Skip to content
/ marveloptics_malware Public
forked from veggiedefender/marveloptics_malware

Deobfuscated + reverse engineered javascript malware

0 stars 9 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

5l1v3r1/marveloptics_malware

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

original

original

 
 

README.md

README.md

 
 

WHOIS.txt

WHOIS.txt

 
 

deobfuscated.js

deobfuscated.js

 
 

pretty.js

pretty.js

 
 

Repository files navigation

marveloptics_malware

Deobfuscated and reverse engineered javascript malware

Writeup: https://blog.jse.li/posts/marveloptics-malware/

This malware was found on https://www.marveloptics.com/ embedded in the following URLs:

https://www.marveloptics.com/templates/moptics/js/vendor/modernizr.js
https://www.marveloptics.com/libraries/openid/openid.js

sha256 hashes:

cc4eb4839266c655c1bd4868d2994f68e44effd3249322eb37d3673954904f30  modernizr.js
d691b626a821c1bf93d1d75e4e8f0891c81b6f7a1e2c479eacdc18b9ec48d492  openid.js

Original copies are available in the original/ folder of this repository.

deobfuscated.js contains the output of js-beautify -x -s 2 original/openid.js > deobfuscated.js

pretty.js contains my own renamed variables and extensive comments.

About

Deobfuscated + reverse engineered javascript malware

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 100.0%