Malware Analysis - 3 ways to deobfuscate JScript and JavaScript malware
We use abstract syntax tree manipulation, regex search and replace and dynamic analysis to deobfuscate and unpack GootLoader. Each method has its own pros and cons.
GootLoader is an initial infector written in JScript. Current samples feature up to five layers of packed and obfuscated code.
Malware Analysis course:
extract called functions: helpers
gootloader unpacker:
sample:
Follow me on Twitter:
00:00 Introduction
00:26 First Layer - extract relevant functions
07:24 Regex deobfuscation
14:05 Abstract syntax tree transformations with babel
30:57 Dynamic deobfuscation
40:46 Deobfuscation method overview
41:43 GootLoader unpacker
1 month ago 00:09:02 1
1 month ago 00:41:39 1
2 months ago 00:31:23 1
2 months ago 00:08:27 1
3 months ago 00:08:01 1
3 months ago 02:27:57 1
4 months ago 00:06:50 1
5 months ago 00:28:31 1
5 months ago 00:31:10 1
5 months ago 00:32:12 1
5 months ago 00:20:53 1
5 months ago 00:57:39 1
7 months ago 00:08:03 1
8 months ago 00:15:34 1
8 months ago 00:08:28 3
8 months ago 00:08:32 5
8 months ago 00:01:15 1
9 months ago 00:39:13 1
9 months ago 00:05:30 1
9 months ago 00:34:03 1
10 months ago 00:13:11 1
10 months ago 00:40:05 1
10 months ago 00:27:09 1
10 months ago 02:09:07 8
