Tag Archives: deobfuscation

Revelo - Javascript Deobfuscator

Posted on May 1, 2012 by darryl

I mentioned a new tool I’ve been developing to help with Javascript deobfuscation months ago. I’ve been working on it off and on but it’s taking me awhile. There’s still more to do but I think it’s ready for a … Continue reading

Posted in Malscript, Tools | Tagged , , , | 10 Comments

Chinese Pack Using Dadong’s JSXX VIP Script

Posted on March 1, 2012 by darryl

Another week, another pack. But this one is using Dadong’s JSXX 0.41 VIP obfuscation script which makes the task of Javascript deobfuscation a more difficult than the others. We’ll get to that in a bit but let’s talk about the … Continue reading

Posted in Exploit Packs, Malscript | Tagged , , , , | 3 Comments

Deobfuscate Javascript Using MS Tools

Posted on June 13, 2011 by darryl

Several readers sent me email asking how to decipher Javascript code without doing it manually. There are actually several tools out there that can help you. Malzilla, SpiderMonkey, and Rhino seem to be the most popular. But I found that … Continue reading

Posted in Malscript, Tools | Tagged , , , , , , , | 4 Comments

Reversing the Incognito Exploit Kit

Posted on June 4, 2011 by darryl

Looks like Incognito got updated yet again. Let’s reverse the Javascript exploit code… First let’s clean this up (the complete script is here)! You can see it’s now using p, div, and span tags to hold the obfuscated code which … Continue reading

Posted in Exploit Packs, Malscript | Tagged , , , , , , | 5 Comments

Deobfuscating the Facebook Spam Script

Posted on May 12, 2011 by darryl

The latest Facebook spam Javascript code was sent to me. Apparently there are two versions, one was obfuscated while the other wasn’t. Lucky me, I get the obfuscated one! My first thought was “wow, nice obfuscation but should be easy … Continue reading

Posted in Malscript | Tagged , , , , | 10 Comments