Malware Analysis - 3 ways to deobfuscate JScript and JavaScript malware
We use abstract syntax tree manipulation, regex search and replace and dynamic analysis to deobfuscate and unpack GootLoader. Each method has its own pros and cons.
GootLoader is an initial infector written in JScript. Current samples feature up to five layers of packed and obfuscated code.
Malware Analysis course:
extract called functions: helpers
gootloader unpacker:
sample:
Follow me on Twitter:
00:00 Introduction
00:26 First Layer - extract relevant functions
07:24 Regex deobfuscation
14:05 Abstract syntax tree transformations with babel
30:57 Dynamic deobfuscation
40:46 Deobfuscation method overview
41:43 GootLoader unpacker
7 months ago 00:34:11 1
9 years ago 00:19:53 124
![Static Malware Smtp Fail Analysis [ShmooCon 2016]](https://sun9-30.userapi.com/AhRAR-LAb-4Ff5x8CjeodK5pTrUA7F1IzCM29w/goWvRs3n3Ns.jpg)
2 years ago 01:05:44 1
10 months ago 00:40:05 1
9 years ago 00:37:03 4
11 months ago 00:43:08 1
10 months ago 00:27:09 1
8 months ago 00:39:13 1
2 years ago 00:07:55 1
1 year ago 00:28:07 1
9 years ago 00:03:19 14
3 years ago 01:42:04 6
1 year ago 00:16:18 1
5 years ago 00:30:36 6
2 years ago 00:37:03 1
1 year ago 00:10:36 1
2 years ago 00:14:57 1
1 year ago 00:20:06 1
6 years ago 00:10:32 4
5 years ago 00:07:33 1
2 years ago 00:09:22 1
1 year ago 00:04:47 1
9 years ago 01:13:23 2
2 years ago 00:37:28 1
