. https://blog.sucuri.net/2019/03/uncommon-radixes-used-in-malware-obfuscation.html
blog article
Some JavaScript features allow for pretty interesting obfuscation techniques. For example, did you know that virtually any English word can be used as a valid number? I recently decoded a credit card stealing script injected at the bottom of a js/varien/js.js file: There were several layers of obfuscation. During the final stage of decoding, I identified that this code writes something to web pages with URLs containing one of the following keywords onepage|checkout|onestep|firecheckout, typically used on checkout pages. Still don’t see how this conversion of one big number to a string can help decode the text? You might need to reread the documentation of the Number.prototype.toString() method and pay attention to the optional radix parameter. This parameter helps get a string representation of a given number in the specified radix (base). As you know, we have only ten digits from 0 through 9. For numbers with bases larger than 10, we have to use letters for numerals larger than 9. This approach is quite familiar to us when we use hexadecimal numbers (base 16). In addition to the normal 0…9 digits, their representations include letters a,b,c,d,e,f. READ MORE