Didier Stevens

Friday 12 December 2014


Filed under: My Software,Update — Didier Stevens @ 16:09

This is an update to my XORSelection 010 Editor script. You can select a sequence of bytes in 010 Editor (or the whole file) and then run this script to encode the sequence with the XOR key you provide. The XOR key can be a string or a hexadecimal value. Prefix the hexadecimal value with 0x.

Here is an example of an XOR encoded malicious URL found in a Word document with malicious VBA code.



Although this is an update, it turns out I never released it on my site here, but it has been released on the 010 Editor script repository.

XORSelection_V3_0.zip (https)
SHA256: 755913C46F8620E6865337F621FC46EA416893E28A4193E42228767D9BD7804A

Blog at WordPress.com.