Mal-ecule
O₂(ErEu)H(Cm₄)
Found in 4 archives
Well-known
component severity, 96% confident.
malware/backdoor
Regex component marker
Objectives
suspicious severity, 92% confident.
evasion/masquerade
HTTP POST claims form encoding but sends base64 body
notable severity, 85% confident.
exfiltration/oob
webhook.site OOB service
component severity, 95% confident.
anti-analysis/timing
Regex component marker
component severity, 100% confident.
anti-static/obfuscation/code-metrics
Benign context: high comment-to-code ratio (≥35%)
component severity, 98% confident.
supply-chain/trojanized/app
Angular XSRF token header
component severity, 100% confident.
supply-chain/trojanized/library
webhook.site string
Micro-behaviors
notable severity, 80% confident.
communications/http
Regex-searches cookies via document.cookie.match
notable severity, 70% confident.
communications/http/client
Access to HTTP response body (.responseText)
notable severity, 75% confident.
communications/http/request
XMLHttpRequest network client creation
baseline severity, 70% confident.
data/encode
URL-encodes data via encodeURIComponent
baseline severity, 70% confident.
data/source/syntax
decodeURIComponent function
baseline severity, 82% confident.
data/string
JavaScript substring search call
component severity, 100% confident.
fs/write
ADODB.Stream Open method call
Metadata
baseline severity, 80% confident.
file/text
Sequential source identifier names
baseline severity, 100% confident.
lang
new Promise() usage marker
baseline severity, 95% confident.
library
Minified webpack module-factory invocation
baseline severity, 90% confident.
package
Code has source map reference
component severity, 100% confident.
file
Web asset file extension (css/html/js/json)
component severity, 100% confident.
lang/encoded
JavaScript file basename
20 of 41 traits shown
Well-known
component severity, 96% confident.
malware/backdoor
Regex component marker
Objectives
suspicious severity, 92% confident.
evasion/masquerade
HTTP POST claims form encoding but sends base64 body
notable severity, 85% confident.
exfiltration/oob
webhook.site OOB service
component severity, 95% confident.
anti-analysis/timing
Regex component marker
component severity, 100% confident.
anti-static/obfuscation/code-metrics
Benign context: high comment-to-code ratio (≥35%)
component severity, 98% confident.
supply-chain/trojanized/app
Angular XSRF token header
component severity, 100% confident.
supply-chain/trojanized/library
webhook.site string
Micro-behaviors
notable severity, 80% confident.
communications/http
Regex-searches cookies via document.cookie.match
notable severity, 70% confident.
communications/http/client
Access to HTTP response body (.responseText)
notable severity, 75% confident.
communications/http/request
XMLHttpRequest network client creation
baseline severity, 70% confident.
data/encode
URL-encodes data via encodeURIComponent
baseline severity, 70% confident.
data/source/syntax
decodeURIComponent function
baseline severity, 82% confident.
data/string
JavaScript substring search call
component severity, 100% confident.
fs/write
ADODB.Stream Open method call
Metadata
baseline severity, 80% confident.
file/text
Sequential source identifier names
baseline severity, 100% confident.
lang
new Promise() usage marker
baseline severity, 95% confident.
library
Minified webpack module-factory invocation
baseline severity, 90% confident.
package
Code has source map reference
component severity, 100% confident.
file
Web asset file extension (css/html/js/json)
component severity, 100% confident.
lang/encoded
JavaScript file basename
20 of 41 traits shown
Identity
| SHA-256 | 68ca1c801b60f550147c9c8ba54a952c223077c93cd845ef1815ec25f7fa7553 |
|---|---|
| Filename | package/index.js |
Origin
| Source | forager |
|---|---|
| Feed | aikido.dev |
| Ecosystem | javascript |
Timeline
| First seen | 9 Jun 2026 16:34 UTC |
|---|---|
| First analyzed | 9 Jun 2026 16:34 UTC |
| Last analyzed | 9 Jun 2026 16:34 UTC |
| Last updated | 9 Jun 2026 16:34 UTC |
Labeling
| Label | bad |
|---|---|
| Label source | forager |
Not seeing what you expected? Let us know