DissectMalware/batch_deobfuscator DissectMalware/batch_deobfuscator

  • Stars
    star
    138
  • Rank 264,508 (Top 6 %)
  • Language
    Python
  • License
    MIT License
  • Created about 6 years ago
  • Updated about 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
DissectMalware/batch_deobfuscator
github

DissectMalware

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Deobfuscate batch scripts obfuscated using string substitution and escape character techniques.

Introduction

By using this python script, you can deobfuscate a batch script that is obfuscated with string substitution and escape character techniques.

Running the script

To run the script

python  batch_interpreter.py --file c:\test\obfuscated_file.bat

* The code was written in a hurry and needs a major refactoring. Please stay tuned.

Use as a lib

from batch_deobfuscator.batch_interpreter import BatchDeobfuscator,handle_bat_file
deobfuscator = BatchDeobfuscator()
itsthewine=handle_bat_file(deobfuscator,'/home/petersichel/comfortable_study/newyorktownhouse.bat')

More Repositories

1

XLMMacroDeobfuscator

Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
Python
561
star
2

pyOneNote

A python library to parse OneNote (.one) files
Python
110
star
3

MalwareCMDMonitor

Shows command lines used by latest instances analyzed on Hybrid-Analysis
Python
44
star
4

base64_substring

Generate a Yara rule to find base64-encoded files containg a specific keyword
Python
40
star
5

yaradbg-frontend

JavaScript
36
star
6

ClipboardWatcher

Monitor the textual data pasted into Windows clipboard
C#
29
star
7

OfficeForensicTools

A set of tools for collecting forensic information
Python
25
star
8

PySameSame

This is a python version of samesame repo to generate homograph strings
HTML
24
star
9

xlrd2

xlrd2 is a variant of xlrd that is actively maintained
Python
24
star
10

yaradbg-backend

Python
24
star
11

WinNativeIO

Using Undocumented NTDLL Functions to Read/Write/Delete File
C++
20
star
12

pyxlsb2

an Excel 2007+ Binary Workbook (xlsb) parser for Python
Python
19
star
13

MDIExtractor

Python
15
star
14

npp-langs-4-sec

Notepad++ Syntax Highlighting for Languages Used by Cyber Security Professionals
15
star
15

IoCMiner

A Framework to Automatically Extract Indicators of Compromise (IoCs) from Twitter
Python
14
star
16

PhishCanary

Given a TLD zone file, PhishCanary extracts International Domain Names (IDNs) that are homoglyphs of specified target domain names.
Python
10
star
17

yaradbg-issues

7
star
18

yaradbg-container

A docker config file to run yaradbg in a container
Dockerfile
5
star
19

TLDExtractor

Accurately extract TLD, effective TLD, 2LD, 3LD, ... from a given domain name; by utilizing the Public Suffix List maintained by Mozilla Foundation
C#
3
star
20

document-samples

HTML
1
star