I'm trying to use js2py to decode some malicious javascript to extract the obfuscated urls. NB: DO NOT CLICK ANY LINKS IN THIS ISSUE WRITEUP! THEY LEAD TO MALWARE!
using jsc on my mac: I get the following correct behavior from this partial chunk of malicious code:
where the native string is unicode, but the console.log() string is not; and is different. This makes me suspect something ugly is happening with string encoding somewhere.
I'm trying to use js2py to decode some malicious javascript to extract the obfuscated urls. NB: DO NOT CLICK ANY LINKS IN THIS ISSUE WRITEUP! THEY LEAD TO MALWARE!
using
jsc
on my mac: I get the following correct behavior from this partial chunk of malicious code:(i have defanged the links with
hxxp
. that really ishttp
)However, in
js2py
(as of commit 7a3a1ffc6c153e4ea867988d12725f92d133ffc4), i get the following dramatically incorrect behavior.furthermore, note the difference in behavior here:
where the native string is unicode, but the console.log() string is not; and is different. This makes me suspect something ugly is happening with string encoding somewhere.