generic_javascript_obfuscation in www.oscarvmago.com

On 2020-09-09T15:47:59.782668+00:00 we found pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://www.oscarvmago.com/wp-content/t… referenced from http://oscarvmago.com/ .

Code sample:

b'var e=[];if(null!=t)for(var n in Object(t))e.push(n);return e}},~\xe9\xdc\xb6*\'(t,e,n){var r=n(502),i=n(45),o=n(210),a=r&&1/o(new r([,-0]))[1]==1/0?~\xe9\xdc\xb6*\'(t){return new r(t)}:i;t.exports=a},,,~\xe9\xdc\xb6*\'(t,e,n){"use strict";var r={};n.r(r),n.d(r,"getDefaultUnit",(~\xe9\xdc\xb6*\'(){return h})),n.d(r,"\x81\xebT\x9e+l",(~\xe9\xdc\xb6*\'(){return v})),n.d(r,"getStartValue",(~\xe9\xdc\xb6*\'(){return w})),n.d(r,"setStartValue",(~\xe9\xdc\xb6*\'(){return y})),n.d(r,"getMiddleValue",(~\xe9\xdc\xb6*\'(){return x})),n.d(r,"setMiddleValue",(~\xe9\xdc\xb6*\'(){return C})),n.d(r,"getEndValue",(~\xe9\xdc\xb6*' … b'\\xf6' … b'\\xf8' … b'\\xff' … b'\\xb0' … b'\\xe0' … b'\\xe1' … b'\\xe2' … b'\\xe4' … b'\\xe5' … b'\\xe7' … b'\\xf0' … b'\\xe8' … b'\\xe9' … b'\\xea' … b'\\xeb' … b'\\xee' … b'\\xef' … b'\\xf1' … b'\\xf2' … b'\\xf4' … b'\\xf5' … b'\\xf6' … b'\\xf8' … b'\\xf9' … b'\\xfa' … b'\\xfb' … b'\\xff' … b'\\xe6' … b'\\xfe' … b'\\x00' … b'\\x2f' … b'\\x40' … b'\\x5b' … b'\\x60' … b'\\x7b' … b'\\x7f' … b'\\xb1' … b'\\xf7' … b'\\x00' … b'\\x2f' … b'\\x40' … b'\\x5b' … b'\\x60' … b'\\x7b' … b'\\xbf' … b'\\x0b' … b'\\xa0' … b'\\xf6' … b'\\xf8' … b'\\xff' … b'\\xf6' … b'\\xf8' … b'\\xff'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!