JScript Deobfuscation - More WSHRAT (Malware Analysis)

Рет қаралды 59,859

Күн бұрын

Пікірлер: 135

@amstevenson 3 жыл бұрын

Hacker: Turns code into obfuscated alphabet soup 42:40 Also hacker: Adds helpful code comment to let you know this line is for Firefox

@awli8861 3 жыл бұрын

hecker XD

@mycotina6438 3 жыл бұрын

I love it so much how you speak out loud what you're thinking as you work through the code. I think this kind of video is a lot more useful than tutorials, because we get to see the thought process and from where the ideas come from trough the trials and error.

@litmussales9750 2 жыл бұрын

I'm happy seeing you having fun with my codes. I love that part where you said OMG!!!

@Irisilol 3 жыл бұрын

When John goes "OH NOOOOOOO" you know the code is evil.

@samuelmiller1691 3 жыл бұрын

God I love this. I started watching your videos thanks to the KZbin Algorithm and had no idea what you are doing. Now I am starting to pick up on things here and there. More more more!

@slybandit8117 10 ай бұрын

That was some slick coding to get those vars into the correct places! Well done sir, stuff like that is why I love this channel!

@jesseramsell1895 3 жыл бұрын

"What is that, Jurassic Park? I should know, I'm John Hammond." i died 😂

@rrittenhouse 3 жыл бұрын

I never even realized the similarity on the name LOL. I've even made replica John Hammond Cane's for people... I should have caught that 🤣

@hunterbodell1129 3 жыл бұрын

I hate that these are so good that I wake up at 6 for them

@murkdurk8961 3 жыл бұрын

You might need to rethink your priorities🤭

@alexlefevre8226 3 жыл бұрын

I don't wake up early to watch, but I do wake up to schedule the download, automagically chop the resolution down a bit, and finally upload to a part of my cloud storage where I store every one of these for the future. Kinda silly... But I am using these videos as a set of walkthroughs and have learned an "asston" so far. John does such a good job with these! His ah-ha moments have become the center of mass of which I orbit around. Keep it up John... Please!!! Although I know you were busy with the huge ransomware attack recently. Your name was in probably a dozen of the 15 I read. As if I didn't already respect the crap out of you

@salmqN 3 жыл бұрын

@@murkdurk8961 Nah, completely agree with him

@murkdurk8961 3 жыл бұрын

@@salmqN not saying this isn't important, but if you set your alarm to wake up for this in the morning, you might need to get a job

@salmqN 3 жыл бұрын

@@murkdurk8961 I wake up before 6:00 most days regardless of a video or not, and what does having a job got to do with watching anything xD

@BlackDragonCZ_alt 3 жыл бұрын

23:52 john think: "John stop using python" Me: "John keep using python, thanks" :D

@ChymekJR 3 жыл бұрын

Your work inspires me! This is so cool

@cheshirecat6519 3 жыл бұрын

I don’t know **** about programming language and malware decoding and reverse engineering and stuff but It’s the 5th video I watch this week on your channel. Just saying.

@jannikmeissner 3 жыл бұрын

At 39:38 I was like "yeees I did suspect 2031 would be the port the C2 server is running on" and it felt sooo good when this suspicion was met.

@rungoranga6341 3 жыл бұрын

Malware Analysis -videos are the best. 👍

@bendavis8461 3 жыл бұрын

Oooo woow Malware Analysis, great stuff.

@sebastianinnez3395 3 жыл бұрын

surely John teaches us HOW to obfuscate, looks awesome!

@vexraill 3 жыл бұрын

These are always so fun to watch, thanks for sharing your research with us!

@erin1569 3 жыл бұрын

Are people really complaining about python? It's incredibly comfy. It's often as simple as saying: "Jarvis, convert this code into recognizable commands", but with a few extra words.

@KeithGriffiths 3 жыл бұрын

Great video John. Good walk through.

@michaelvandenheuvel317 5 ай бұрын

Thank God for good people like you.

@mustafaismail5773 3 жыл бұрын

too inspiring, despite I'm in totally other field of work actually now I'm involved in my free time in coding with python & analysis of C applications since I started watching you almost one year ago. High respect brother keep it up always !!

@Roxas99Yami 8 ай бұрын

great video 10/10 this helped me a lot deobfuscate a .js script i ripped from a site

@DahlFreeman 3 жыл бұрын

Great video!!! So much fun to watch

@sjslife 3 жыл бұрын

I fookin love u J, loads of love from UK

@benjaminthelen1413 3 жыл бұрын

Does anyone besides me else just watch him even though you have no idea what hes doing?

@1FelixxileF1 3 жыл бұрын

Same

@justinboss4131 3 жыл бұрын

@@1FelixxileF1 same here buddy

@joancasals4365 3 жыл бұрын

same here

@StreuB1 3 жыл бұрын

Yep, absolutely no idea what he's doing but its awesome to watch brilliant people work their jam.

@codydietrich4246 10 ай бұрын

Same here, but he makes me wanna learn!

@fordorth 3 жыл бұрын

This was a great video... very fast!

@snake1980eyes 3 жыл бұрын

that filename actualy is from romanian language and it translates to INVOICE in english

@phyotyla 3 жыл бұрын

Apparently the same in Swedish and Spanish among others

@pbezunartea 3 жыл бұрын

Great video! Amazing job!

@BloodBornKnight 2 жыл бұрын

The king in cyber security huge fan.

@eklypzn 3 жыл бұрын

Hilarious. I'm wearing that shirt right now.

@_JohnHammond 3 жыл бұрын

IT'S SUCH A GOOD SHIRT

@zimboiii9025 3 жыл бұрын

@@_JohnHammond WHAT SHIRT IS IT

@larziel7107 3 жыл бұрын

Thanks to you I'm trying to learn Python myself! :)

@dustyboyle 3 жыл бұрын

Thanks for the video. Very cool

@johtodev 3 жыл бұрын

love these videos

@gustinstamatinos9910 3 жыл бұрын

I could sit back with a beer and watch these all month. ...okay, a few beers.

@LouisSerieusement 3 жыл бұрын

I think you were slightly peaking your audio interface sometimes But thank you so much, your videos are very informative !

@nordgaren2358 3 жыл бұрын

Great reference to Jurassic Park!

@happyked 3 жыл бұрын

Great content as always. Are you planning to make a video about Kaseya and REvil?

@kaihuang5420 3 жыл бұрын

no way. I am literally learning OSEP materials chapter where they go over Jscript and C#.. The big data has gotten me

@TobiasTimpe 3 жыл бұрын

JScript is one of my favorite languages.

@camerontgore 3 жыл бұрын

I get a good chuckle everytime you say Show-toast 😂

@drasticwarrior5357 2 жыл бұрын

@John Hammond, Do you ever go live?? and if so may i please ask what your preferred platform is

@jkobain 3 жыл бұрын

No, the syntax highlight in Sublime Text was working fine, the problem was in escaping borderline quote symbols, for instance.

@logiciananimal 3 жыл бұрын

"Please commit Sudoku"? Not while I'm supposedly at work! This video is at least job related sort of otherwise.

@bosch5303 3 жыл бұрын

Fun fact. Factura in romanian means invoice

@Colaholiker 3 жыл бұрын

Seeing this, I am so glad that my computer would not be vulnerable to this. I doubt, I can apt install WSH. And even if I could, I would not. :-)

@guky667 3 жыл бұрын

THIS IS SO FRICKIN COOL, WTF!!!

@Dooglet 2 жыл бұрын

maybe I missed it but how does this usually detonate?

@AnthonyBlakley 3 жыл бұрын

This was quite the episode..

@huongkieu8335 3 жыл бұрын

John can you give me the link of first file in this video?

@ViperDerKranke 7 ай бұрын

12:20 says it all

@thewhat4228 3 жыл бұрын

Please where can I get the code or download link to this

@marlonius05 Жыл бұрын

interesting.. still learning... h1senzz3... Hisense? So Huawei/Honor???

@jimo8486 3 жыл бұрын

What I use to look up an IP I use check-host and it will tell u all about the hosting

@theragequitgamer246 3 жыл бұрын

I'm afraid to scan the qr code on that shirt lol

@viv_2489 3 жыл бұрын

😂

@ikhmalfahmi9308 3 жыл бұрын

Reallyy missing your ctf videos :,((((((((

@gdk111 3 жыл бұрын

Thank you John, really interesting 😊

@andrewloucks6568 3 жыл бұрын

Anyone ever wonder why the bears need so much toilet paper in the charmin advertisements that keep playing ??

@userou-ig1ze 3 жыл бұрын

didn't catch how it deploys, do you have to run the file?

@whatthefunction9140 3 жыл бұрын

How would the js ever reach out of the browser?

@carterplasek498 3 жыл бұрын

He references this in a few other videos, this isn't Javascript, it is JScript, which is a confusing way of saying it is Microsoft's Javascript, a scripting language using the same (or very similar) syntax to javascript, but does windows stuff and can run on windows.

@SuiGio 3 жыл бұрын

Hey man, I have a obfuscated js code which creates a chrome extension for a game. I was wondering if you would like to share that with you, see if there's a malware in it? Would really like to see whats beneath it, since I've been using it many years now. Let me know how to reach out to you. Cheers, great content!

@_JohnHammond 3 жыл бұрын

Yes please, always happy to take a look through some weird code -- you can email me with the address in the description :)

@0xhex 3 жыл бұрын

Could you please share code source ?

@MartinHaunschmid 3 жыл бұрын

Now I REALLY want to know what 'show-toast' is. EDIT: Now I do. Don't know what I expected.

@awndolznmowdlzkwndznwua 3 жыл бұрын

What was it, Martin?

@balazsolah1976 3 жыл бұрын

What was it, MARTIN?

@MartinHaunschmid 3 жыл бұрын

@@awndolznmowdlzkwndznwua I guess an endpoint for returning Messages to the C2

@DD-hn2jr 3 жыл бұрын

First I saw somebody using pkill in real life

@btno222 3 жыл бұрын

Is it good nsa

@realMattGavin 3 жыл бұрын

I think John was the one who stole the $600mil of ETH and was trying to bring us valuable ententertaining content. Also the way that John acts reminds me of the somewhat "innocence" of the ETH hacker... like "uh, oh, what did I do?" Then returns it all back.

@PreetisKitchenltr 3 жыл бұрын

Yay!!! I am first like as well as comment! Great Content Sir!

@thowbikdustan6515 3 жыл бұрын

Hey john, can you just upload the malware file anywhere and provide link. AHH maybe your github is fine !!

@cyrussecurity 3 жыл бұрын

Toast to "show-toast" :D

@stefank2387 3 жыл бұрын

Finally, great content

@jkobain 3 жыл бұрын

I've never used NodeJS to casually run JS manually, rhino is a thing, IMO.

@cat-boy1357 3 жыл бұрын

38:08 - "OwO what is this?"

@crystal_royal3405 3 жыл бұрын

Epic

@dddddddddavis 3 жыл бұрын

I always watch your reviews and always wonder: what is usually your next step after the analysis? do you follow up reporting the c2 server? if you eventually find out an unreported malware will you follow up with a report? just wondering because these actions can help users in the end of the day. - also, thanks for putting out always some good content

@claudiafischering901 3 жыл бұрын

I found a wired server with a bunch of applications from a doc vba file. But I think this server should be offline now. I think I delete the file because the file which has been downloaded was not on the server. All I know is that target was windows - but it was sended up to a MAC User - that is a little bit stupid I guess. Thanks for video - I have a lot of fun.

@dowLoveTap 3 жыл бұрын

just found this channel, i'm sevral hours in.. oof

@jkobain 3 жыл бұрын

«Lua» stands for «moon», while the UAC actually mined Mars…

@CarRamrod-uf2ub 3 жыл бұрын

That 1 dislike must have been a mistake.

@baxsm 3 жыл бұрын

that was from the hacker :/

@jimmlmao 5 ай бұрын

you know there is a thing called a for loop john

@magicball60 3 жыл бұрын

Share code :) hehe would love to take a look at the rdp module

@nextlevelbruh827 3 жыл бұрын

though, vim is incredible 😉

@crazylegs85 3 жыл бұрын

vim...vim...vim! VIM!!!

@tsustyle6263 3 жыл бұрын

SHOW TOAST!

@corbezzz 3 жыл бұрын

KZbin algorithm things

@razaullahkhan8099 Жыл бұрын

NICE ANDROID RUNNING NOW THANKS

@fra1897 3 жыл бұрын

love the bash at vim fanboys

@real1cytv 3 жыл бұрын

Well, I'm not shouting at my monitor, but with the stuff you do, I think VScode(/VSCodium) would be the better fit...

@hackingismylife2167 3 жыл бұрын

Please I need your help

@bellshoe2894 3 жыл бұрын

I love watching Justin Roiland hack the NSA

@isosthenie8271 3 жыл бұрын

Python is a good language. Bite me. :D

@magnum_dingus 3 жыл бұрын

John, keep using python.

@daryll4645 3 жыл бұрын

lol Commit Sudoku

@LycanEnforcer 3 жыл бұрын

Yeah, regex with that many characters is fun isn't it? Usually better to just open up python and write a script to replace characters in a document.

@gorway6807 3 жыл бұрын

Why is he so scared to say “slaves” when it’s a pretty common computer term with a specific meaning? Cool content tho

@heraclitus7893 2 жыл бұрын

KZbin algorithm demonetisation I suppose

@MarcinGrobelkiewicz 3 жыл бұрын

Can u help to how to do referendum ?how to do real voting ? How to stop fake plandemy

@Lemon_Inspector 3 жыл бұрын

How demoncracy is formed?

@techysecurity4107 3 жыл бұрын

Javascript = 😌😌

@RyzekZ0008 3 жыл бұрын

1:02:10

@JNET_Reloaded 3 жыл бұрын

mics way too close sounds like your shouting!

@Tedd755 3 жыл бұрын

More analysis/reverse engineering, less googling please. Do it off-camera, and if there's any insights, give a summary. I don't like watching someone else browse. I can do that myself.

@viv_2489 3 жыл бұрын

@@miyu1424 yeah agree, he is working through and displaying it to us at the same time... I think his concern is that more deep code analysis should be done for C# exe's or binaries in video but that would take immense lot of time...

@issecret1 3 жыл бұрын

No, thanks. Then if I don't know something he uses I get intimidated and have no idea how he found it