Sunday, 1 March 2015

[EN] Obfuscated case - JSredirector

Today we'll check some "obfuscated" JavaScript code. I found this example (named
'JSredirector')  on this site. Thanks again! ;)

So... Unzip the file and you will find index.html with JS code.

Index.html contains encoded JS code:

Decoding (1st obfuscated) unescape() string in Burp:

Second one - trcat()- we can try to check by analysing code in JSDetox:

Now, again using Burp, we will decode this string:

We can see a nice link to tangoing {.} com domain but since the page is down,
few information you can grab in old VirusTotal scans:

That's all for this case;)


No comments:

Post a Comment

What do You think...?