Sample

Metadata

SHA256: 5bc8b1a067ec4b487e88c2bb93728158633f4fdf22b111d5562cbb4ad3426d30
Difficulty: medium
Platform: Windows
Tags: js loader obfuscated stage 1
Likes: 0
Views: 3
Submitter: struppigel

Analysis

Goal

Deobfuscate this loader such that you get the download URL.

Description

This is an obfuscated JScript loader. It downloads the file atom.xml.

After this deobfuscation task you may want to continue with the task for atom.xml.

Recommended Tools

notepad++

Solutions

JScript Loader Analysis by 0xdeluks

1
JS to PowerShell to XWorm with Binary Refinery Reference by struppigel

Image

Sample image

Video

Solution by struppigel: JS to PowerShell to XWorm with Binary Refinery

Comments

Please login to view and post comments.