Tag Archives: javascript deobfuscation

Deobfuscating the Nemucod Downloader Script

Matt Decker from hybrid-cloudblog.com sent me this script he received via email and asked for help deobfuscating this so here we go… Here’s the WSF file he sent me: About half-way down the script, I come across this. Two variables … Continue reading

Posted in Malscript, Tools | Tagged , , , , , , | Comments Off on Deobfuscating the Nemucod Downloader Script

Deobfuscating a Hideous-Looking JS Downloader

One of my readers, Stefano from zanna.it (thanks!), sent me this little gem: In the midst of seemingly random strings, there are clues to its structure but there’s very little to go on. I started off by grabbing a portion … Continue reading

Posted in Malicious Email, Malscript | Tagged , | Comments Off on Deobfuscating a Hideous-Looking JS Downloader

Deobfuscating Magento Guruincsite Javascript

I saw this blog post by the super talented guys over at Sucuri and thought that it was just another URL redirection script hiding behind escaped characters but it turned out to be better than that. Here’s what the script … Continue reading

Posted in Malscript, Tools | Tagged , , | Comments Off on Deobfuscating Magento Guruincsite Javascript

Javascript Deobfuscator Updated

Just a quick update…I added a Javascript beautification feature. Just click on the “Beautify” button and the results will appear at the bottom. I did get some people emailing me saying that they got an error message. I compiled this … Continue reading

Posted in Tools | Tagged | Comments Off on Javascript Deobfuscator Updated

New Javascript Deobfuscator Tool

This particular spam page redirect was brought to my attention by a colleague because it was getting past the web filters using Javascript obfuscation. In one version, the landing page uses a meta refresh tag. I guess it was getting … Continue reading

Posted in Malscript, Tools | Tagged , | Comments Off on New Javascript Deobfuscator Tool