generic_javascript_obfuscation in 63.docs.google.com

On 2020-10-06T18:57:32.474316+00:00 we found pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://63.docs.google.com/comments/d/A… referenced from https://sites.google.com/site/moversint… .

Code sample:

b'var g=[],k=0;k<arguments.length;++k)g[k]=arguments[k];k=this||u;var l=oq.get(k);l||(l={},oq.set(k,l));return ac(l,[this].concat(g instanceof Array?g:zb(yb(g))),b,c)}}~\xe9\xdc\xb6*\' qq(a,b){a=[a];for(var c=b.length-1;0<=c;--c)a.push(typeof b[c],b[c]);return a.join("\\x0B' … b'\\xa0' … b'\\xa0' … b'\\xa0' … b'\\x00' … b'\\x00' … b'\\x00' … b'\\x00' … b'\\x0B' … b'\\x0B' … b'\\x0B' … b'\\x00' … b'\\x1f' … b'\\x7f' … b'\\x00' … b'\\x1f' … b'\\x7f' … b'\\xff' … b'\\x0B'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).