Category Archives: Tools

Deobfuscating the Nemucod Downloader Script

Matt Decker from hybrid-cloudblog.com sent me this script he received via email and asked for help deobfuscating this so here we go… Here’s the WSF file he sent me: About half-way down the script, I come across this. Two variables … Continue reading

Posted in Malscript, Tools | Tagged , , , , , , | Comments Off on Deobfuscating the Nemucod Downloader Script

Tools Update

Several programs have been updated. You can find them on the Tools page. Converter Notable changes since the last version: – Changed textbox font to Courier to improve readability – Added reverse file option – Added compare files option – … Continue reading

Posted in Tools | Tagged , , , , , | Comments Off on Tools Update

Locky JS and URL Revealer

From various reports, it appears that the malicious Javascript files sent via email that pull Locky down is back. Let’s see what these scripts look like: At the bottom of the script, is this function that reverses the string above, … Continue reading

Posted in Malicious Email, Malscript, Tools | Tagged , , , , | Comments Off on Locky JS and URL Revealer

Script Deobfuscator Updated

Continuing from my last blog post, I updated the program to handle the latest obfuscated Javascript technique. I made the logic generic in order to handle future versions and variants so the results may come out a bit weird (e.g. … Continue reading

Posted in Malscript, Tools | Tagged , , , | Comments Off on Script Deobfuscator Updated

Script Deobfuscator Released

The purpose of this tool is to help you perform static analysis on obfuscated scripts. It’s often easier to dynamically analyze scripts but there are times when you just don’t know where to start or you just want a high-level … Continue reading

Posted in Malscript, Tools | Tagged , , , , , | Comments Off on Script Deobfuscator Released