Mal-ecule
O₃(As₄C₃S₄)H₃(Cr₂Db₂Po)Md(Pa₅)
Objectives
hostile severity, 97% confident.
anti-static/obfuscation/payload
Hardcoded key sits beside large ciphertext blob
hostile severity, 98% confident.
command-and-control/dropper/staging
Package decrypts and evals an embedded payload
hostile severity, 99% confident.
supply-chain/install-hook
Library decrypts and runs payload on import
suspicious severity, 94% confident.
anti-static/obfuscation
Three-layer decoder chain in one file
suspicious severity, 100% confident.
anti-static/obfuscation/eval
Generic Function constructor usage
suspicious severity, 97% confident.
command-and-control/dropper/delivery
Executes decoded code with require
notable severity, 86% confident.
command-and-control/dropper/execution
Embedded string exceeds 3000 chars
notable severity, 82% confident.
supply-chain/hidden-payload
createDecipheriv cipher creation call
notable severity, 75% confident.
supply-chain/impersonation
Package name with suspicious suffix
notable severity, 88% confident.
supply-chain/metadata-anomaly/manifest
Script invokes a minified .min.js file
Micro-behaviors
notable severity, 72% confident.
crypto/library
Node memory hard KDF
notable severity, 85% confident.
crypto/symmetric/aes
Create decipher with IV (symmetric)
notable severity, 80% confident.
data/encode
Nested hex and base64 decode
notable severity, 90% confident.
data/source/dynamic
Immediate new Function invocation pattern
notable severity, 70% confident.
process/interpreter
JavaScript new Function constructor
Metadata
notable severity, 85% confident.
package
Package has multiple entry points
notable severity, 80% confident.
package/fields
Package explicitly lists published files
baseline severity, 100% confident.
lang/encoded
JavaScript file basename
baseline severity, 100% confident.
library
JavaScript module exports
execution
notable severity, 90% confident.
script
Script 'example' executes node interpreter
20 of 43 traits shown
Objectives
hostile severity, 97% confident.
anti-static/obfuscation/payload
Hardcoded key sits beside large ciphertext blob
hostile severity, 98% confident.
command-and-control/dropper/staging
Package decrypts and evals an embedded payload
hostile severity, 99% confident.
supply-chain/install-hook
Library decrypts and runs payload on import
suspicious severity, 94% confident.
anti-static/obfuscation
Three-layer decoder chain in one file
suspicious severity, 100% confident.
anti-static/obfuscation/eval
Generic Function constructor usage
suspicious severity, 97% confident.
command-and-control/dropper/delivery
Executes decoded code with require
notable severity, 86% confident.
command-and-control/dropper/execution
Embedded string exceeds 3000 chars
notable severity, 82% confident.
supply-chain/hidden-payload
createDecipheriv cipher creation call
notable severity, 75% confident.
supply-chain/impersonation
Package name with suspicious suffix
notable severity, 88% confident.
supply-chain/metadata-anomaly/manifest
Script invokes a minified .min.js file
Micro-behaviors
notable severity, 72% confident.
crypto/library
Node memory hard KDF
notable severity, 85% confident.
crypto/symmetric/aes
Create decipher with IV (symmetric)
notable severity, 80% confident.
data/encode
Nested hex and base64 decode
notable severity, 90% confident.
data/source/dynamic
Immediate new Function invocation pattern
notable severity, 70% confident.
process/interpreter
JavaScript new Function constructor
Metadata
notable severity, 85% confident.
package
Package has multiple entry points
notable severity, 80% confident.
package/fields
Package explicitly lists published files
baseline severity, 100% confident.
lang/encoded
JavaScript file basename
baseline severity, 100% confident.
library
JavaScript module exports
execution
notable severity, 90% confident.
script
Script 'example' executes node interpreter
20 of 43 traits shown
Identity
| SHA-256 | b7ebd4ee16d33e8210f48b3f2b1ef8e894d9726ee4d687c7e9a6c4d1b3043b40 |
|---|---|
| Canonical SHA-256 | 0bbc74d309e5d1a9900c3ba0b7ef43220604a438606e1ebaef0012e1076b5164 |
| Filename | aes-decode-runner-pro-1.0.9.tgz |
| Package | aes-decode-runner-pro |
| Version | 1.0.9 |
Origin
| Source | harvest |
|---|---|
| Feed | aikido.dev |
| Ecosystem | javascript |
| Domain | npmjs.org |
Timeline
| First seen | 27 May 2026 09:49 UTC |
|---|---|
| First analyzed | 27 May 2026 10:18 UTC |
| Last analyzed | 27 May 2026 12:09 UTC |
| Last updated | 27 May 2026 12:09 UTC |
Labeling
| Label | bad |
|---|---|
| Label source | harvest |
| Traits version | bc87a |
Not seeing what you expected? Let us know