*.js files - I'm feeling insecure

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 16307
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

*.js files - I'm feeling insecure

Post by ChrisGreaves »

On a different forum some asked about a topic and was directed to a ZIP file. I unzipped and found a JS file which I assumed was a java-script file.
In the zip file just a sing;e JS file, no readme.txt, nothing.
Before I carelessly ran what i believe is an executable script, I took a look with Notepad.exe, and have attached a screen shot of the leading part of the file.

For someone like me, what means are available to determine if a JavaScript(?) file is benign?
Thanks, Chris
You do not have the required permissions to view the files attached to this post.
If it isn't one thing it's another, and very often both. E.F.Benson

User avatar
Jay Freedman
Microsoft MVP
Posts: 1338
Joined: 24 May 2013, 15:33
Location: Warminster, PA

Re: *.js files - I'm feeling insecure

Post by Jay Freedman »

Even if I were an expert Java programmer (which I'm not), there isn't enough in the screenshot to know whether it's benign or malicious. It starts off by trying to figure out what browser it's running in -- so it must be intended to be invoked in a browser -- and then it does some setup with fonts and a canvas, so it may have something to do with graphics. So far, there's nothing unusual, but there's no way to know what it does after that without examining considerably more of the code.

The copyright claims to be from Microsoft, but that's easily faked.

Instead of looking at the code, you'd get better information by asking whoever posted it or linked to it to tell you what it's for and where it came from.

User avatar
John Gray
PlatinumLounger
Posts: 5513
Joined: 24 Jan 2010, 08:33
Location: A cathedral city in England

Re: *.js files - I'm feeling insecure

Post by John Gray »

It's much the same question as asking whether an .EXE file is "benign", surely?
The only difference is that you can read the Javascript (not Java?!) but that is only of minimal use to those whose mind does not contain a Javascript interpreter (which I believe to be true of Chris, even with all his intellectual abilities...)
John Gray

A car crashed into a barrier at speed; nobody was injured, but a front wheel became detached, and slowly rolled down the road.
Driver [sings]: "You picked a fine time to leave me, Loose Wheel"​​

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 16307
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: *.js files - I'm feeling insecure

Post by ChrisGreaves »

Jay Freedman wrote:
24 Mar 2024, 21:38
Even if I were an expert Java programmer (which I'm not), there isn't enough in the screenshot to know whether it's benign or malicious.
Thanks for this, Jay. To be perfectly hinest (as John Gray points out) I don't have a clue about JavaScript, but had seen enough to realize that this was an executable file"
The copyright claims to be from Microsoft, but that's easily faked. Instead of looking at the code, you'd get better information by asking whoever posted it or linked to it to tell you what it's for and where it came from.
I agree about "faked", as can be reviews et al.
Untitled.png
This popped up in a Google Alert. The sparse format, coupled with a question, and answer with a link, and what seems like an immediate response set me thinking "trap". FWIW "Burial at sea" is a rare topic that I thought would hev generated a few more "thanks" responses.
Then, that what I had expected to be a document of text (DOC, TXT, PDF, ...) turned out to be a JS heightened my awareness.
I think that a JS file is a new thing for me.
Thanks again, Chris
You do not have the required permissions to view the files attached to this post.
If it isn't one thing it's another, and very often both. E.F.Benson

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 16307
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: *.js files - I'm feeling insecure

Post by ChrisGreaves »

John Gray wrote:
25 Mar 2024, 09:12
It's much the same question as asking whether an .EXE file is "benign", surely? The only difference is that you can read the Javascript (not Java?!) but that is only of minimal use to those whose mind does not contain a Javascript interpreter (which I believe to be true of Chris, even with all his intellectual abilities...)
Thanks John. Yes, My question about benign is applicable to EXE files, the difference being that I already know not to trust attached EXE files.
That this executable is a JS file led me to be suspicious. As I pointed out above, this is, I believe, the first instance of me receiving a JS file when I expected a text-like document.
And yes, while I do have a Turing interpreter in my head (and in my phones, and in my laptops, and ..) JS is beyond my capabilities.

Cheers, Chris
If it isn't one thing it's another, and very often both. E.F.Benson