all InfoSec news
Malware Analysis - 3 ways to deobfuscate JScript and JavaScript malware
Dec. 26, 2023, 7:14 a.m. | MalwareAnalysisForHedgehogs
MalwareAnalysisForHedgehogs www.youtube.com
GootLoader is an initial infector written in JScript. Current samples feature up to five layers of packed and obfuscated code.
Malware Analysis course: https://www.udemy.com/course/windows-malware-analysis-for-hedgehogs-beginner-training/?couponCode=DA55C06ECB33D9DF6AC5
extract called functions: https://github.com/struppigel/hedgehog-tools/tree/main/ECMAScript%20helpers
gootloader unpacker: https://github.com/struppigel/hedgehog-tools/tree/main/gootloader
sample: https://bazaar.abuse.ch/sample/1bc77b013c83b5b075c3d3c403da330178477843fc2d8326d90e495a61fbb01f/
Follow me on Twitter: https://twitter.com/struppigel
00:00 Introduction
00:26 First Layer - extract relevant functions
07:24 Regex deobfuscation
14:05 Abstract syntax tree …
analysis code cons current dynamic dynamic analysis feature gootloader introduction javascript javascript malware jscript malware malware analysis manipulation obfuscated obfuscated code own regex search unpack written
More from www.youtube.com / MalwareAnalysisForHedgehogs
Malware Analysis - ZPAQ to .NET downloader to Injector DLL unpacking
5 months, 3 weeks ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
Senior Security Researcher
@ Microsoft | Redmond, Washington, United States
Sr. Cyber Risk Analyst
@ American Heart Association | Dallas, TX, United States
Cybersecurity Engineer 2/3
@ Scaled Composites, LLC | Mojave, CA, US
Information Security Operations Manager
@ DP World | Charlotte, NC, United States
Sr Cyber Security Engineer I
@ Staples | Framingham, MA, United States
Security Engineer - Heartland (Remote)
@ GuidePoint Security LLC | Remote in the US