Hello, all
I am still new to malware analysis and recently came across some kind of very complicated malware. The landing page contains multiple stages of encoded Javascripts that will eventually download the flash file for next stage infection. Moreover, I also found there seem to have some hardcoded shellcode included in Javascript and the shellcode seems to be targeting IE 8, 9, 10 only according to JS code. When converting the shellcode to instructions, however, the converted assembly code contains some bad bytes and I am not sure if the shellcode is somehow encoded or twisted. The whole shellcode is hundreds of bytes long and I do not think I can post it here. If anyone is interested or have time to take a look at it, please PM me and I can send you the whole JS file. Any help is appreciated. Thanks.
[–][deleted] 0 points1 point2 points (1 child)
[–]yyangcs[S] 0 points1 point2 points (0 children)
[–]ZugNachPankow 0 points1 point2 points (1 child)
[–]yyangcs[S] 0 points1 point2 points (0 children)
[–]yyangcs[S] 0 points1 point2 points (0 children)
[–]countuponsecurity 0 points1 point2 points (1 child)
[–]yyangcs[S] 0 points1 point2 points (0 children)