English

Optimizing Away JavaScript Obfuscation

Cryptography and Security 2020-09-22 v1
Authors: Adrian Herrera
View on arXiv PDF

Abstract

JavaScript is a popular attack vector for releasing malicious payloads on unsuspecting Internet users. Authors of this malicious JavaScript often employ numerous obfuscation techniques in order to prevent the automatic detection by antivirus and hinder manual analysis by professional malware analysts. Consequently, this paper presents SAFE-Deobs, a JavaScript deobfuscation tool that we have built. The aim of SAFE-Deobs is to automatically deobfuscate JavaScript malware such that an analyst can more rapidly determine the malicious script's intent. This is achieved through a number of static analyses, inspired by techniques from compiler theory. We demonstrate the utility of SAFE-Deobs through a case study on real-world JavaScript malware, and show that it is a useful addition to a malware analyst's toolset.

Keywords

web browsing spam detection

Cite

@article{arxiv.2009.09170,
  title  = {Optimizing Away JavaScript Obfuscation},
  author = {Adrian Herrera},
  journal= {arXiv preprint arXiv:2009.09170},
  year   = {2020}
}

Comments

6 pages, 1 figures, to be published at the IEEE International Working Conference on Source Code Analysis and Manipulation

Related papers

View all related →
Cryptography and Security · Computer Science
From Obfuscated to Obvious: A Comprehensive JavaScript Deobfuscation Tool for Security Analysis
Dongchao Zhou, Lingyun Ying, Huajun Chai, Dongbin Wang
2025-12-17
Cryptography and Security · Computer Science
Obfuscating Code Vulnerabilities against Static Analysis in JavaScript Code
Francesco Pagano, Lorenzo Pisu, Leonardo Regano, Davide Maiorca +2
2026-04-02
Cryptography and Security · Computer Science
JsDeObsBench: Measuring and Benchmarking LLMs for JavaScript Deobfuscation
Guoqiang Chen, Xin Jin, Zhiqiang Lin
2025-06-26
Cryptography and Security · Computer Science
Fakeium: A Dynamic Execution Environment for JavaScript Program Analysis
José Miguel Moreno, Narseo Vallina-Rodriguez, Juan Tapiador
2024-10-29
Cryptography and Security · Computer Science
Use of Cryptography in Malware Obfuscation
Hassan Jameel Asghar, Benjamin Zi Hao Zhao, Muhammad Ikram, Giang Nguyen +3
2023-09-11
Cryptography and Security · Computer Science
Using HTML5 to Prevent Detection of Drive-by-Download Web Malware
Alfredo De Santis, Giancarlo De Maio, Umberto Ferraro Petrillo
2015-07-14
Cryptography and Security · Computer Science
Enhancing JavaScript Malware Detection through Weighted Behavioral DFAs
Pedro Pereira, José Gonçalves, João Vitorino, Eva Maia +1
2025-05-28
Cryptography and Security · Computer Science
SAFE-PDF: Robust Detection of JavaScript PDF Malware Using Abstract Interpretation
Alexander Jordan, François Gauthier, Behnaz Hassanshahi, David Zhao
2018-10-31
Cryptography and Security · Computer Science
JSForce: A Forced Execution Engine for Malicious JavaScript Detection
Xunchao Hu, Yao Cheng, Yue Duan, Andrew Henderson +1
2017-01-30
Cryptography and Security · Computer Science
Breaking Obfuscation: Cluster-Aware Graph with LLM-Aided Recovery for Malicious JavaScript Detection
Zhihong Liang, Xin Wang, Zhenhuang Hu, Liangliang Song +4
2025-07-31
Cryptography and Security · Computer Science
Malicious web script-based cyber attack protection technology
JongHun Jung, Hwan-Kuk Kim, Soojin Yoon
2015-02-16
Software Engineering · Computer Science
OBsmith: LLM-Powered JavaScript Obfuscator Testing
Shan Jiang, Chenguang Zhu, Sarfraz Khurshid
2026-03-03
Cryptography and Security · Computer Science
Protecting from Malware Obfuscation Attacks through Adversarial Risk Analysis
Alberto Redondo, David Rios Insua
2019-11-12
Cryptography and Security · Computer Science
How to Kill Symbolic Deobfuscation for Free; or Unleashing the Potential of Path-Oriented Protections
Mathilde Ollivier, Sébastien Bardin, Richard Bonichon, Jean-Yves Marion
2019-08-08
Programming Languages · Computer Science
ADsafety: Type-Based Verification of JavaScript Sandboxing
Joe Gibbs Politz, Spiridon Eliopoulos, Arjun Guha, Shriram Krishnamurthi
2015-06-26
Cryptography and Security · Computer Science
FV8: A Forced Execution JavaScript Engine for Detecting Evasive Techniques
Nikolaos Pantelaios, Alexandros Kapravelos
2024-05-24
Cryptography and Security · Computer Science
Identifying Obfuscated Code through Graph-Based Semantic Analysis of Binary Code
Roxane Cohen, Robin David, Florian Yger, Fabrice Rossi
2025-04-03
Cryptography and Security · Computer Science
CodeTrolley: Hardware-Assisted Control Flow Obfuscation
Novak Boskov, Mihailo Isakov, Michel A. Kinsy
2019-08-28
Cryptography and Security · Computer Science
Obfuscated Memory Malware Detection
Sharmila S P, Aruna Tiwari, Narendra S Chaudhari
2024-08-26
Programming Languages · Computer Science
SafeJS: Hermetic Sandboxing for JavaScript
Damien Cassou, Stéphane Ducasse, Nicolas Petton
2013-09-17
Cryptography and Security · Computer Science
Hidden in Plain Sight: Obfuscated Strings Threatening Your Privacy
Leonid Glanz, Patrick Müller, Lars Baumgärtner, Michael Reif +3
2020-09-10
Cryptography and Security · Computer Science
Obfuscated Malware Detection: Investigating Real-world Scenarios through Memory Analysis
S M Rakib Hasan, Aakar Dhakal
2024-04-04
Cryptography and Security · Computer Science
Nowhere to Hide: Detecting Obfuscated Fingerprinting Scripts
Ray Ngan, Surya Konkimalla, Zubair Shafiq
2022-06-29
Cryptography and Security · Computer Science
FEEBO: An Empirical Evaluation Framework for Malware Behavior Obfuscation
Sebastian Banescu, Tobias Wüchner, Marius Guggenmos, Martín Ochoa +1
2015-02-16
Cryptography and Security · Computer Science
PhishDef: URL Names Say It All
Anh Le, Athina Markopoulou, Michalis Faloutsos
2016-11-18