Category Archives: Malscript

Deobfuscating PHPJiami

I was sent a PHP script that was protected by PHPJiami which you can find here. PHPJiami is a decent PHP obfuscator that appears to be able to bypass several online deobfuscators. Here’s what the script looks like: When you … Continue reading

Posted in Malscript | Tagged , , | Comments Off on Deobfuscating PHPJiami

Static vs Dynamic Analysis and the Amusing Outcome

It all started with a malicious RTF document attached to an email and a request from reader Chris (thanks for your request and help!) to locate the embedded SWF object since it was believed to contain a hidden PE file. … Continue reading

Posted in Malicious Email, Malscript | Tagged , , , , | Comments Off on Static vs Dynamic Analysis and the Amusing Outcome

Deobfuscating the Nemucod Downloader Script

Matt Decker from hybrid-cloudblog.com sent me this script he received via email and asked for help deobfuscating this so here we go… Here’s the WSF file he sent me: About half-way down the script, I come across this. Two variables … Continue reading

Posted in Malscript, Tools | Tagged , , , , , , | Comments Off on Deobfuscating the Nemucod Downloader Script

Deobfuscating a Malicious PHP Downloader

A PHP script was sent to me by reader Nuno who got this from a hacked Joomla website and wanted to know what this was. He said this script was prepended to several legitimate PHP files. Looking into this a … Continue reading

Posted in Malscript | Tagged , , , | Comments Off on Deobfuscating a Malicious PHP Downloader

Javascript Leads to Browser Hijacking

I came across this nasty-looking script that hijacks your browser. It appears to have been around in some shape or form since 2014 but this latest version deploys an aggressive tactic I’ve not seen before. Here’s what this script looks … Continue reading

Posted in Malscript | Tagged , , , | Comments Off on Javascript Leads to Browser Hijacking