*.js files - I'm feeling insecure

[ChrisGreaves]

On a different forum some asked about a topic and was directed to a ZIP file. I unzipped and found a JS file which I assumed was a java-script file.
In the zip file just a sing;e JS file, no readme.txt, nothing.
Before I carelessly ran what i believe is an executable script, I took a look with Notepad.exe, and have attached a screen shot of the leading part of the file.

For someone like me, what means are available to determine if a JavaScript(?) file is benign?
Thanks, Chris

[Jay Freedman]

Even if I were an expert Java programmer (which I'm not), there isn't enough in the screenshot to know whether it's benign or malicious. It starts off by trying to figure out what browser it's running in -- so it must be intended to be invoked in a browser -- and then it does some setup with fonts and a canvas, so it may have something to do with graphics. So far, there's nothing unusual, but there's no way to know what it does after that without examining considerably more of the code.

The copyright claims to be from Microsoft, but that's easily faked.

Instead of looking at the code, you'd get better information by asking whoever posted it or linked to it to tell you what it's for and where it came from.

[John Gray]

It's much the same question as asking whether an .EXE file is "benign", surely?
The only difference is that you can read the Javascript (not Java?!) but that is only of minimal use to those whose mind does not contain a Javascript interpreter (which I believe to be true of Chris, even with all his intellectual abilities...)

[ChrisGreaves]

Even if I were an expert Java programmer (which I'm not), there isn't enough in the screenshot to know whether it's benign or malicious.

Thanks for this, Jay. To be perfectly hinest (as John Gray points out) I don't have a clue about JavaScript, but had seen enough to realize that this was an executable file"

The copyright claims to be from Microsoft, but that's easily faked. Instead of looking at the code, you'd get better information by asking whoever posted it or linked to it to tell you what it's for and where it came from.

I agree about "faked", as can be reviews et al.

Untitled.png

This popped up in a Google Alert. The sparse format, coupled with a question, and answer with a link, and what seems like an immediate response set me thinking "trap". FWIW "Burial at sea" is a rare topic that I thought would hev generated a few more "thanks" responses.
Then, that what I had expected to be a document of text (DOC, TXT, PDF, ...) turned out to be a JS heightened my awareness.
I think that a JS file is a new thing for me.
Thanks again, Chris

[ChrisGreaves]

It's much the same question as asking whether an .EXE file is "benign", surely? The only difference is that you can read the Javascript (not Java?!) but that is only of minimal use to those whose mind does not contain a Javascript interpreter (which I believe to be true of Chris, even with all his intellectual abilities...)

Thanks John. Yes, My question about benign is applicable to EXE files, the difference being that I already know not to trust attached EXE files.
That this executable is a JS file led me to be suspicious. As I pointed out above, this is, I believe, the first instance of me receiving a JS file when I expected a text-like document.
And yes, while I do have a Turing interpreter in my head (and in my phones, and in my laptops, and ..) JS is beyond my capabilities.

Cheers, Chris