Malysis | SafeDep Enterprise

Details

Note: This report is updated by a verification record

The package exhibits multiple suspicious characteristics that, when combined, strongly suggest malicious intent. These include:

Code Obfuscation (Evidences 0, 1, 3): The use of hex-encoded character arrays and a function to convert them to strings obscures the true names of modules and methods. This makes static analysis difficult and is a common malware technique.
Dynamic Code Execution (Evidence 1): The package uses module.constructor._load to dynamically load modules. This is another technique used to hide malicious behavior and evade detection.
Accessing Global Process Object (Evidence 2): Accessing the process object allows the code to inspect the environment and potentially compromise the system.
Suspicious Author Email (Evidence 4): The author's email domain sl4x0.xyz is suspicious and lacks clear association with a legitimate organization.
Suspicious Install Script (Evidence 5): The package executes node index.js during installation, allowing arbitrary code execution immediately after installation.
Low Project Popularity (Evidences 6, 7): The project has low stars/forks and few published versions, indicating it's not well-maintained and potentially malicious.

While individual aspects might not be conclusive, the combination of obfuscation, dynamic code execution, suspicious email, and install script strongly suggests that this package is malicious.

Note: This report is updated by a verification record

The package exhibits multiple suspicious characteristics that, when combined, strongly suggest malicious intent. These include:

Code Obfuscation (Evidences 0, 1, 3): The use of hex-encoded character arrays and a function to convert them to strings obscures the true names of modules and methods. This makes static analysis difficult and is a common malware technique.
Dynamic Code Execution (Evidence 1): The package uses module.constructor._load to dynamically load modules. This is another technique used to hide malicious behavior and evade detection.
Accessing Global Process Object (Evidence 2): Accessing the process object allows the code to inspect the environment and potentially compromise the system.
Suspicious Author Email (Evidence 4): The author's email domain sl4x0.xyz is suspicious and lacks clear association with a legitimate organization.
Suspicious Install Script (Evidence 5): The package executes node index.js during installation, allowing arbitrary code execution immediately after installation.
Low Project Popularity (Evidences 6, 7): The project has low stars/forks and few published versions, indicating it's not well-maintained and potentially malicious.

While individual aspects might not be conclusive, the combination of obfuscation, dynamic code execution, suspicious email, and install script strongly suggests that this package is malicious.

Summary

Verification Record

Details

Summary

Verification Record

Details