A string analysis of the dropped file was not useful in identifying its intent, as the JavaScript was heavily obfuscated—as is common in Gootloader samples. The script also included boilerplate licensing comments to make it appear to be a legitimate JavaScript, as shown in Figure 7.