B":"F","%^B":"F","%b":"M","%^b":"M","%h":"M","%^h":"M","%d":"d","%-d":"j","%e":"j","%H":"H","%k":"H","%I":"h","%l":"h","%P":"K","%p":"K","%M":"i","%S":"S","%A":"l"' … b'["calendarContainer","currentYearElement","days","daysContainer","input","\xc2\x9d\xc3\xacm2\xc2\x89\xc3\xad\xc2\x84\xc3\x96\xc2\xaf","\xc2\x9a\xc2\x89\xc3\xad\xc2\x84\xc3\x96\xc2\xaf","\xc2\xa6\xc2\xb7\xc2\xaf2\xc2\x89\xc3\xad\xc2\x84\xc3\x96\xc2\xaf","rContainer","\xc2\xb1\xc3\xa9^r\xc3\x97\xc2\x9dDateElem","todayDateElem","weeku\xc2\xac\xc2\x82\xc2\xa2{Z\xc2\x8aw\xc2\xab"],b={"%Y":"Y","%y":"y","%C":"Y","%m":"m","%-m":"n","%_m":"n","%B":"F","%^B":"F","%b":"M","%^b":"M","%h":"M","%^h":"M","%d":"d","%-d":"j","%e":"j","%H":"H","%k":"H","%I":"h","%l":"h","%P":"K","%p":"K","%M":"i","%S":"S","%A":"l","%a":"D",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!