Open ajmeese7 opened 1 year ago
One piece of malware I analyzed recently has something along the lines of the following:
/*@cc_on @*//*@if(@_jscript_version >= 4) function... @else @*/...
This segment was entirely ignored when converting the obfuscated code to normal JS for static analysis, but in reality it was executed on the client machine when the script was ran.
This is a conditional comment, and it will only run on Internet Explorer (source).
One piece of malware I analyzed recently has something along the lines of the following:
This segment was entirely ignored when converting the obfuscated code to normal JS for static analysis, but in reality it was executed on the client machine when the script was ran.
This is a conditional comment, and it will only run on Internet Explorer (source).