Sunday 1 March 2015

[EN] Obfuscated case - JSredirector

Today we'll check some "obfuscated" JavaScript code. I found this example (named
'JSredirector')  on this site. Thanks again! ;)

So... Unzip the file and you will find index.html with JS code.


Index.html contains encoded JS code:




Decoding (1st obfuscated) unescape() string in Burp:


Second one - trcat()- we can try to check by analysing code in JSDetox:


Now, again using Burp, we will decode this string:


We can see a nice link to tangoing {.} com domain but since the page is down,
few information you can grab in old VirusTotal scans:


That's all for this case;)

o/

No comments:

Post a Comment

What do You think...?