Browsing All Posts published on »November, 2008«

Javascript Malware Deobfuscation

November 23, 2008 by


So it turns out that there is a useful trick when working with and deobfuscating quasi-encrypted and obfuscated Javascript (like that seen in malware). The other Stephen observed that the function “COlescript::Compile()” in JSCRIPT.DLL is basically the place in the javascript interpreter that equates to an eval(). If you break here at runtime (like so) […]