Bulletin of Networking, Computing, Systems, and Software

The main purpose of program obfuscation is to protect the security of a program’s source code and prevent its misuse. However, attackers can also exploit obfuscation to make analysis and detection of their own programs more difficult. Therefore, it is necessary to deobfuscate the source code during analysis; however, the numerous obfuscation methods available make deobfuscation challenging. In this paper, we aim to automate a system that encompasses deobfuscation tools for multiple methods. Our system employs a detection tool for malicious JavaScript files, a deobfuscation tool for JavaScript, a deobfuscation tool for XOR obfuscation, and a deobfuscation tool for Portable Executable (PE) files in order to achieve detection and deobfuscation. From our results, we confirm the detection of malicious JavaScript files and the deobfuscation of obfuscated files, while for PE files, we verified deobfuscation at the same level as the source code. The implementation of this system enables efficient deobfuscation of numerous obfuscated programs.

Deobfuscation; Automated System; XOR; Packer; JavaScript