Open-source atomic malware analysis

Analyze another

@sqlite-node-createsql-1.0.7-next-stage-script.js

JAVASCRIPT
Verdict: SUSPICIOUS
SHA256: 6c9787cc8feefde605f56b1acda9476639cdcd4fdf25cef3c380021ad65cfd99 · 28%
Mal-ecule
O₂(CAs₆)H₂(Db₂Po)
Size 18.4 KB download
First seen 3 days ago
Analyzed 3 days ago

Objectives

hostile severity, 97% confident.
command-and-control/dropper/execution Obfuscated Node hidden staged loader
suspicious severity, 85% confident.
anti-static/obfuscation/string String array with hex indexing
suspicious severity, 95% confident.
anti-static/obfuscation/tools Advanced array shuffling algorithm
notable severity, 88% confident.
anti-static/obfuscation/code-metrics Multiple base64-like string candidates
notable severity, 95% confident.
anti-static/obfuscation/encoding Array initialization with repetitive arithmetic expressions (obfuscation)
baseline severity, 80% confident.
anti-static/obfuscation Many comma sequence expressions (obfuscation)
component severity, 100% confident.
anti-static/obfuscation/control-flow Detects retry loop wrapping try-catch (while loop)

Micro-behaviors

suspicious severity, 85% confident.
data/encode JavaScript cyclic XOR pattern (e.g. key[i %
suspicious severity, 90% confident.
process/create windowsHide set via expression
baseline severity, 100% confident.
data/control-flow Infinite loop structure (e.g. for(;;) or while(1))
baseline severity, 90% confident.
data/encode/permutation Nested for loops (control-flow building block)
baseline severity, 70% confident.
data/source Dynamic property object creation
baseline severity, 100% confident.
data/source/syntax fromCharCode keyword
baseline severity, 80% confident.
data/text English language detection
baseline severity, 70% confident.
process/exit Node.js process exit event listener registered

Metadata

baseline severity, 90% confident.
encoded-payload Decoded unicode-escape content
baseline severity, 85% confident.
file/text High function density
baseline severity, 100% confident.
lang new Promise() usage marker
component severity, 100% confident.
file Web asset file extension (css/html/js/json)
component severity, 100% confident.
lang/encoded JavaScript file basename

20 of 33 traits shown

Objectives

hostile severity, 97% confident.
command-and-control/dropper/execution Obfuscated Node hidden staged loader
suspicious severity, 85% confident.
anti-static/obfuscation/string String array with hex indexing
suspicious severity, 95% confident.
anti-static/obfuscation/tools Advanced array shuffling algorithm
notable severity, 88% confident.
anti-static/obfuscation/code-metrics Multiple base64-like string candidates
notable severity, 95% confident.
anti-static/obfuscation/encoding Array initialization with repetitive arithmetic expressions (obfuscation)
baseline severity, 80% confident.
anti-static/obfuscation Many comma sequence expressions (obfuscation)
component severity, 100% confident.
anti-static/obfuscation/control-flow Detects retry loop wrapping try-catch (while loop)

Micro-behaviors

suspicious severity, 85% confident.
data/encode JavaScript cyclic XOR pattern (e.g. key[i %
suspicious severity, 90% confident.
process/create windowsHide set via expression
baseline severity, 100% confident.
data/control-flow Infinite loop structure (e.g. for(;;) or while(1))
baseline severity, 90% confident.
data/encode/permutation Nested for loops (control-flow building block)
baseline severity, 70% confident.
data/source Dynamic property object creation
baseline severity, 100% confident.
data/source/syntax fromCharCode keyword
baseline severity, 80% confident.
data/text English language detection
baseline severity, 70% confident.
process/exit Node.js process exit event listener registered

Metadata

baseline severity, 90% confident.
encoded-payload Decoded unicode-escape content
baseline severity, 85% confident.
file/text High function density
baseline severity, 100% confident.
lang new Promise() usage marker
component severity, 100% confident.
file Web asset file extension (css/html/js/json)
component severity, 100% confident.
lang/encoded JavaScript file basename

20 of 33 traits shown

Identity

SHA-256 6c9787cc8feefde605f56b1acda9476639cdcd4fdf25cef3c380021ad65cfd99
Filename @sqlite-node-createsql-1.0.7-next-stage-script.js

Origin

Source harvest

Timeline

First seen 13 Jun 2026 13:58 UTC
First analyzed 13 Jun 2026 14:00 UTC
Last analyzed 13 Jun 2026 14:00 UTC
Last updated 13 Jun 2026 14:01 UTC

Labeling

Label bad
Label source harvest
Traits version 40f6c