In the last days, I had to examine the obfuscated JavaScript code inside of some malicious html pages.

The original javascript code

The obfuscation method is the classic ‘array-mapped’: you declare an array of functions and variable names that will be used in the script, and then you refer to that in the code.

Mapped Array

The result is a very little readable code, that with a lot of patience can be rebuilt, but why do it manually?

There is a handy online tool that does the ‘dirty work’ in a few seconds: https://puzzlefiles.com/Deobfuscate/

Puzzlefiles.com Deobfuscator