How to decrypt a javascript file

javascript obfuscation virus autorun deobfuscation
Flipsyde picture Flipsyde · May 7, 2013 · Viewed 39k times · Source

I just discovered a virus in my computer that uses a .js file to attack. I opened the file in notepad to check out the code, but it is completely encrypted. I can see some data that makes sense (such as bhynivmao.length!=4), but the majority of the file is filled with gibberish.

There is also an autorun.inf and even though I can see some of the shell \open\command, I am not able to figure out the rest of the gibberish that is present.

Looks like both the autorun and the .js file are obfuscated the same way. Can someone please help me to get back the readable code? I am really curious to know how this thing works.

Answer

MMM picture MMM · May 7, 2013

Try using something like a JS beautifier:

http://jsbeautifier.org/

It will still keep the old variable names, but will definitely make the code more readable.

Related questions

How can I obfuscate (protect) JavaScript?

I want to make a JavaScript application that's not open source, and thus I wish to learn how to can obfuscate my JS code? Is this possible?

Read More
How do I hide javascript code in a webpage?

Is it possible to hide the Javascript code from the html of a webpage, when the source code is viewed through the browsers View Source feature? I know it is possible to obfuscate the code, but I would prefer it …

Read More
How can I hide or encrypt JavaScript code?

Is there any way to hide or encrypt JavaScript code to prevent people from viewing, copying, and/or modifying proprietary programs?

Read More