Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #building on MalwareAnalysisForHedgehogs script to decrypt a VBSWorm
- #Link Here https://www.youtube.com/watch?v=27PfLWG398A
- import re
- fname = "unpacked3.vbs"
- with open(fname) as f:
- content = f.readlines()
- for line in content:
- found = re.findall(r"(X\(\d+\)[&X\(\)\d]+X\(\d+\))", line)
- #it will not capture if only 1 function call to X() is present;
- #Single characters are not usually important anyway.
- for item in found:
- fCalls = re.findall(r"X\((\d+)\)", item)
- dsz = '"'
- for num in fCalls:
- dsz += chr(int(num))
- dsz += '"'
- line = line.replace(item, dsz)
- print (line.capitalize())
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement