Chapter 8: De-Obfuscating Malicious Scripts: Putting the Toothpaste Back in the Tube

Often during malware analysis, a malicious binary is not the initial stage that presents to the end user. Somewhat frequently, an initial "dropper" in the format of a script—be it PowerShell, Visual Basic Scripting (VBS), a malicious Visual Basic for Applications (VBA) macro, JavaScript, or anything else—is responsible for the initial infection and implantation of the binary.

This has been the case in modern times with malware families Emotet, Qakbot, TrickBot, and many others. Historically, VBA scripts have comprised the entirety of a malware family—for instance, ILOVEYOU, an infamous virus from the early 2000s written in Microsoft's own VBS language.

In this ...

Get Malware Analysis Techniques now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Malware Analysis Techniques by Dylan Barker

Chapter 8: De-Obfuscating Malicious Scripts: Putting the Toothpaste Back in the Tube

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly