generic_javascript_obfuscation5 in sagrada-familia.edu.ar

On 2020-09-15T02:20:23.804325+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://sagrada-familia.edu.ar/wp-inclu… referenced from http://www.sagrada-familia.edu.ar/ .

Code sample:

b'["volume","src","currentTime","muted","v\xc3\xaa\xc3\x9a\xc2\xb6*\'","paused","ended","n\xc3\xa7\xc3\x9fz\xc2\xb7\xc2\x9d","error","\xc2\x9d\xc3\xabp\xc2\xa2\xc2\xb9\x12\xc2\xb5\xc2\xab^","readyState","seeking","\xc2\xb1\xc3\xa7\xc2\xa4i\xc2\xb9^","currentSrc","preload","n\xc3\xa7\xc3\x9fz\xc2\xb7\xc2\x9dBytes","n\xc3\xa7\xc3\x9fz\xc2\xb7\xc2\x9dTime","initialTime","startOffsetTime","defaultPlaybackRate","\xc2\xa6V\xc2\xb2m\xc2\xa7$E\xc2\xab^","played","j\xc3\xabh\xc2\xa6V\xc2\xb2","loop","r\xc2\x89\xc3\xad\xc2\xae\xc2\x89l"],readOnlyProperties:["v\xc3\xaa\xc3\x9a\xc2\xb6*\'","paused","ended","n\xc3\xa7\xc3\x9fz\xc2\xb7\xc2\x9d","error","\xc2\x9d\xc3\xabp\xc2\xa2\xc2\xb9\x12\xc2\xb5\xc2\xab^","readyState","seeking","\xc2\xb1\xc3\xa7\xc2\xa4i\xc2\xb9^"],methods:["load","play","pause","canPlayType"],events:["loadstart","v\xc3\xaa\xc3\x9a\xc2\xb6*' … b'["v\xc3\xaa\xc3\x9a\xc2\xb6*\'","paused","ended","n\xc3\xa7\xc3\x9fz\xc2\xb7\xc2\x9d","error","\xc2\x9d\xc3\xabp\xc2\xa2\xc2\xb9\x12\xc2\xb5\xc2\xab^","readyState","seeking","\xc2\xb1\xc3\xa7\xc2\xa4i\xc2\xb9^"],methods:["load","play","pause","canPlayType"],events:["loadstart","v\xc3\xaa\xc3\x9a\xc2\xb6*\'change","loadedmetadata","loadeddata",' … b'["audio/mp3","audio/ogg","audio/oga","audio/wav","audio/x-wav","audio/wave","audio/x-pn-wav","audio/mpeg","audio/mp4","video/mp4","video/webm","video/ogg",' … b'[\'type="application/x-shockwave-flash"\',\'data="\'+o.options.pluginPath+o.options.filename+\'"\',\'id="__\'+o.id+\'"\',\'width="\'+k+\'"\',\'height="\'+C+"\'""]:[\'rV\xc2\xac\xc2\xb2\'"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"\',\'r\xc2\x87^m\xc2\xab\x1e"//download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"\',\'id="__\'+o.id+\'"\',\'width="\'+k+\'"\',' … b'[\'id="__\'+o.id+\'"\',\'name="__\'+o.id+\'"\',\'play="true"\',\'loop="false"\',\'\xc2\xaa\xc3\xa6\xc2\xa5\xc2\x8a\xc3\x9c"high"\',\'n\x07(\xc2\x96\xc2\x8a"#000000"\',\'wmode="transparent"\',\'allowScriptAccess="\'+o.options.shimScriptAccess+\'"\',\'jYh\xc3\x80[\xc2\xa5\xc2\x95\'+y\xc3\xa9"true"\',\'type="application/x-shockwave-flash"\',\'\xc2\xa6[\xc2\xa0\xc2\x8a{)j\x07"//www.macromedia.com/go/getflashplayer"\',\'src="\'+o.options.pluginPath+o.options.filename+\'"\',' … b'["mp4","m4v","ogg","ogv","webm","flv","mpeg","mov"].indexOf(i)?r="video/"+i:~["mp3","oga","wav","mid",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).