HTA JScript to PowerShell - Novter Malware Analysis
93,192
Publicado 2021-04-23
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: patreon.com/johnhammond010
PayPal: paypal.me/johnhammond010
E-mail: [email protected]
Discord: johnhammond.org/discord
Twitter: twitter.com/_johnhammond
GitHub: github.com/JohnHammond
Todos los comentarios (20)
-
I never thought I'd be spending my friday afternoon watching a cross between seth rogen and louis c.k. analyze malware, but here we are.
-
"146 IPs, we could do this forever..." Well, I 'd definitively watch that! Please keep these malware analysis videos coming, they are great. I really enjoy seeing all the thought process behind the analysis.
-
50:25 - "that's math" thank you for that profound insight
-
If anyone is using EQ for their computer sound, I found that cutting down 2k Hz range makes the sound much less obnoxious (a bit more swampy, but intelligible and sans all that awful highs). Hope that might help someone. Still, despite the sound problem, great video as usual! <3
-
"It builds character" I love it 😄
-
Was just reading about MSHTA and you come up with this. Your timing is perfect John! Awesome xD
-
As soon as I saw the Russian text I was screaming "SLOT MACHINES!!!" )) Really cool analysis, kudos!
-
2 powershell tips for your future adventures: - you can use > to redirect output in a file, it is after all a "shell", instead of | out-file - parenthesis around something are evaluating that something and treat is a variable, so if you have an array built on the fly and want the first and third char [1,3]. in your case around 31:15 the variable $VerbosePreference is cast as string : [string]$VerbosePreference then with parenthesis around it, it avoids storing this into a variable to work with it, it's the equivalent of $a=[string]$VerbosePreference ; $a[1,3] when you do ([string]$VerbosePreference)[1,3] just my 2 cents :)
-
I love these videos. I am learning so much about malware.
-
Thankyou John and Thankyou for all of the free lessons! I appreciate it so much and have learned most of what I know to this day from you. Thankyou
-
Oh my goodness, this was crazy Really interesting to see the cool (and shady, I guess) techniques they use John, ty for this video (and don't worry about the audio ;) )
-
If you use vscode instead of sublime it has a beautifier module and a bunch of other helpful modules and a built in console.
-
This was awesome John. Love your content. A big fan.
-
You ROCK JH. Great job. Thank you!
-
13:28 summery of .this (object): .this in JS will keep track of the instantiation of the code that is running. Like all the functions and variables that were being set/ instantiated. So, this object keeps track of all of the functions and vars that we have initially defined
-
I learn a ton everytime I watch one of your videos. You are da man!!!!
-
Well done John, thank you!
-
Thank you, for this video!
-
Awesome video man, Appreciate it!