Analyze JavaScript and VBScript Malware With x64dbg Debugger and API Hooking
Open Analysis Live! The fastest way to analyze JavaScript and VBScript malware is by using a debugger to hook API calls. In this tutorial we demonstrate this technique using x64dbg debugger and then demo a tool to automate the whole process frida-wshook.
-----
OALABS DISCORD
/ discord
OALABS PATREON
/ oalabs
OALABS TIP JAR
https://ko-fi.com/oalabs
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
**NOTE: as Duncan Ogilvie pointed out I made a mistake when describing the DLL breakpoints, they actually just break when a DLL is loaded and after that on the DLL entry point. Thanks Duncan!
The malicious JavaScript can be downloaded here:
http://malshare.com/sample.php?action...
Out other tutorial for manually deobfuscating wscript can be watched here:
• Viewer Submission - Decoding Maliciou...
You can find x64dbg here:
https://x64dbg.com/#start
The automated deobfuscation too frida-wshook can be found on our github here:
https://github.com/OALabs/frida-wshook
Here are some links to other excellent wscript analysis tools:
Macros
https://github.com/egaus/maliciousmac...
Windbg JavaScript analysis
https://github.com/szimeus/evalyzer
Online JS WScript analyzer
https://mrpapercut.com/sites/wscript/
Another JS sandbox
https://github.com/HynekPetrak/malwar...
JStillery an automated JS deobfuscator
https://github.com/mindedsecurity/JSt...
Feedback, questions, and suggestions are always welcome : )
Sergei / herrcore
Sean / seanmw
As always check out our tools, tutorials, and more content over at http://www.openanalysis.net
Watch video Analyze JavaScript and VBScript Malware With x64dbg Debugger and API Hooking online without registration, duration hours minute second in high quality. This video was added by user OALabs 25 January 2018, don't forget to share it with your friends and acquaintances, it has been viewed on our site 15,582 once and liked it 515 people.