Analyze JavaScript and VBScript Malware With x64dbg Debugger and API Hooking
Open Analysis Live! The fastest way to analyze JavaScript and VBScript malware is by using a debugger to hook API calls. In this tutorial we demonstrate this technique using x64dbg debugger and then demo a tool to automate the whole process frida-wshook.
-----
OALABS DISCORD
/ discord
OALABS PATREON
/ oalabs
OALABS TIP JAR
https://ko-fi.com/oalabs
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
**NOTE: as Duncan Ogilvie pointed out I made a mistake when describing the DLL breakpoints, they actually just break when a DLL is loaded and after that on the DLL entry point. Thanks Duncan!
The malicious JavaScript can be downloaded here:
http://malshare.com/sample.php?action...
Out other tutorial for manually deobfuscating wscript can be watched here:
• Viewer Submission - Decoding Maliciou...
You can find x64dbg here:
https://x64dbg.com/#start
The automated deobfuscation too frida-wshook can be found on our github here:
https://github.com/OALabs/frida-wshook
Here are some links to other excellent wscript analysis tools:
Macros
https://github.com/egaus/maliciousmac...
Windbg JavaScript analysis
https://github.com/szimeus/evalyzer
Online JS WScript analyzer
https://mrpapercut.com/sites/wscript/
Another JS sandbox
https://github.com/HynekPetrak/malwar...
JStillery an automated JS deobfuscator
https://github.com/mindedsecurity/JSt...
Feedback, questions, and suggestions are always welcome : )
Sergei / herrcore
Sean / seanmw
As always check out our tools, tutorials, and more content over at http://www.openanalysis.net
Смотрите видео Analyze JavaScript and VBScript Malware With x64dbg Debugger and API Hooking онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь OALabs 25 Январь 2018, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 15,582 раз и оно понравилось 515 людям.