TL;DR
This paper introduces SAFE-Deobs, a static analysis tool designed to automatically deobfuscate malicious JavaScript, aiding analysts in quickly understanding malware scripts by overcoming common obfuscation techniques.
Contribution
The paper presents a novel static analysis tool, SAFE-Deobs, specifically tailored for deobfuscating JavaScript malware, enhancing analysis efficiency.
Findings
Successfully deobfuscated real-world JavaScript malware
Improved malware analysis speed and accuracy
Demonstrated utility as a malware analyst tool
Abstract
JavaScript is a popular attack vector for releasing malicious payloads on unsuspecting Internet users. Authors of this malicious JavaScript often employ numerous obfuscation techniques in order to prevent the automatic detection by antivirus and hinder manual analysis by professional malware analysts. Consequently, this paper presents SAFE-Deobs, a JavaScript deobfuscation tool that we have built. The aim of SAFE-Deobs is to automatically deobfuscate JavaScript malware such that an analyst can more rapidly determine the malicious script's intent. This is achieved through a number of static analyses, inspired by techniques from compiler theory. We demonstrate the utility of SAFE-Deobs through a case study on real-world JavaScript malware, and show that it is a useful addition to a malware analyst's toolset.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
