Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
  • Guest, before posting your code please take these rules into consideration:
    • It is required to use our BBCode feature to display your code. While within the editor click < / > or >_ and place your code within the BB Code prompt. This helps others with finding a solution by making it easier to read and easier to copy.
    • You can also use markdown to share your code. When using markdown your code will be automatically converted to BBCode. For help with markdown check out the markdown guide.
    • Don't share a wall of code. All we want is the problem area, the code related to your issue.


    To learn more about how to use our BBCode feature, please click here.

    Thank you, Code Forum.

JavaScript file js with suspected malicious code

J

jhbf

New Coder
Good morning,

In a Laravel project, I received a .js file with code that I found very strange. It could even be that there is nothing because I don't know anything about js.

But as code may be hidden in the suspicious file, I ask experts if they find anything suspicious.


I saved the file in txt format in case there was a virus in the js file


Thanks
Jorge
 

Attachments

  • highlight.js.TXT
    2.8 MB · Views: 1
Sort by date Sort by votes
some code like this:

\"./node_modules/highlight.js/lib/languages/zephir.js\"));\n\nmodule.exports = hljs;//# sourceURL=[module]\n//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIndlYnBhY2s6Ly8vLi9ub2RlX21vZHVsZXMvaGlnaGxpZ2h0LmpzL2xpYi9pbmRleC5qcz8xNDg3Il0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLFdBQVcsbUJBQU8sQ0FBQyxpRUFBYTs7QUFFaEMsNEJBQTRCLG1CQUFPLENBQUMsdUVBQWdCO0FBQ3BELDhCQUE4QixtQkFBTy:laugh:QUFDLDJFQUFrQjtBQUN4RCxtQ0FBbUMsbUJBQU8sQ0FBQyxxRkFBdUI7QUFDbEUsc0NBQXNDLG1CQUFPLENBQUMsMkZBQTBCO0FBQ3hFLDZCQUE2QixtQkFBTy:laugh:QUFDLHlFQUFpQjtBQUN0RCxxQ0FBcUMsbUJBQU8sQ0FBQyx5RkFBeUI7QUFDdEUsZ0NBQWdDLG1CQUFPLENBQUMsK0VBQW9CO0FBQzVELHFDQUFxQyxtQkFBTy:laugh:QUFDLHlGQUF5QjtBQUN0RSxnQ0FBZ0MsbUJBQU8sQ0FBQywrRUFBb0I7QUFDNUQsNkJBQTZCLG1CQUFPLENBQUMseUVBQWlCO0FBQ3RELGlDQUFpQyxtQkFBTy:laugh:QUFDLGlGQUFxQjtBQUM5RCxnQ0FBZ0MsbUJBQU8sQ0FBQywrRUFBb0I7QUFDNUQsNkJBQTZCLG1CQUFPLENBQUMseUVBQWlCO0FBQ3RELGtDQUFrQyxtQkFBTy:laugh:QUFDLG1GQUFzQjtBQUNoRSxpQ0FBaUMsbUJBQU8sQ0FBQyxpRkFBcUI7QUFDOUQsb0NBQW9DLG1CQUFPLENBQUMsdUZBQXdCO0FBQ3BFLGdDQUFnQyxtQkFBTy:laugh:QUFDLCtFQUFvQjtBQUM1RCxnQ0FBZ0MsbUJBQU8sQ0FBQywrRUFBb0I7QUFDNUQsNkJBQTZCLG1CQUFPLENBQUMseUVBQWlCO0FBQ3RELGdDQUFnQyxtQkFBTy:laugh:QUFDLCtFQUFvQjtBQUM1RCw4QkFBOEIsbUJBQU8sQ0FBQywyRUFBa0I7QUFDeEQsK0JBQStCLG1CQUFPLENBQUMsNkVBQW1CO0FBQzFELDZCQUE2QixtQkFBTy:laugh:QUFDLHlFQUFpQjtBQUN0RCxtQ0FBbUMsbUJBQU8sQ0FBQyxxRkFBdUI7QUFDbEUsNkJBQTZCLG1CQUFPLENBQUMseUVBQWlCO0FBQ3RELG1DQUFtQyxtQkFBTy:laugh:QUFDLHFGQUF1QjtBQUNsRSxnQ0FBZ0MsbUJBQU8sQ0FBQywrRUFBb0I7QUFDNUQsK0JBQStCLG1CQUFPLENBQUMsNkVBQW1CO0FBQzFELGlDQUFpQyxtQkFBTy:laugh:QUFDLGlGQUFxQjtBQUM5RCxzQ0FBc0MsbUJBQU8sQ0FBQywyRkFBMEI7QUFDeEUsK0JBQStCLG1CQUFPLENBQUMsNkVBQW1CO0FBQzFELHNDQUFzQyxtQkFBTy:laugh:QUFDLDJGQUEwQjtBQUN4RSw2QkFBNkIsbUJBQU8sQ0FBQyx5RUFBaUI7QUFDdEQsNkJBQTZCLG1CQUFPLENBQUMseUVBQWlCO0FBQ3RELCtCQUErQixtQkFBTy:laugh:QUFDLDZFQUFtQjtBQUMxRCxpQ0FBaUMsbUJBQU8sQ0FBQyxpRkFBcUI7QUFDOUQsNEJBQTRCLG1CQUFPLENBQUMsdUVBQWdCO0FBQ3BELDZCQUE2QixtQkFBTy:laugh:QUFDLHlFQUFpQjtBQUN0RCw2QkFBNkIsbUJBQU8sQ0FBQyx5RUFBaUI7QUFDdEQsMkJBQTJCLG1CQUFPLENBQUMscUVBQWU7QUFDbEQsa0NBQWtDLG1CQUFPLENBQUMsbUZBQXNCO0FBQ2hFLDhCQUE4QixtQkFBTy:laugh:QUFDLDJFQUFrQjtBQUN4RCxnQ0FBZ0MsbUJBQU8sQ0FBQywrRUFBb0I7QUFDNUQsOEJBQThCLG1CQUFPLENBQUMsMkVBQWtCO0FBQ3hELGdDQUFnQyxtQkFBTy:laugh:QUFDLCtFQUFvQjtBQUM1RCw2QkFBNkIsbUJBQU8sQ0FBQyx5RUFBaUI7QUFDdEQsb0NBQW9DLG1CQUFPLENBQUMsdUZBQXdCO0FBQ3BFLDZCQUE2QixtQkFBTy:laugh:QUFDLHlFQUFpQjtBQUN0RCxrQ0FBa0MsbUJBQU8sQ0FBQyxtRkFBc0I7QUFDaEUsNkJBQTZCLG1CQUFPLENBQUMseUVBQWlCO0FBQ3RELDhCQUE4QixtQkFBTy:laugh:QUFDLDJFQUFrQjtBQUN4RCw4QkFBOEIsbUJBQU8sQ0FBQywyRUFBa0I7QUFDeEQsZ0NBQWdDLG1CQUFPLENBQUMsK0VBQW9CO0FBQzVELDZCQUE2QixtQkFBTy:laugh:QUFDLHlFQUFpQjtBQUN0RCw4QkFBOEIsbUJBQU8sQ0FBQywyRUFBa0I7QUFDeEQsNkJBQTZCLG1CQUFPLENBQUMseUVBQWlCO0FBQ3RELHFDQUFxQyxtQkFBTy:laugh:QUFDLHlGQUF5QjtBQUN0RSxnQ0FBZ0MsbUJBQU8sQ0FBQywrRUFBb0I7QUFDNUQsK0JBQStCLG1CQUFPLENBQUMsNkVBQW1CO0FBQzFELDZCQUE2QixtQkFBTy:laugh:QUFDLHlFQUFpQjtBQUN0RCw4QkFBOEIsbUJB



copy and paste some code:
more

eval("module.exports = function(hljs){\n\n // общий паттерн для определения идентификаторов\n var UNDERSCORE_IDENT_RE = '[A-Za-zА-Яа-яёЁ_][A-Za-zА-Яа-яёЁ_0-9]+';\n \n // v7 уникальные ключевые слова, отсутствующие в v8 ==> keyword\n var v7_keywords =\n 'далее ';\n\n // v8 ключевые слова ==> keyword\n var v8_keywords =\n 'возврат вызватьисключение выполнить для если и из или иначе иначеесли исключение каждого конецесли ' +\n 'конецпопытки конеццикла не новый перейти перем по пока попытка прервать продолжить тогда цикл экспорт ';\n\n // keyword : ключевые слова\n var KEYWORD = v7_keywords + v8_keywords;\n \n // v7 уникальные директивы, отсутствующие в v8 ==> meta-keyword\n var v7_meta_keywords =\n 'загрузитьизфайла ';\n\n // v8 ключевые слова в инструкциях препроцессора, директивах компиляции, аннотациях ==> meta-keyword\n var v8_meta_keywords =\n 'вебклиент вместо внешнеесоединение клиент конецобласти мобильноеприложениеклиент мобильноеприложениесервер ' +\n 'наклиенте наклиентенасервере наклиентенасерверебезконтекста насервере насерверебезконтекста область перед ' +\n 'после сервер толстыйклиентобычноеприложение толстыйклиентуправляемоеприложение тонкийклиент ';\n\n // meta-keyword : ключевые слова в инструкциях препроцессора, директивах компиляции, аннотациях\n var METAKEYWORD = v7_meta_keywords + v8_meta_keywords;\n\n // v7 системные константы ==> built_in\n var v7_system_constants =\n 'разделительстраниц разделительстрок символтабуляции ';\n \n // v7 уникальные методы глобального контекста, отсутствующие в v8 ==> built_in\n var v7_global_context_methods =\n 'ansitooem oemtoansi ввестивидсубконто ввестиперечисление ввестипериод ввестиплансчетов выбранныйплансчетов ' +\n 'датагод датамесяц датачисло заголовоксистемы значениевстроку значениеизстроки каталогиб каталогпользователя ' +\n 'кодсимв конгода конецпериодаби
 
Upvote 0 Downvote
Nothing suspicious about that. The first part is just some base64-encoded data which is a very common thing to see. The second part, when you put it through Google translate, appears to be a set of program error messages translated to Russian. I wouldn't worry about it at all.

Then again, by all means run it through a virus scanner just for peace of mind.
 
Upvote 0 Downvote

New Threads

Latest posts

Share this page

Buy us a coffee!

Code Academy Advertisement
DataCamp Advertisement

About Us

Code Forum is a community platform where coding enthusiasts can connect with other developers, engage in discussions, ask for help, and share their knowledge with a supportive community. It's a perfect place to improve your coding skills and to find a community of like-minded individuals who share your passion for coding.

Site links

Stay Connected

Back
Top Bottom