In the script above, we can identify some “eval” statements and “executeglobal”. Some script code structures that are interesting to look for are functions that execute commands, such as: We could run it in a virtual machine and dynamically monitor actions taken by the script such as network connections or processes started, but first we’d like to have an idea of the code. In this case, we’re dealing with an obfuscated VBScript.ĭue to the obfuscation, it’s impossible to see on first sight what this script is trying to accomplish. This type of file is a Windows script file and can contain various scripting languages. The first sample we will investigate is a. These files were already detected by automated scanners but as these are mainly malware droppers, we figured it could be interesting to do some manual analysis to determine where the actual malware is hosted. In this blog post, we will perform an analysis on some obfuscated scripts that we received.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |