Malware Domain List

Malware Related => Malware Analysis => Topic started by: SysAdMini on May 03, 2009, 09:51:14 am

Title: JavaScript anti-analysis tricks
Post by: SysAdMini on May 03, 2009, 09:51:14 am
textarea
http://www.cs.ucsb.edu/~marco/blog/2009/05/javascript-anti-analysis-tricks-textarea.html
Title: Re: JavaScript anti-analysis tricks
Post by: SysAdMini on May 07, 2009, 08:16:29 am
IE conditional compilation
http://www.cs.ucsb.edu/~marco/blog/2009/05/javascript-anti-analysis-tricks-ie-conditional-c.html
Title: Re: JavaScript anti-analysis tricks
Post by: tad on May 07, 2009, 01:14:02 pm
Hi, you wrote in the blog about conditional compilation: " the subsequent exploits will not be launched and will not be detected by the analysis tool."
 - I think that HtmlUnit and other Html parsers ( which execute Javascript ) used by analysis tools should launch the code in the IE mode, even if it is commented out by the tag  /*@if (@_win32) .... code.... */ . What do you think about it ? A patch to the  HtmlUnit ??
Tad
Title: Re: JavaScript anti-analysis tricks
Post by: mercutio on May 07, 2009, 06:36:17 pm
Not sure about other html parsers, but htmlunit does support conditional compilation.