Hi Reverser,
Lets do some stuff, today i would like to share again about malware evasion technique. But today it is a bit different, where it is not about executable but it is good to know about. I would like to share about javascript evasion technique using obfuscation in order to bypass some protection control
There are alot of techniques have been developed by researcher but i would like to share about the basic one of them. This obfuscation is very effective on bypassing the protection control since it impact the flow of the code
Logic Structure Obfuscation
This type of obfuscation technique is to manipulate the execution paths of JavaScript codes by changing the logic structure, without affecting the original semantics.
There are two ways to implement logic structure obfuscation. The easiest one is to insert some instruction which are independent of the functionality. The other one is to add or change some conditional branches, such as if … else, switch…case, for, while.
- Conditional Branches
We can see the payload in highlighted above will be executed once during the code execution with different logic flow. So the Antivirus will need to anticipate both type of code which is very hard because there are inlimited ways to achieve the same objective
2. Independent Instruction
We insert some independent code which have nothing to do with the payload itself. The objective of executing the payload once during code execution is still the same
By manipulating the code logic structure in order to achieve the same payload execution is very effective on bypassing the antivirus engine it will give very low detection confidence to the protection to block the malware
