I wrote a Python program to decode encoded VBS scripts (VBE).
decode-vbe_V0_0_1.zip (https)
MD5: 87E61217BC77275DBACEA77B8EDF12B5
SHA256: 11A9B5D47657C123845007E3E29FB331CAE7483B6A4A3AC54276DB90116911B5
Tuesday 29 March 2016
Decoding VBE
3 Comments »
RSS feed for comments on this post. TrackBack URI
Didier Stevens 
[…] Didier Stevens released a python script to decode encoded VBScripts. The script appears to print out the contents of the VBE script. Decoding VBE […]
Pingback by Week 13 – 2016 – Thisweekin4n6 — Sunday 3 April 2016 @ 13:13
[…] example, I added a definition for VBE/JSE files (encoded .vbs/.js […]
Pingback by New Tool: file-magic.py | Didier Stevens — Wednesday 11 July 2018 @ 0:00
[…] obfuscation layer can be decoded by a great Python tool written by Didier Stevens, named Decode-VBE. It outputs a more readable text that allows us to continue decoding the malware. Even with the use […]
Pingback by Adobe worm faker uses lolbins and dynamic techniques to deliver customized payloads – clarkwap — Thursday 27 June 2019 @ 13:52