generic_javascript_obfuscation5 in www.youtube.com

On 2020-08-02T01:44:13.176353+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://www.youtube.com/yts/jsbin/deskt… referenced from http://www.youtube.com/ .

Code sample:

b'["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","r\xef\xbf\xbd\xef\xbf\xbdz{l","twoColumnWatchNextResults","j\xef\xbf\xbdh\xef\xbf\xbdV\xef\xbf\xbd","j\xef\xbf\xbdh\xef\xbf\xbdV\xef\xbf\xbd"],rGa=["playerResponse","\xef\xbf\xbd\'^\xef\xbf\xbd7\xef\xbf\xbdj)l"],sGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","r\xef\xbf\xbd\xef\xbf\xbdz{U\xef\xbf\xbd\xd7\xa8\x12wi\xef\xbf\xbd)\xef\xbf\xbd","watch\x12wi\xef\xbf\xbd)\xef\xbf\xbd","videoId"],tGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","playerOverlays","playerOverlayRenderer","endScreen","watchNextEndScreenRenderer"],uGa=["playerResponse","\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1eContext","webResponseContextExtensionData","\xef\xbf\xbd\xef\xbf\xbdhi\xd5\xa2\xef\xbf\xbd\x1a.\xef\xbf\xbd\xef\xbf\xbd%\xef\xbf\xbdg\xef\xbf\xbd"],vGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","r\xef\xbf\xbd\xef\xbf\xbdz{l","twoColumnWatchNextResults","\xef\xbf\xbdV\xef\xbf\xbd\xef\xbf\xbd+-","\xef\xbf\xbdV\xef\xbf\xbd\xef\xbf\xbd+-"],' … b'["playerResponse","\xef\xbf\xbd\'^\xef\xbf\xbd7\xef\xbf\xbdj)l"],sGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","r\xef\xbf\xbd\xef\xbf\xbdz{U\xef\xbf\xbd\xd7\xa8\x12wi\xef\xbf\xbd)\xef\xbf\xbd","watch\x12wi\xef\xbf\xbd)\xef\xbf\xbd","videoId"],tGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","playerOverlays","playerOverlayRenderer","endScreen","watchNextEndScreenRenderer"],uGa=["playerResponse","\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1eContext","webResponseContextExtensionData","\xef\xbf\xbd\xef\xbf\xbdhi\xd5\xa2\xef\xbf\xbd\x1a.\xef\xbf\xbd\xef\xbf\xbd%\xef\xbf\xbdg\xef\xbf\xbd"],vGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","r\xef\xbf\xbd\xef\xbf\xbdz{l","twoColumnWatchNextResults","\xef\xbf\xbdV\xef\xbf\xbd\xef\xbf\xbd+-","\xef\xbf\xbdV\xef\xbf\xbd\xef\xbf\xbd+-"],wGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","webWatchNextResponseExtensionData",\n"\xef\xbf\xbd\xef\xbf\xbdZ\xef\xbf\xbd\xef\xbf\xbdU\xef\xbf\xbd\xd7\xa8\x02\xef\xbf\xbd,"],xGa=["\xef' … b'["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","r\xef\xbf\xbd\xef\xbf\xbdz{U\xef\xbf\xbd\xd7\xa8\x12wi\xef\xbf\xbd)\xef\xbf\xbd","watch\x12wi\xef\xbf\xbd)\xef\xbf\xbd","videoId"],tGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","playerOverlays","playerOverlayRenderer","endScreen","watchNextEndScreenRenderer"],uGa=["playerResponse","\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1eContext","webResponseContextExtensionData","\xef\xbf\xbd\xef\xbf\xbdhi\xd5\xa2\xef\xbf\xbd\x1a.\xef\xbf\xbd\xef\xbf\xbd%\xef\xbf\xbdg\xef\xbf\xbd"],vGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","r\xef\xbf\xbd\xef\xbf\xbdz{l","twoColumnWatchNextResults","\xef\xbf\xbdV\xef\xbf\xbd\xef\xbf\xbd+-","\xef\xbf\xbdV\xef\xbf\xbd\xef\xbf\xbd+-"],wGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","webWatchNextResponseExtensionData",\n"\xef\xbf\xbd\xef\xbf\xbdZ\xef\xbf\xbd\xef\xbf\xbdU\xef\xbf\xbd\xd7\xa8\x02\xef\xbf\xbd,"],xGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1eContext","webRe' … b'["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","playerOverlays","playerOverlayRenderer","endScreen","watchNextEndScreenRenderer"],uGa=["playerResponse","\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1eContext","webResponseContextExtensionData","\xef\xbf\xbd\xef\xbf\xbdhi\xd5\xa2\xef\xbf\xbd\x1a.\xef\xbf\xbd\xef\xbf\xbd%\xef\xbf\xbdg\xef\xbf\xbd"],vGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","r\xef\xbf\xbd\xef\xbf\xbdz{l","twoColumnWatchNextResults","\xef\xbf\xbdV\xef\xbf\xbd\xef\xbf\xbd+-","\xef\xbf\xbdV\xef\xbf\xbd\xef\xbf\xbd+-"],wGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","webWatchNextResponseExtensionData",\n"\xef\xbf\xbd\xef\xbf\xbdZ\xef\xbf\xbd\xef\xbf\xbdU\xef\xbf\xbd\xd7\xa8\x02\xef\xbf\xbd,"],xGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1eContext","webResponseContextExtensionData","\xef\xbf\xbd\xef\xbf\xbdhi\xd5\xa2\xef\xbf\xbd\x1a.\xef\xbf\xbd\xef\xbf\xbd%\xef\xbf\xbdg\xef\xbf\xbd"],yGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd' … b'["playerResponse","\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1eContext","webResponseContextExtensionData","\xef\xbf\xbd\xef\xbf\xbdhi\xd5\xa2\xef\xbf\xbd\x1a.\xef\xbf\xbd\xef\xbf\xbd%\xef\xbf\xbdg\xef\xbf\xbd"],vGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","r\xef\xbf\xbd\xef\xbf\xbdz{l","twoColumnWatchNextResults","\xef\xbf\xbdV\xef\xbf\xbd\xef\xbf\xbd+-","\xef\xbf\xbdV\xef\xbf\xbd\xef\xbf\xbd+-"],wGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","webWatchNextResponseExtensionData",\n"\xef\xbf\xbd\xef\xbf\xbdZ\xef\xbf\xbd\xef\xbf\xbdU\xef\xbf\xbd\xd7\xa8\x02\xef\xbf\xbd,"],xGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1eContext","webResponseContextExtensionData","\xef\xbf\xbd\xef\xbf\xbdhi\xd5\xa2\xef\xbf\xbd\x1a.\xef\xbf\xbd\xef\xbf\xbd%\xef\xbf\xbdg\xef\xbf\xbd"],yGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","r\xef\xbf\xbd\xef\xbf\xbdz{l",' … b'["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","r\xef\xbf\xbd\xef\xbf\xbdz{l","twoColumnWatchNextResults","\xef\xbf\xbdV\xef\xbf\xbd\xef\xbf\xbd+-","\xef\xbf\xbdV\xef\xbf\xbd\xef\xbf\xbd+-"],wGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","webWatchNextResponseExtensionData",\n"\xef\xbf\xbd\xef\xbf\xbdZ\xef\xbf\xbd\xef\xbf\xbdU\xef\xbf\xbd\xd7\xa8\x02\xef\xbf\xbd,"],xGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1eContext","webResponseContextExtensionData","\xef\xbf\xbd\xef\xbf\xbdhi\xd5\xa2\xef\xbf\xbd\x1a.\xef\xbf\xbd\xef\xbf\xbd%\xef\xbf\xbdg\xef\xbf\xbd"],yGa=["\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd{\x1e","r\xef\xbf\xbd\xef\xbf\xbdz{l",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!