Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: malware.atob_fcc

Description: Malicious scripts that use two layers of obfuscation: Base64 (decodeded via the atob JavaScript function) and arrays of character codes (decoded via the fromCharCode function). These might be not he only levels of obfuscation.

Example of the two layers of obfuscation

First layer: atob

var ​WMLPZBKSRZ = atob​('​dmFyIEFDUFFZWVhBVE4gPSBTdHJpbmcuZnJvbUNoYXJDb2RlKDExIC0gMSwgMTIxIC0gM...skipped...IDQpO2V2YWwoQUNQUVlZWEFUTik7');
  eval​(WMLPZBKSRZ);
Second layer: fromCharCode
var ACPQYYXATN = String.​fromCharCode(1​1 - 1, 121 - 3, 106 - 9, 121 - 7, 39 - 7, 113 - 6,...skipped..., 16 - 6, 14 - 4);​ev​al​(​ACPQYYXATN);



Affecting: Any web site (no specific target).

For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb