JScript Deobfuscation - More WSHRAT (Malware Analysis)

Hacker: Turns code into obfuscated alphabet soup
42:40 Also hacker: Adds helpful code comment to let you know this line is for Firefox

I love it so much how you speak out loud what you're thinking as you work through the code. I think this kind of video is a lot more useful than tutorials, because we get to see the thought process and from where the ideas come from trough the trials and error.

I'm happy seeing you having fun with my codes. I love that part where you said OMG!!!

When John goes "OH NOOOOOOO" you know the code is evil.

"What is that, Jurassic Park? I should know, I'm John Hammond." i died 😂

I hate that these are so good that I wake up at 6 for them

God I love this. I started watching your videos thanks to the TH-cam Algorithm and had no idea what you are doing. Now I am starting to pick up on things here and there. More more more!

That was some slick coding to get those vars into the correct places! Well done sir, stuff like that is why I love this channel!

Malware Analysis -videos are the best. 👍

23:52 john think: "John stop using python" Me: "John keep using python, thanks" :D

At 39:38 I was like "yeees I did suspect 2031 would be the port the C2 server is running on" and it felt sooo good when this suspicion was met.

Oooo woow Malware Analysis, great stuff.

I don’t know **** about programming language and malware decoding and reverse engineering and stuff but It’s the 5th video I watch this week on your channel. Just saying.

Thank God for good people like you.

Your work inspires me! This is so cool

great video 10/10 this helped me a lot deobfuscate a .js script i ripped from a site

surely John teaches us HOW to obfuscate, looks awesome!

Are people really complaining about python? It's incredibly comfy. It's often as simple as saying: "Jarvis, convert this code into recognizable commands", but with a few extra words.

These are always so fun to watch, thanks for sharing your research with us!

Great video John. Good walk through.

too inspiring, despite I'm in totally other field of work actually now I'm involved in my free time in coding with python & analysis of C applications since I started watching you almost one year ago.
High respect brother keep it up always !!

Great video!!! So much fun to watch

I fookin love u J, loads of love from UK

Does anyone besides me else just watch him even though you have no idea what hes doing?

This was a great video... very fast!

Great video! Amazing job!

The king in cyber security huge fan.

that filename actualy is from romanian language and it translates to INVOICE in english

love these videos

Hilarious. I'm wearing that shirt right now.

I could sit back with a beer and watch these all month. ...okay, a few beers.

Thanks for the video. Very cool

Thanks to you I'm trying to learn Python myself! :)

I get a good chuckle everytime you say Show-toast 😂

Great content as always. Are you planning to make a video about Kaseya and REvil?

12:20 says it all

Great reference to Jurassic Park!

@John Hammond, Do you ever go live?? and if so may i please ask what your preferred platform is

JScript is one of my favorite languages.

"Please commit Sudoku"? Not while I'm supposedly at work! This video is at least job related sort of otherwise.

Anyone ever wonder why the bears need so much toilet paper in the charmin advertisements that keep playing ??

I think you were slightly peaking your audio interface sometimes
But thank you so much, your videos are very informative !

I'm afraid to scan the qr code on that shirt lol

no way. I am literally learning OSEP materials chapter where they go over Jscript and C#.. The big data has gotten me

Seeing this, I am so glad that my computer would not be vulnerable to this. I doubt, I can apt install WSH. And even if I could, I would not. :-)

Yay!!! I am first like as well as comment! Great Content Sir!

No, the syntax highlight in Sublime Text was working fine, the problem was in escaping borderline quote symbols, for instance.

This was quite the episode..

interesting.. still learning... h1senzz3... Hisense? So Huawei/Honor???

What I use to look up an IP I use check-host and it will tell u all about the hosting

THIS IS SO FRICKIN COOL, WTF!!!

Fun fact. Factura in romanian means invoice

Reallyy missing your ctf videos :,((((((((

Thank you John, really interesting 😊

Finally, great content

maybe I missed it but how does this usually detonate?

John can you give me the link of first file in this video?

Hey man, I have a obfuscated js code which creates a chrome extension for a game. I was wondering if you would like to share that with you, see if there's a malware in it? Would really like to see whats beneath it, since I've been using it many years now. Let me know how to reach out to you. Cheers, great content!

I think John was the one who stole the $600mil of ETH and was trying to bring us valuable ententertaining content. Also the way that John acts reminds me of the somewhat "innocence" of the ETH hacker... like "uh, oh, what did I do?" Then returns it all back.

didn't catch how it deploys, do you have to run the file?

Please where can I get the code or download link to this

Now I REALLY want to know what 'show-toast' is.
EDIT: Now I do. Don't know what I expected.

First I saw somebody using pkill in real life

How would the js ever reach out of the browser?

Is it good nsa

Hey john, can you just upload the malware file anywhere and provide link. AHH maybe your github is fine !!

Toast to "show-toast" :D

I always watch your reviews and always wonder: what is usually your next step after the analysis? do you follow up reporting the c2 server? if you eventually find out an unreported malware will you follow up with a report? just wondering because these actions can help users in the end of the day.
- also, thanks for putting out always some good content

Could you please share code source ?

38:08 - "OwO what is this?"

That 1 dislike must have been a mistake.

just found this channel, i'm sevral hours in.. oof

I've never used NodeJS to casually run JS manually, rhino is a thing, IMO.

I found a wired server with a bunch of applications from a doc vba file. But I think this server should be offline now. I think I delete the file because the file which has been downloaded was not on the server. All I know is that target was windows - but it was sended up to a MAC User - that is a little bit stupid I guess. Thanks for video - I have a lot of fun.

Epic

though, vim is incredible 😉

you know there is a thing called a for loop john

vim...vim...vim! VIM!!!

«Lua» stands for «moon», while the UAC actually mined Mars…

TH-cam algorithm things

Share code :) hehe would love to take a look at the rdp module

NICE ANDROID RUNNING NOW THANKS

SHOW TOAST!

Well, I'm not shouting at my monitor, but with the stuff you do, I think VScode(/VSCodium) would be the better fit...

love the bash at vim fanboys

I love watching Justin Roiland hack the NSA

Python is a good language. Bite me. :D

lol Commit Sudoku

John, keep using python.

Please I need your help

Yeah, regex with that many characters is fun isn't it? Usually better to just open up python and write a script to replace characters in a document.

Why is he so scared to say “slaves” when it’s a pretty common computer term with a specific meaning? Cool content tho

Can u help to how to do referendum ?how to do real voting ? How to stop fake plandemy

Javascript = 😌😌

1:02:10

mics way too close sounds like your shouting!

cntrl+z

More analysis/reverse engineering, less googling please. Do it off-camera, and if there's any insights, give a summary. I don't like watching someone else browse. I can do that myself.