Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/cybercentrecanada/assemblyline-service-deobfuscripter
Assemblyline 4 Scripts deobfuscator
https://github.com/cybercentrecanada/assemblyline-service-deobfuscripter
assemblyline ioc javascript malware-analysis powershell scripts vba
Last synced: about 1 month ago
JSON representation
Assemblyline 4 Scripts deobfuscator
- Host: GitHub
- URL: https://github.com/cybercentrecanada/assemblyline-service-deobfuscripter
- Owner: CybercentreCanada
- License: mit
- Created: 2020-04-24T01:34:19.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2024-10-30T19:34:13.000Z (about 2 months ago)
- Last Synced: 2024-10-30T20:18:39.403Z (about 2 months ago)
- Topics: assemblyline, ioc, javascript, malware-analysis, powershell, scripts, vba
- Language: Python
- Homepage: https://cybercentrecanada.github.io/assemblyline4_docs/
- Size: 205 KB
- Stars: 8
- Watchers: 2
- Forks: 7
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
Awesome Lists containing this project
README
# DeobfuScripter Service
NOTE: This service does not require you to buy any licence and is preinstalled and working after a default installation.
Static script de-obfuscator. The purpose is not to get surgical de-obfuscation, but rather to extract obfuscated IOCs.
### Stage 1 Modules (in order of execution):
1. HTML script extraction
### Stage 2 Modules (in order of execution):
1. MSOffice Embedded script
2. CHR and CHRB decode
3. String replace
4. Powershell carets
5. Array of strings
6. Fake array vars
7. Reverse strings
8. B64 Decode - This module may also extract files
9. Simple XOR function
10. Charcode hex
11. Powershell vars
12. MSWord macro vars
13. Concat strings
14. Charcode