Shuffle option causes Antiviruses to find Trojan

[Limbo2332]

Describe the bug:

For example, use https://www.virustotal.com/gui/home/upload to check for viruses through obfucsated javascript files. With shuffle: "hash" configuration it finds the viruses stably.

Config and Small code sample

Config:

{
      target: "browser",
      preset: "high",
      renameVariables: false,
      renameGlobals: false,
      minify: false,
      controlFlowFlattening: false,
      deadCode: false,
      flatten: false,
      shuffle: { hash: 0.5, true: 0.5 } (any value that contains hash) 
}

Expected behavior

There are no viruses found in obfuscated code.

Actual behavior

There are viruses found in obfuscated code.

Additional context

I don't know if it would be helpful, but similar problem with javascript-obfuscator package described here: javascript-obfuscator/javascript-obfuscator#51

[Limbo2332]

Version I use: 1.7.1

[doctor8296]

Hmm, this is pretty interesting.
However, we cannot adjust obfuscator for antivirus needs. It is outside app, that doesn't use code directly. What if it will start to detect it every where?
Also we have no idea what cause it.

By the way, I have noticed that some antiviruses redefine fetch function and some shadowDOM stuff.

[Limbo2332]

Without "shuffle" option in Obfuscator configuration I cannot reproduce this issue.

[Mrgaton]

this is not the fault of the library this obfuscates code wich makes it impossible to read it to antivirus without VM analysis so some of them just trigers as virus.

[MichaelXF]

It's hard to control when Antiviruses decide to flag. Sometimes they flag when the code simply looks obfuscated (hexadecimal variables, encrypted strings, etc). Also, the shuffle: "hash" option is removed in 2.0 (currently 2.0.0-alpha.2)

I would suggest not using the shuffle: "hash" option, it's not a powerful obfuscation after all.