Author Archives: darryl

Locky JS and URL Revealer

From various reports, it appears that the malicious Javascript files sent via email that pull Locky down is back. Let’s see what these scripts look like: At the bottom of the script, is this function that reverses the string above, … Continue reading

Posted in Malicious Email, Malscript, Tools | Tagged , , , , | Comments Off on Locky JS and URL Revealer

Script Deobfuscator Updated

Continuing from my last blog post, I updated the program to handle the latest obfuscated Javascript technique. I made the logic generic in order to handle future versions and variants so the results may come out a bit weird (e.g. … Continue reading

Posted in Malscript, Tools | Tagged , , , | Comments Off on Script Deobfuscator Updated

Deobfuscating a Hideous-Looking JS Downloader

One of my readers, Stefano from zanna.it (thanks!), sent me this little gem: In the midst of seemingly random strings, there are clues to its structure but there’s very little to go on. I started off by grabbing a portion … Continue reading

Posted in Malicious Email, Malscript | Tagged , | Comments Off on Deobfuscating a Hideous-Looking JS Downloader

Script Deobfuscator Released

The purpose of this tool is to help you perform static analysis on obfuscated scripts. It’s often easier to dynamically analyze scripts but there are times when you just don’t know where to start or you just want a high-level … Continue reading

Posted in Malscript, Tools | Tagged , , , , , | Comments Off on Script Deobfuscator Released

Packing/Unpacking Javascript from DOS

Here’s one way to pack and unpack Javascript from the Windows’ command line. For this we use PhantomJS and Dean Edwards’ Javascript Compressor. 1. Download PhantomJS from here. 2. Download the JSPacker.js file from here. 3. Put everything in a … Continue reading

Posted in Tools | Tagged , , , | Comments Off on Packing/Unpacking Javascript from DOS