WScript Emulator

This software emulates the WScript functionality found on Windows systems. Load a file and see which classes & methods are called and with which arguments. Because the WScript emulator aims to behave as close as the normal WScript functionality, using this emulator makes analysing WScript files much easier, no matter how many layers of obfuscation are added.

Usage

Click on 'Load file' or drag a file to the button to run a WScript js file. The file is not uploaded to the server but runs in your browser against the WScript emulator.

The 'Tracer' screen shows you what actions are performed in the script. The first 7 lines are always present because of the initialisation of the WScript object and virtual filesystem (VFS).

The right panel has 3 screens:

Input shows your input. This also allows for inline-editing and running scripts

shows your input. This also allows for inline-editing and running scripts VFS is a tree-representation of the Virtual Filesystem, showing created and/or modified files. The VFS contains a default basic folder structure

is a tree-representation of the Virtual Filesystem, showing created and/or modified files. The VFS contains a default basic folder structure Console is the output of console.log commands in the input. This helps with inline-debugging

Restrictions / warnings

If the input file asks to download an external file, this file is not downloaded. In addition, default methods 'XMLHTTPRequest' and 'fetch' are overwritten with nops. Of course it is possible for scripts to re-implement these features, so don't rely on this software to keep yourself safe. Take precautions if you're using this to analyse malware-downloaders.

The WScript Emulator is written in Javascript, and handles only the JScript variant of WScript files. WScript can also be written in VBScript, but due to the differences between Javascript and VBScript, it is not possible to emulate it easily.

Note: while the emulator tries to be as close to the original as possible, it cannot be expected to handle 100% of the files, for various reasons. If you find a problem and know of a solution to fix this, please visit the Github page.