Skip to content

veggiedefender/marveloptics_malware

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

marveloptics_malware

Deobfuscated and reverse engineered javascript malware

Writeup: https://blog.jse.li/posts/marveloptics-malware/

This malware was found on https://www.marveloptics.com/ embedded in the following URLs:

https://www.marveloptics.com/templates/moptics/js/vendor/modernizr.js
https://www.marveloptics.com/libraries/openid/openid.js

sha256 hashes:

cc4eb4839266c655c1bd4868d2994f68e44effd3249322eb37d3673954904f30  modernizr.js
d691b626a821c1bf93d1d75e4e8f0891c81b6f7a1e2c479eacdc18b9ec48d492  openid.js

Original copies are available in the original/ folder of this repository.

deobfuscated.js contains the output of js-beautify -x -s 2 original/openid.js > deobfuscated.js

pretty.js contains my own renamed variables and extensive comments.

About

Deobfuscated + reverse engineered javascript malware

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published