Malware Handbook
  • Preface
  • Author
  • Prerequisites for Malware
  • Prerequisites for Lab Set-Up
  • Setting Up Labs
  • Download Sample Malware Exercises
  • Intro to Assembly Language
  • Assembly Language Basics
  • Commonly Used Instructions
  • Win32 Assembly Programming
  • PE Format
    • PE32
    • PE32+
  • Malware
    • Types of Malware
    • Malware Classification by Windows Defender
    • Sourcing Malware
  • Malware Development
  • Malware Analysis
    • Malware Analysis Methodologies
      • Static Analysis
        • Static Analysis Tools/Methods
        • Static Analysis of Sample Files
      • Dynamic Analysis
        • Dynamic Analysis Tools/Methods
        • Analyzing Files with Regshot, Process Monitor, and Wireshark
        • Analyzing calc.exe and Network Activity
      • Manual Code Reversing
        • Reverse Engineering Simple Windows Executable Files
        • Reverse Engineering re_lotsastuff.exe
        • Reverse Engineering re_lotsastuff.exe Using Ghidra
      • Analyzing PowerShell Scripts
      • Analyzing JavaScript Samples
        • Analyzing JavaScript in HTML
      • Analyzing Macro Code in Office Documents
      • Setting Up REMnux Environment
        • Setting Up and Configuring FakeNet in REMnux
      • Analyzing an ELF File
      • Analyzing ASPX Webshells
      • Analyzing JAR Files
    • SAMPLE NOTES (of Notes.txt)
Powered by GitBook
On this page
  1. Malware Analysis
  2. Malware Analysis Methodologies

Analyzing JavaScript Samples

1. Introduction to JavaScript Analysis:

  • Tools Used:

    • Popular Browsers: Microsoft Edge, Google Chrome, Mozilla Firefox.

    • Developer Tools: Integrated within browsers to debug or inspect webpages.

    • Visual Studio Code: Another tool to analyze JavaScript code.

  • JavaScript File Locations:

    • Embedded in HTML source code.

    • As standalone .js files.

  • HTML Requirement:

    • JavaScript debugging often requires embedding the script in an HTML file since browsers standardly read HTML.

2. Practical Analysis - JavaScript Files:

  • Samples to Analyze: (say)

    • re_basicjs.js

    • re_texrjs.html

  • Preparation:

    • Restored VM image, copied and extracted course files, and ran fakeness.

3. Analyzing re_basicjs.js:

  • Initial Inspection:

    • Use Notepad++ to inspect the JavaScript sample.

    • Rotten Tomatoes Function:

      • Appears to perform string character replacements.

      • Used with variables str1 and str2, which are joined into a variable named flag.

  • Loading the JavaScript File in a Browser:

    • Step 1: Write an HTML loader file in Notepad++ to load re_basicjs.js.

    • Step 2: Save the file as loader.html.

    • Step 3: Open loader.html in Firefox by dragging and dropping it into the browser.

4. Debugging with Firefox Developer Tools:

  • Opening Developer Tools:

    • Press F12 to open Developer Tools in Firefox.

  • Locating the JavaScript File:

    • Go to the Debugger tab, expand the file tree under the Main Thread section.

    • Locate re_basicjs.js.

  • Setting a Breakpoint:

    • Place a breakpoint on line 14, where str1 is assigned.

  • Reloading the Page:

    • Press F5 to reload the page and trigger the breakpoint.

  • Using Debugging Tools:

    • Step Over (F10): Skip over function calls.

    • Step In (F11): Step into function calls for detailed analysis.

  • Watching Variables:

    • Add the flag variable to the Watch Expressions window to track its value as the script executes.

    • Alternatively, hover the mouse pointer over the flag variable to reveal its content.

5. Key Takeaways:

  • Combining Tools:

    • Use text editors like Notepad++ for initial inspection and browser Developer Tools for dynamic debugging.

  • HTML Integration:

    • Essential to house JavaScript within HTML for effective debugging in browsers.

  • Debugging Strategies:

    • Breakpoints and watch expressions are crucial for understanding the flow and outcomes of JavaScript variables and functions.

  • Practical Approach:

    • Skipping complex functions like Rotten Tomatoes can save time when the main objective is to reveal key variable contents, like the flag in this case.

PreviousAnalyzing PowerShell ScriptsNextAnalyzing JavaScript in HTML

Last updated 9 months ago