How to decrypt a javascript file

Flipsyde picture Flipsyde · May 7, 2013 · Viewed 39k times · Source

I just discovered a virus in my computer that uses a .js file to attack. I opened the file in notepad to check out the code, but it is completely encrypted. I can see some data that makes sense (such as bhynivmao.length!=4), but the majority of the file is filled with gibberish.

There is also an autorun.inf and even though I can see some of the shell \open\command, I am not able to figure out the rest of the gibberish that is present.

Looks like both the autorun and the .js file are obfuscated the same way. Can someone please help me to get back the readable code? I am really curious to know how this thing works.

Answer

MMM picture MMM · May 7, 2013

Try using something like a JS beautifier:

http://jsbeautifier.org/

It will still keep the old variable names, but will definitely make the code more readable.