Menu
I just discovered a virus in my computer that uses a .js file to attack. I opened the file in notepad to check out the code, but it is completely encrypted. I can see some data that makes sense (such as bhynivmao.length!=4), but the majority of the file is filled with gibberish.
There is also an autorun.inf and even though I can see some of the shell \open\command, I am not able to figure out the rest of the gibberish that is present.
Looks like both the autorun and the .js file are obfuscated the same way. Can someone please help me to get back the readable code? I am really curious to know how this thing works.
208
Try using something like a JS beautifier:
http://jsbeautifier.org/
It will still keep the old variable names, but will definitely make the code more readable.
140
You might also consider using http://jsnice.org, which uses statistical analysis of code to identify variable names. It complements http://jsbeautifier.org well by altering variable names but not structure.
4
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
