generic_javascript_obfuscation5 in sagrada-familia.edu.ar

On 2020-09-15T02:20:24.202958+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://sagrada-familia.edu.ar/wp-inclu… referenced from http://www.sagrada-familia.edu.ar/ .

Code sample:

b'["\xc2\xa6\xc2\x8b"\xc2\xb6*\'","top","bottom","left","right","width","height","\xc2\xa2\xc3\xb7\xc2\xab~Z0","opacity"],i=["\xc2\xa6\xc2\x8b"\xc2\xb6*\'","top","bottom","left","right","\xc2\xa2\xc3\xb7\xc2\xab~Z0","opacity"],j=["width","height","\xc2\xa2\xc3\xb7\xc2\xab~Z0"],k=["~\xc2\x89\xc3\xadJ,\xc3\x9e"],l=["borderTopWidth","borderBottomWidth","paddingTop","paddingBottom"],m=["borderLeftWidth","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","paddingLeft","\xc2\xa5\xc2\xa7]\xc2\x8ax\x11\xc2\x8a\x08m"],n=a.effects.setMode(g,b.mode||"effect"),o=b.restore||"effect"!==n,p=b.scale||"both",q=b.origin||["middle","center"],r=g.css("\xc2\xa6\xc2\x8b"\xc2\xb6*\'"),s=o?h:i,t={height:0,width:0,oute' … b'["\xc2\xa6\xc2\x8b"\xc2\xb6*\'","top","bottom","left","right","\xc2\xa2\xc3\xb7\xc2\xab~Z0","opacity"],j=["width","height","\xc2\xa2\xc3\xb7\xc2\xab~Z0"],k=["~\xc2\x89\xc3\xadJ,\xc3\x9e"],l=["borderTopWidth","borderBottomWidth","paddingTop","paddingBottom"],m=["borderLeftWidth","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","paddingLeft","\xc2\xa5\xc2\xa7]\xc2\x8ax\x11\xc2\x8a\x08m"],n=a.effects.setMode(g,b.mode||"effect"),o=b.restore||"effect"!==n,p=b.scale||"both",q=b.origin||["middle","center"],r=g.css("\xc2\xa6\xc2\x8b"\xc2\xb6*\'"),s=o?h:i,t={height:0,width:0,outerHeight:0,outerWidth:0};"show"===n&&g.show(),d={height:g.height(),width:g.width(),out' … b'["width","height","\xc2\xa2\xc3\xb7\xc2\xab~Z0"],k=["~\xc2\x89\xc3\xadJ,\xc3\x9e"],l=["borderTopWidth","borderBottomWidth","paddingTop","paddingBottom"],m=["borderLeftWidth","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","paddingLeft","\xc2\xa5\xc2\xa7]\xc2\x8ax\x11\xc2\x8a\x08m"],n=a.effects.setMode(g,b.mode||"effect"),o=b.restore||"effect"!==n,p=b.scale||"both",q=b.origin||["middle","center"],r=g.css("\xc2\xa6\xc2\x8b"\xc2\xb6*\'"),s=o?h:i,t={height:0,width:0,outerHeight:0,outerWidth:0};"show"===n&&g.show(),d={height:g.height(),width:g.width(),outerHeight:g.outerHeight(),outerWidth:g.outerWidth()},"toggle"===b.mod' … b'["~\xc2\x89\xc3\xadJ,\xc3\x9e"],l=["borderTopWidth","borderBottomWidth","paddingTop","paddingBottom"],m=["borderLeftWidth","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","paddingLeft","\xc2\xa5\xc2\xa7]\xc2\x8ax\x11\xc2\x8a\x08m"],n=a.effects.setMode(g,b.mode||"effect"),o=b.restore||"effect"!==n,p=b.scale||"both",q=b.origin||["middle","center"],r=g.css("\xc2\xa6\xc2\x8b"\xc2\xb6*\'"),s=o?h:i,t={height:0,width:0,outerHeight:0,outerWidth:0};"show"===n&&g.show(),d={height:g.height(),width:g.width(),outerHeight:g.outerHeight(),outerWidth:g.outerWidth()},"toggle"===b.mode&&"show"===n?(g.from=b.to||t,g.t' … b'["borderTopWidth","borderBottomWidth","paddingTop","paddingBottom"],m=["borderLeftWidth","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","paddingLeft","\xc2\xa5\xc2\xa7]\xc2\x8ax\x11\xc2\x8a\x08m"],n=a.effects.setMode(g,b.mode||"effect"),o=b.restore||"effect"!==n,p=b.scale||"both",q=b.origin||["middle","center"],r=g.css("\xc2\xa6\xc2\x8b"\xc2\xb6*\'"),s=o?h:i,t={height:0,width:0,outerHeight:0,outerWidth:0};"show"===n&&g.show(),d={height:g.height(),width:g.width(),outerHeight:g.outerHeight(),outerWidth:g.outerWidth()},"toggle"===b.mode&&"show"===n?(g.from=b.to||t,g.to=b.from||d):(g.'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).