generic_javascript_obfuscation5 in www.bitseven.com

On 2020-08-01T22:52:22.314258+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://www.bitseven.com/bundles/jsLibs… referenced from http://bitseven.com/ .

Code sample:

b'["\xc2\xb5\xc2\xa6\xc3\x88\xc2\x9d\xc3\x97\xc2\xb1","\xc2\xad\xc3\xa6\xc2\x9d:yr","maxLength","cellSpacing","cellPadding","rowSpan","colSpan","useMap","frameBorder",' … b'[""]={closeText:"Done",\xc2\xa6\xc2\xb7\xc2\xafM\xc3\xacm:"Prev",\xc2\x9d\xc3\xacmM\xc3\xacm:"Next",currentText:"Today",monthNames:["January","\x15\xc3\xa6\xc3\xab\xc2\xb9\xc2\xaa\xc3\xb2","March","April","May","June","July","August","September","October","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xb7\xc2\xab",' … b'["January","\x15\xc3\xa6\xc3\xab\xc2\xb9\xc2\xaa\xc3\xb2","March","April","May","June","July","August","September","October","6\xc2\x8b\xc3\x9e\xc2\x99\xc2\xb7\xc2\xab",' … b'["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],u\xc2\xac\xc2\x8djg\xc2\xac:["Sunday","Monday","Tuesday","Wednesday","N\x1b\xc2\xab\xc2\xb1\xc3\x96\xc2\xb2","Friday","I\xc2\xabn\xc2\xad\xc3\x96\xc2\xb2"],u\xc2\xac\xc2\x8djg\xc2\xacShort:["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],u\xc2\xac\xc2\x8djg\xc2\xacMin:["Su","Mo","Tu","We","Th","Fr","Sa"],weekHeader:"Wk",dateFormat:"yy-mm-dd",~*\xc3\xac\xc2\xb46\xc2\xb2:0,isRTL:!1,showMonthAfterYear:!1,yearSuffix:""};this._u\xc3\xa7\xc3\x9a\xc2\xba[l={showOn:"focus",\xc2\xb2\x1a0\x02x\xc2\xa6:"fadeIn",showOptions:{},defaultDate:null,appendText:"",buttonText:"...",buttonImage:"",buttonImageOnly:!1' … b'["Sunday","Monday","Tuesday","Wednesday","N\x1b\xc2\xab\xc2\xb1\xc3\x96\xc2\xb2","Friday","I\xc2\xabn\xc2\xad\xc3\x96\xc2\xb2"],u\xc2\xac\xc2\x8djg\xc2\xacShort:["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],u\xc2\xac\xc2\x8djg\xc2\xacMin:["Su","Mo","Tu","We","Th","Fr","Sa"],weekHeader:"Wk",dateFormat:"yy-mm-dd",~*\xc3\xac\xc2\xb46\xc2\xb2:0,isRTL:!1,showMonthAfterYear:!1,yearSuffix:""};this._u\xc3\xa7\xc3\x9a\xc2\xba[l={showOn:"focus",\xc2\xb2\x1a0\x02x\xc2\xa6:"fadeIn",showOptions:{},defaultDate:null,appendText:"",buttonText:"...",buttonImage:"",buttonImageOnly:!1,\xc2\x86\'^!\xc3\xb3h>\xc2\xb7\xc2\xaf5\xc3\xacm:!1,navigationAsDateFormat:!1,gotoCurrent:!1,changeMonth:!1,change' … b'["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],u\xc2\xac\xc2\x8djg\xc2\xacMin:["Su","Mo","Tu","We","Th","Fr","Sa"],weekHeader:"Wk",dateFormat:"yy-mm-dd",~*\xc3\xac\xc2\xb46\xc2\xb2:0,isRTL:!1,showMonthAfterYear:!1,yearSuffix:""};this._u\xc3\xa7\xc3\x9a\xc2\xba[l={showOn:"focus",\xc2\xb2\x1a0\x02x\xc2\xa6:"fadeIn",showOptions:{},defaultDate:null,appendText:"",buttonText:"...",buttonImage:"",buttonImageOnly:!1,\xc2\x86\'^!\xc3\xb3h>\xc2\xb7\xc2\xaf5\xc3\xacm:!1,navigationAsDateFormat:!1,gotoCurrent:!1,changeMonth:!1,changeYear:!1,yearRange:"c-10:c+10",showOtherMonths:!1,selectOtherMonths:!1,\xc2\xb2\x1a0Y\xc3\xa7\xc2\xa4:!1,calculate' … b'["\xc2\xa6\xc2\x8b"\xc2\xb6*\'","top","bottom","left","right","height","width"],p=n.effects.setMode(f,r.mode||"hide"),w=r.direction||"up",o=t.test(w),l=o?"height":"width",a=o?"top":"left",b=i.test(w),v={},y=p==="show",e,s,h;f.parent().is(".ui-effects-wrapper")?n.effects.save(f.parent(),c):n.effects.save(f,c);f.show();e=n.effects.createWrapper(f).css({\xc2\xa2\xc3\xb7\xc2\xab~Z0:"hidden"});s=e[l]();h=parseFloat(e.css(a))||0;v[l]=y?s:0;b||(f.css(o?"bottom":"right",0).css(o?"top":"left","auto").css({\xc2\xa6\xc2\x8b"\xc2\xb6*\':"i\xc2\xbb(\xc2\x96\xc3\xab^"}),v[a]=y?h:s+h);y&&(e.css' … b'["\xc2\xa6\xc2\x8b"\xc2\xb6*\'","top","bottom","left","right","opacity","height","width"],c=n.effects.setMode(r,t.mode||"hide"),e=c==="show",u=t.direction||"left",o=u==="up"||u==="down"?"top":"left",s=u==="up"||u==="left"?"pos":"neg",l={opacity:e?1:0},f;n.effects.save(r,h);r.show();n.effects.createWrapper(r);f=t.distance||r[o==="top"?"outerHeight":"outerWidth"](!0)/2;e&&r.css("opacity",0).css(o,s==="pos"?-f:f);l[o]=(e?s==="pos"?"+=":"-=":s==="pos"?"-=":"+=")+f;r.animate(l,{queue:!1,v\xc3\xaa\xc3\x9a\xc2\xb6*\':t.v\xc3\xaa\xc3\x9a\xc2\xb6*\',' … b'["\xc2\xa6\xc2\x8b"\xc2\xb6*\'","top","bottom","left","right","height","width"],h=n.effects.setMode(r,t.mode||"hide"),e=h==="show",c=h==="hide",f=t.size||15,l=/([0-9]+)%/.exec(f),a=!!t.horizFirst,v=e!==a,y=v?["width","height"]:["height",' … b'["\xc2\xa6\xc2\x8b"\xc2\xb6*\'","top","bottom","left","right","width","height","\xc2\xa2\xc3\xb7\xc2\xab~Z0","opacity"],a=["width","height","\xc2\xa2\xc3\xb7\xc2\xab~Z0"],v=["~\xc2\x89\xc3\xadJ,\xc3\x9e"],e=["borderTopWidth","borderBottomWidth","paddingTop","paddingBottom"],o=["borderLeftWidth","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","paddingLeft","\xc2\xa5\xc2\xa7]\xc2\x8ax\x11\xc2\x8a\x08m"],h=n.effects.setMode(r,t.mode||"effect"),y=t.restore||h!=="effect",c=t.scale||"both",b=t.origin||["middle","center"],k=r.css("\xc2\xa6\xc2\x8b"\xc2\xb6*\'"),s=y?w:["\xc2\xa6\xc2\x8b"\xc2\xb6*\'","top","bottom","left","right","\xc2\xa2\xc3\xb7\xc2\xab~Z0","opacity"],p={height:0,width:0,outerHei' … b'["width","height","\xc2\xa2\xc3\xb7\xc2\xab~Z0"],v=["~\xc2\x89\xc3\xadJ,\xc3\x9e"],e=["borderTopWidth","borderBottomWidth","paddingTop","paddingBottom"],o=["borderLeftWidth","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","paddingLeft","\xc2\xa5\xc2\xa7]\xc2\x8ax\x11\xc2\x8a\x08m"],h=n.effects.setMode(r,t.mode||"effect"),y=t.restore||h!=="effect",c=t.scale||"both",b=t.origin||["middle","center"],k=r.css("\xc2\xa6\xc2\x8b"\xc2\xb6*\'"),s=y?w:["\xc2\xa6\xc2\x8b"\xc2\xb6*\'","top","bottom","left","right","\xc2\xa2\xc3\xb7\xc2\xab~Z0","opacity"],p={height:0,width:0,outerHeight:0,outerWidth:0};h==="show"&&r.show();f={height:r.height(),width:r.width(),outerHe' … b'["~\xc2\x89\xc3\xadJ,\xc3\x9e"],e=["borderTopWidth","borderBottomWidth","paddingTop","paddingBottom"],o=["borderLeftWidth","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","paddingLeft","\xc2\xa5\xc2\xa7]\xc2\x8ax\x11\xc2\x8a\x08m"],h=n.effects.setMode(r,t.mode||"effect"),y=t.restore||h!=="effect",c=t.scale||"both",b=t.origin||["middle","center"],k=r.css("\xc2\xa6\xc2\x8b"\xc2\xb6*\'"),s=y?w:["\xc2\xa6\xc2\x8b"\xc2\xb6*\'","top","bottom","left","right","\xc2\xa2\xc3\xb7\xc2\xab~Z0","opacity"],p={height:0,width:0,outerHeight:0,outerWidth:0};h==="show"&&r.show();f={height:r.height(),width:r.width(),outerHeight:r.outerHeight(),outerWidth:r' … b'["borderTopWidth","borderBottomWidth","paddingTop","paddingBottom"],o=["borderLeftWidth","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","paddingLeft","\xc2\xa5\xc2\xa7]\xc2\x8ax\x11\xc2\x8a\x08m"],h=n.effects.setMode(r,t.mode||"effect"),y=t.restore||h!=="effect",c=t.scale||"both",b=t.origin||["middle","center"],k=r.css("\xc2\xa6\xc2\x8b"\xc2\xb6*\'"),s=y?w:["\xc2\xa6\xc2\x8b"\xc2\xb6*\'","top","bottom","left","right","\xc2\xa2\xc3\xb7\xc2\xab~Z0","opacity"],p={height:0,width:0,outerHeight:0,outerWidth:0};h==="show"&&r.show();f={height:r.height(),width:r.width(),outerHeight:r.outerHeight(),outerWidth:r.outerWidth()};t' … b'["borderLeftWidth","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","paddingLeft","\xc2\xa5\xc2\xa7]\xc2\x8ax\x11\xc2\x8a\x08m"],h=n.effects.setMode(r,t.mode||"effect"),y=t.restore||h!=="effect",c=t.scale||"both",b=t.origin||["middle","center"],k=r.css("\xc2\xa6\xc2\x8b"\xc2\xb6*\'"),s=y?w:["\xc2\xa6\xc2\x8b"\xc2\xb6*\'","top","bottom","left","right","\xc2\xa2\xc3\xb7\xc2\xab~Z0","opacity"],p={height:0,width:0,outerHeight:0,outerWidth:0};h==="show"&&r.show();f={height:r.height(),width:r.width(),outerHeight:r.outerHeight(),outerWidth:r.outerWidth()};t.mode==="toggle"&&h==="show"?(r.from=t.to||p,r.to=t.from||f):(r.from=t' … b'["middle","center"],k=r.css("\xc2\xa6\xc2\x8b"\xc2\xb6*\'"),s=y?w:["\xc2\xa6\xc2\x8b"\xc2\xb6*\'","top","bottom","left","right","\xc2\xa2\xc3\xb7\xc2\xab~Z0","opacity"],p={height:0,width:0,outerHeight:0,outerWidth:0};h==="show"&&r.show();f={height:r.height(),width:r.width(),outerHeight:r.outerHeight(),outerWidth:r.outerWidth()};t.mode==="toggle"&&h==="show"?(r.from=t.to||p,r.to=t.from||f):(r.from=t.from||(h==="show"?p:f),r.to=t.to||(h==="hide"?p:f));u={from:{y:r.from.height/f.height,x:r.from.width/f.width},to:{y:r.to.height/f.height,x:r.to.width/f.width}};(c==="' … b'["\xc2\xa6\xc2\x8b"\xc2\xb6*\'","top","bottom","left","right","\xc2\xa2\xc3\xb7\xc2\xab~Z0","opacity"],p={height:0,width:0,outerHeight:0,outerWidth:0};h==="show"&&r.show();f={height:r.height(),width:r.width(),outerHeight:r.outerHeight(),outerWidth:r.outerWidth()};t.mode==="toggle"&&h==="show"?(r.from=t.to||p,r.to=t.from||f):(r.from=t.from||(h==="show"?p:f),r.to=t.to||(h==="hide"?p:f));u={from:{y:r.from.height/f.height,x:r.from.width/f.width},to:{y:r.to.height/f.height,x:r.to.width/f.width}};(c==="box"||c==="both")&&(u.from.y!==u.to.y&&(s=s.con' … b'["204","236","249","250","289","306","343","365","387","403","416","418","431","437","438","450","506","514","519","548","579","581","587","604","613","639","647","672","705","709","742","778","780","782","807","819","825","867","873","902",' … b'["select","option","keygen","u\xc2\xabZ\xc2\x96+-","\xc2\xb5\xc3\xacmj\xc2\xb7\xc2\x9a"]},scrollButtons:{scrollType:"\xc2\xb2\xc3\x97\xc2\xa9\xc2\x95\xc3\xab,",scrollAmount:"auto"},keyboard:{enable:!0,scrollType:"\xc2\xb2\xc3\x97\xc2\xa9\xc2\x95\xc3\xab,",scrollAmount:"auto"},contentTouchScroll:25,v\xc2\x87.\xc2\x99\xc3\xa9\xc3\xadTouchScroll:!0,advanced:{autoScrollOnFocus:"input,\xc2\xb5\xc3\xacmj\xc2\xb7\xc2\x9a,select,button,u\xc2\xabZ\xc2\x96+-,keygen,a[\xc2\xb5\xc2\xa6\xc3\xa2\xc2\x9d\xc3\x97\xc2\xb1],area,object,[contenteditable=\'true\']",updateOnContentResize:!0,updateOnImageLoad:"auto",autoUpdateTimeout:60},theme:"light",q\xc2\xa9em\xc2\xa7$s:{onTotalScrollOffset:0,onTotalScrollBackOffset:0,alwaysTri' … b'["mCSB_dragger_onDrag","mCSB_scrollTools_onDrag","mCS_img_loaded","mCS_v+\x1anW\xc2\x9d","mCS_destroyed","mCS_no_scrollbar","mCS-autoHide","mCS-dir-rtl","mCS_no_scrollbar_y","mCS_no_scrollbar_x","mCS_y_hidden","mCS_x_hidden","mCSB_draggerContainer","mCSB_buttonUp","mCSB_buttonDown","mCSB_buttonLeft",' … b'["rounded","rounded-dark","rounded-dots","rounded-dots-dark"])>-1?!1:t.autoDraggerLength;t.autoExpandScrollbar=n.inArray(t.theme,["rounded-dots","rounded-dots-dark","3d","3d-dark","3d-thick","3d-thick-dark","inset","inset-dark","inset-2","inset-2-dark","inset-3","inset-3-dark"])>-1?!1:t.autoExpandScrollbar;t.scrollButtons.enable=n.inArray(t.theme,["minimal","minimal-dark"])>-1?!1:t.scrollButtons.enable;t.autoHideScrollbar=n.inArray(t.theme,["minimal","minimal-dark"])>-1?!0:t.autoHideScrollbar;t.scrollbarPos' … b'["rounded-dots","rounded-dots-dark","3d","3d-dark","3d-thick","3d-thick-dark","inset","inset-dark","inset-2","inset-2-dark","inset-3","inset-3-dark"])>-1?!1:t.autoExpandScrollbar;t.scrollButtons.enable=n.inArray(t.theme,["minimal","minimal-dark"])>-1?!1:t.scrollButtons.enable;t.autoHideScrollbar=n.inArray(t.theme,["minimal","minimal-dark"])>-1?!0:t.autoHideScrollbar;t.scrollbarPosition=n.inArray(t.theme,["minimal",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!