This in the code (snippet) almost immediately gives away its insecurity and that it could be potentially malicious and actually it is malicious here

 ==^^O31))^^nniuf+=st​ring[\"from^^CharCode\"](ev​al(vq^vu^wg+h^fs^x[1*ur​nsnb]) +

^-broken by me, Pol
eval() may be abused in the pre-onload phase of the webpage,
therefore it is so vital that eval-generated js malcode is immediately blocked by the avast! Web Shield.

polonus