generic_javascript_obfuscation5 in portal.al.go.leg.br

On 2020-06-30T21:25:07.808009+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://portal.al.go.leg.br/assets/appl… referenced from http://portal.al.go.leg.br/ .

Code sample:

b'["\xc2\xb5\xc2\xa6\xc3\x88\xc2\x9d\xc3\x97\xc2\xb1","\xc2\xad\xc3\xa6\xc2\x9d:yr","maxLength","cellSpacing","cellPadding","rowSpan","colSpan","useMap","frameBorder",' … b'["\xc2\xb5\xc2\xa6\xc3\x88\xc2\x9d\xc3\x97\xc2\xb1","\xc2\xad\xc3\xa6\xc2\x9d:yr","maxLength","cellSpacing","cellPadding","rowSpan","colSpan","useMap","frameBorder",' … b'[""]={closeText:"Done",\xc2\xa6\xc2\xb7\xc2\xafM\xc3\xacm:"Prev",\xc2\x9d\xc3\xacmM\xc3\xacm:"Next",currentText:"Today",monthNames:["January","\x15\xc3\xa6\xc3\xab\xc2\xb9\xc2\xaa\xc3\xb2","March","April","May","June","July","August","September","October","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xb7\xc2\xab",' … b'["January","\x15\xc3\xa6\xc3\xab\xc2\xb9\xc2\xaa\xc3\xb2","March","April","May","June","July","August","September","October","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xb7\xc2\xab",' … b'["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],u\xc2\xac\xc2\x8djg\xc2\xac:["Sunday","Monday","Tuesday","Wednesday","N\x1b\xc2\xab\xc2\xb1\xc3\x96\xc2\xb2","Friday","I\xc2\xabn\xc2\xad\xc3\x96\xc2\xb2"],u\xc2\xac\xc2\x8djg\xc2\xacShort:["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],u\xc2\xac\xc2\x8djg\xc2\xacMin:["Su","Mo","Tu","We","Th","Fr","Sa"],weekHeader:"Wk",dateFormat:"\xc2\x9ao\xc3\x9dw\xc3\xbc\xc2\xb2",~*\xc3\xac\xc2\xb46\xc2\xb2:0,isRTL:!1,showMonthAfterYear:!1,yearSuffix:""},this._u\xc3\xa7\xc3\x9a\xc2\xba[l={showOn:"focus",\xc2\xb2\x1a0\x02x\xc2\xa6:"fadeIn",showOptions:{},defaultDate:null,appendText:"",buttonText:"...",buttonImage:"",buttonImageOnly:' … b'["Sunday","Monday","Tuesday","Wednesday","N\x1b\xc2\xab\xc2\xb1\xc3\x96\xc2\xb2","Friday","I\xc2\xabn\xc2\xad\xc3\x96\xc2\xb2"],u\xc2\xac\xc2\x8djg\xc2\xacShort:["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],u\xc2\xac\xc2\x8djg\xc2\xacMin:["Su","Mo","Tu","We","Th","Fr","Sa"],weekHeader:"Wk",dateFormat:"\xc2\x9ao\xc3\x9dw\xc3\xbc\xc2\xb2",~*\xc3\xac\xc2\xb46\xc2\xb2:0,isRTL:!1,showMonthAfterYear:!1,yearSuffix:""},this._u\xc3\xa7\xc3\x9a\xc2\xba[l={showOn:"focus",\xc2\xb2\x1a0\x02x\xc2\xa6:"fadeIn",showOptions:{},defaultDate:null,appendText:"",buttonText:"...",buttonImage:"",buttonImageOnly:!1,\xc2\x86\'^!\xc3\xb3h>\xc2\xb7\xc2\xaf5\xc3\xacm:!1,navigationAsDateFormat:!1,gotoCurrent:!1,changeMonth:!1,chan' … b'["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],u\xc2\xac\xc2\x8djg\xc2\xacMin:["Su","Mo","Tu","We","Th","Fr","Sa"],weekHeader:"Wk",dateFormat:"\xc2\x9ao\xc3\x9dw\xc3\xbc\xc2\xb2",~*\xc3\xac\xc2\xb46\xc2\xb2:0,isRTL:!1,showMonthAfterYear:!1,yearSuffix:""},this._u\xc3\xa7\xc3\x9a\xc2\xba[l={showOn:"focus",\xc2\xb2\x1a0\x02x\xc2\xa6:"fadeIn",showOptions:{},defaultDate:null,appendText:"",buttonText:"...",buttonImage:"",buttonImageOnly:!1,\xc2\x86\'^!\xc3\xb3h>\xc2\xb7\xc2\xaf5\xc3\xacm:!1,navigationAsDateFormat:!1,gotoCurrent:!1,changeMonth:!1,changeYear:!1,yearRange:"c-10:c+10",showOtherMonths:!1,selectOtherMonths:!1,\xc2\xb2\x1a0Y\xc3\xa7\xc2\xa4:!1,calcula' … b'["~\xc2\x89\xc3\xadJ,\xc3\x9e"],h=["borderTopWidth","borderBottomWidth","paddingTop","paddingBottom"],l=["borderLeftWidth","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","paddingLeft","\xc2\xa5\xc2\xa7]\xc2\x8ax\x11\xc2\x8a\x08m"],c=e.mode,u="effect"!==c,d=e.scale||"both",p=e.origin||["middle","center"],f=a.css("\xc2\xa6\xc2\x8b"\xc2\xb6*\'"),g=a.\xc2\xa6\xc2\x8b"\xc2\xb6*\'(),m=t.effects.scaledDimensions(a),_=e.from||m,v=e.to||t.effects.scaledDimensions(a,0);t.effects.createPlaceholder(a),"show"===c&&(o=_,_=v,v=o),n={from:{y:_.height/m.height,x:_.width/m.width},to:{y:v.height/m.height,x:v.width/m.width}},("box"===d|' … b'["borderTopWidth","borderBottomWidth","paddingTop","paddingBottom"],l=["borderLeftWidth","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","paddingLeft","\xc2\xa5\xc2\xa7]\xc2\x8ax\x11\xc2\x8a\x08m"],c=e.mode,u="effect"!==c,d=e.scale||"both",p=e.origin||["middle","center"],f=a.css("\xc2\xa6\xc2\x8b"\xc2\xb6*\'"),g=a.\xc2\xa6\xc2\x8b"\xc2\xb6*\'(),m=t.effects.scaledDimensions(a),_=e.from||m,v=e.to||t.effects.scaledDimensions(a,0);t.effects.createPlaceholder(a),"show"===c&&(o=_,_=v,v=o),n={from:{y:_.height/m.height,x:_.width/m.width},to:{y:v.height/m.height,x:v.width/m.width}},("box"===d||"both"===d)&&(n' … b'["$injector","$interpolate","$exceptionHandler","$\xc2\xb5\xc3\xa9\xc2\xa9\xc2\x95\xc2\xab^Request","$parse","$controller","$rootScope","$sce","$animate","$$sanitizeUri",' … b'["yyyy","MM","dd"]),"yyyy-MM-dd"),"datetime-local":createDateInputType("datetimelocal",DATETIMELOCAL_REGEXP,createDateParser(DATETIMELOCAL_REGEXP,["yyyy","MM","dd","HH","mm","ss","sss"]),"yyyy-MM-ddTHH:mm:ss.sss"),time:createDateInputType("time",TIME_REGEXP,createDateParser(TIME_REGEXP,["HH","mm","ss","sss"]),"HH:mm:ss.sss"),week:createDateInputType("week",WEEK_REGEXP,weekParser,"yyyy-Www"),month:createDateInputType("month",MONTH_REGEXP,createDateParser(MONTH_REGEXP,["yyyy","MM"]),"yyyy-MM"),number:numberIn' … b'["yyyy","MM","dd","HH","mm","ss","sss"]),"yyyy-MM-ddTHH:mm:ss.sss"),time:createDateInputType("time",TIME_REGEXP,createDateParser(TIME_REGEXP,["HH","mm","ss","sss"]),"HH:mm:ss.sss"),week:createDateInputType("week",WEEK_REGEXP,weekParser,"yyyy-Www"),month:createDateInputType("month",MONTH_REGEXP,createDateParser(MONTH_REGEXP,["yyyy","MM"]),"yyyy-MM"),number:numberInputType,url:urlInputType,email:emailInputType,radio:radioInputType,r\x17\xc2\x9c\xc2\x91\xc2\xba1:r\x17\xc2\x9c\xc2\x91\xc2\xba1InputType,hidden:noop,button:noop,submit:noop,reset:noop,fil' … b'["HH","mm","ss","sss"]),"HH:mm:ss.sss"),week:createDateInputType("week",WEEK_REGEXP,weekParser,"yyyy-Www"),month:createDateInputType("month",MONTH_REGEXP,createDateParser(MONTH_REGEXP,["yyyy","MM"]),"yyyy-MM"),number:numberInputType,url:urlInputType,email:emailInputType,radio:radioInputType,r\x17\xc2\x9c\xc2\x91\xc2\xba1:r\x17\xc2\x9c\xc2\x91\xc2\xba1InputType,hidden:noop,button:noop,submit:noop,reset:noop,file:noop},inputDirective=["$browser","$sniffer","$filter","$parse",~\xc3\xa9\xc3\x9c\xc2\xb6*\'($browser,$sniffer,$filter,$parse){return{restrict:"E",require:["?n' … b'["$scope","$exceptionHandler","$attrs","$element","$parse","$animate","$timeout","$rootScope","$q","$interpolate",~\xc3\xa9\xc3\x9c\xc2\xb6*\'($scope,$exceptionHandler,$attr,$element,$parse,$animate,$timeout,$rootScope,$q,$interpolate){this.$viewValue=Number.NaN,this.$modelValue=Number.NaN,this.$$rawModelValue=undefined,this.$validators={},this.$asyncValidators={},this.$parsers=[],this.$formatters=[],this.$viewChangeListeners=[],this.$untouched=!0,this.$touched=!1,this.$pristine=!0,this.$dirty=!1,this.$valid=!0,this.$invalid=' … b'["BC","AD"],FIRSTDAYOFWEEK:6,MONTH:["January","\x15\xc3\xa6\xc3\xab\xc2\xb9\xc2\xaa\xc3\xb2","March","April","May","June","July","August","September","October","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xb7\xc2\xab",' … b'["January","\x15\xc3\xa6\xc3\xab\xc2\xb9\xc2\xaa\xc3\xb2","March","April","May","June","July","August","September","October","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xb7\xc2\xab",' … b'["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],SHORTMONTH:["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],STANDALONEMONTH:["January","\x15\xc3\xa6\xc3\xab\xc2\xb9\xc2\xaa\xc3\xb2","March","April","May","June","July","August","September","October","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xb7\xc2\xab",' … b'["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],STANDALONEMONTH:["January","\x15\xc3\xa6\xc3\xab\xc2\xb9\xc2\xaa\xc3\xb2","March","April","May","June","July","August","September","October","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xb7\xc2\xab",' … b'["January","\x15\xc3\xa6\xc3\xab\xc2\xb9\xc2\xaa\xc3\xb2","March","April","May","June","July","August","September","October","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xb7\xc2\xab",' … b'["next","prev","to","destroy","refresh","replace","add","remove"],~\xc3\xa9\xc3\x9c\xc2\xb6*\'(b,c){f.\xc2\xad\xc3\xa8"\xc2\xb2\xc3\x97\xc2\xab({type:e.Type.Event,name:c}),f.$element.on(c+".owl.q\xc2\xaa\xc3\xa8\xc2\xba\xc3\x87\xc2\xa5.core",' … b'["ui.router","ngResource","angularUtils.directives.dirPagination","ngMessages","show-errors","ng.confirmField","oitozero.ngSweetAlert","ui.router.metatags","angular-loading-bar","googlechart","720kb.socialshare","ui.bootstrap.pagination","ui.date","app.utils","ui.mask","toastr","ui.utils.masks","angular-http-transform-date","ui.calendar","oc.modal","front-alego","idf.br-filters","ui.tinymce","ngCookies","highcharts-ng","\xc2\xaf3(v\xc3\xa9^","ui.bootstrap.tpls","ui.bootstrap.modal","ui.router.modal","autoCompleteModule' … b'["year","quarter","month","week","day","hour","minute","second","millisecond"];offset("Z",":"),offset("ZZ",""),addRegexToken("Z",matchShortOffset),addRegexToken("ZZ",matchShortOffset),addParseToken(["Z",' … b'["gggg","ggggg","GGGG","GGGGG"],~\xc3\xa9\xc3\x9c\xc2\xb6*\'(input,week,config,token){week[token.substr(0,2)]=toInt(input)}),addWeekParseToken(["gg","GG"],~\xc3\xa9\xc3\x9c\xc2\xb6*\'(input,week,config,token){week[token]=hooks.parseTwoDigitYear(input)}),addFormatToken("Q",0,"Qo","quarter"),addUnitAlias("quarter","Q"),addUnitPriority("quarter",7),addRegexToken("Q",match1),addParseToken("Q",~\xc3\xa9\xc3\x9c\xc2\xb6*\'(input,array){array[MONTH]=3*(toInt(input)-1)}),addFormatToken("D",["DD",2],"Do","date"),addUnitAlias("date","D"),addUnitPriority("date",9),addRegexT' … b'["D","S","T","Q","Q","S","S","D"],u\xc2\xac\xc2\x8djg\xc2\xacShort:["Dom","Seg","Ter","Qua","Qui","Sex","S\xc3\xa1b","Dom"],u\xc2\xac\xc2\x8djg\xc2\xac:["Domingo","Segunda","Ter\xc3\xa7a","Quarta","Quinta","Sexta","S\xc3\xa1bado"],monthNamesShort:["Jan","Fev","Mar","Abr","Mai","Jun","Jul","Ago","Set","Out","Nov","Dez"],monthNames:["Janeiro","Fevereiro","Mar\xc3\xa7o","Abril","Maio","Junho","Julho","Agosto","I\xc3\xab^\xc2\x99\xc2\xba\xc3\xa8","Outubro","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xba\xc3\xa8",' … b'["Dom","Seg","Ter","Qua","Qui","Sex","S\xc3\xa1b","Dom"],u\xc2\xac\xc2\x8djg\xc2\xac:["Domingo","Segunda","Ter\xc3\xa7a","Quarta","Quinta","Sexta","S\xc3\xa1bado"],monthNamesShort:["Jan","Fev","Mar","Abr","Mai","Jun","Jul","Ago","Set","Out","Nov","Dez"],monthNames:["Janeiro","Fevereiro","Mar\xc3\xa7o","Abril","Maio","Junho","Julho","Agosto","I\xc3\xab^\xc2\x99\xc2\xba\xc3\xa8","Outubro","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xba\xc3\xa8",' … b'["Domingo","Segunda","Ter\xc3\xa7a","Quarta","Quinta","Sexta","S\xc3\xa1bado"],monthNamesShort:["Jan","Fev","Mar","Abr","Mai","Jun","Jul","Ago","Set","Out","Nov","Dez"],monthNames:["Janeiro","Fevereiro","Mar\xc3\xa7o","Abril","Maio","Junho","Julho","Agosto","I\xc3\xab^\xc2\x99\xc2\xba\xc3\xa8","Outubro","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xba\xc3\xa8",' … b'["Jan","Fev","Mar","Abr","Mai","Jun","Jul","Ago","Set","Out","Nov","Dez"],monthNames:["Janeiro","Fevereiro","Mar\xc3\xa7o","Abril","Maio","Junho","Julho","Agosto","I\xc3\xab^\xc2\x99\xc2\xba\xc3\xa8","Outubro","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xba\xc3\xa8",' … b'["Janeiro","Fevereiro","Mar\xc3\xa7o","Abril","Maio","Junho","Julho","Agosto","I\xc3\xab^\xc2\x99\xc2\xba\xc3\xa8","Outubro","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xba\xc3\xa8",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!