Visible to the public Optimizing Away JavaScript Obfuscation

TitleOptimizing Away JavaScript Obfuscation
Publication TypeConference Paper
Year of Publication2020
AuthorsHerrera, Adrian
Conference Name2020 IEEE 20th International Working Conference on Source Code Analysis and Manipulation (SCAM)
Date PublishedOct. 2020
ISBN Number978-1-7281-9248-2
KeywordsCollaboration, Human Behavior, human factors, Internet, JavaScript, Malware, Manuals, Metrics, obfuscation, Open Source Software, Payloads, policy-based governance, pubcrawl, resilience, Resiliency, Safe Coding, static analysis, Tools

JavaScript is a popular attack vector for releasing malicious payloads on unsuspecting Internet users. Authors of this malicious JavaScript often employ numerous obfuscation techniques in order to prevent the automatic detection by antivirus and hinder manual analysis by professional malware analysts. Consequently, this paper presents SAFE-DEOBS, a JavaScript deobfuscation tool that we have built. The aim of SAFE-DEOBS is to automatically deobfuscate JavaScript malware such that an analyst can more rapidly determine the malicious script's intent. This is achieved through a number of static analyses, inspired by techniques from compiler theory. We demonstrate the utility of SAFE-DEOBS through a case study on real-world JavaScript malware, and show that it is a useful addition to a malware analyst's toolset.

Citation Keyherrera_optimizing_2020