Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- def deobfuscate(source_cmdline):
- import re
- import base64
- elems = source_cmdline.split('&')
- encoded_str = elems[0]
- encoded_str = encoded_str.replace('^','')
- SUB = re.compile(r'.*set.*(.)=(.)!',re.IGNORECASE)
- for e in elems[1:-1]:
- m=SUB.match(e)
- if m:
- encoded_str = encoded_str.replace(m.group(1),m.group(2))
- m=re.match(r'.*\s([A-Za-z0-9]+=?=?)', encoded_str)
- if m:
- try:
- b=base64.b64decode(m.group(1))
- encoded_str=b.replace('\x00','')
- except:
- pass
- m=re.match(r'.*=.(http.+\.[Ss][Pp][Ll][Ii][Tt]\(...\))',encoded_str)
- if m:
- u=m.group(1)
- urls = u[:-12].split(u[-3])
- return urls
- else:
- return []
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement