Malware Analysis: How to Decode JavaScript Obfuscation

When performing malware analysis one of the techniques the bad guys uses to hide their code is obfuscation. What this means is that the program is hidden or obscured to make malware analysis much more difficult. You didn’t think they would make it easy on you did they?  🙂

I found a good intro to javascript malware analysis and video on the HIR Information Report website. It shows you one method (the Tom Liston Method) on how to take obfuscated code that looks like this:

And decode it so you get the original Javascript, like this:

Excellent article, check it out!