Skip navigation.
Home

Wepawet: analyzing web-based malware

Hello guys!

Wepawet is a new service for detecting and analyzing web-based malware. It currently handles Flash and JavaScript files.

http://wepawet.iseclab.org

Things you can do with Wepawet:
- Determine if a page or file is malicious
- wepawet runs various analyses on the URLs or files that you submit. At the end of the analysis phase, it tells you whether the resource is malicious or benign and provides you with information that helps you understand why it was classified in a way or the other.
- wepawet displays various pieces of information that greatly simplify the manual analysis and understanding of the behavior of malicious samples. For example, it gives access to the unobfuscated malicious code used in an attack. It also collects the URLs accessed by a sample.
- wepawet does not just tell you that a resource is malicious, it also shows you the exact vulnerability (or, more likely, the vulnerabilities) that are exploited during an attack.

Its a very nice utility

It’s a very nice utility for analyzing embedded malwares in PDF docs.

But as mentioned in below link, this kind of automatic scanning can be bypassed.

Additionally, this will make automatic analysis impossible for any tool that will use a JavaScript interpreter on the included JavaScript code (such as Wepawet) – the first phase shellcode will work only if the document is loaded in the memory. Sneaky, but that was not all!
http://isc.sans.org/diary.html?storyid=7867

Anupam Kumar