From: Lasse Reichstein Nielsen on
"7String" <7String(a)thenewsgroup.com> writes:

> yes, most likely its a byte values of the binary file
> (executable). How an executable been converted into this strings in
> order to be restored in an original form?

That's impossible to say without seeing the code.
/L
--
Lasse Reichstein Holst Nielsen
'Javascript frameworks is a disruptive technology'

From: Dr J R Stockton on
In comp.lang.javascript message <hrunec$ccn$1(a)news.eternal-
september.org>, Thu, 6 May 2010 18:32:27, balzer <nospam(a)news.eternal-
september.org> posted:
>Here is offuscated code sample, it obfuscated binary, seems
>
>%b=Array(c(077),c(090),c(144),c(000),c(003),c(000),c(000),c(000),c(004)
>,c(000),c(000): .this line is 275413 characters long::c(000),c(000),c(0
>00),c(000 ),"")
>
>which encoding method is used to obfuscate binary? This is not base64.

I doubt whether that is JavaScript as much as I doubt that your native
language is English. Therefore, there is no reason to consider leading
zero as indicating octal.

Taken as decimal representations of 'ASCII', the first two characters
are MZ, the third is hex 90. That pattern, followed by sparse numbers,
is characteristic of MSDOS/Windows executables.

For examples, see sig, use >mtr -h \windows\*.exe or similar.

So the coding seems trivial, well short of crypto; but malware detectors
may not decode it.

--
(c) John Stockton, nr London, UK. ?@merlyn.demon.co.uk Turnpike v6.05 IE 7.
Web <URL:http://www.merlyn.demon.co.uk/> - FAQish topics, acronyms, & links.
MiniTrue is good for viewing/searching/altering files, at a DOS / CMD prompt;
free, DOS/Win/UNIX, new via <URL:http://www.merlyn.demon.co.uk/pc-links.htm>.