Malware Analysis: How to Decode JavaScript Obfuscation

Thursday, January 05, 2012


When performing malware analysis one of the techniques the bad guys uses to hide their code is obfuscation.

What this means is that the program is hidden or obscured to make malware analysis much more difficult. You didn’t think they would make it easy on you did they?

I found a good intro to javascript malware analysis and video on the HIR Information Report website.

It shows you one method (the Tom Liston Method) on how to take obfuscated code that looks like this (click image to enlarge):

And decode it so you get the original Javascript, like this (click image to enlarge):

Excellent article, check it out!

Cross-posted from Cyber Arms

Possibly Related Articles:
Viruses & Malware
Information Security
virus malware Javascript Training Infosec Analysis Video Obfuscation
Post Rating I Like this!