I wrote a Python program to decode encoded VBS scripts (VBE).
decode-vbe_V0_0_1.zip (https)
MD5: 87E61217BC77275DBACEA77B8EDF12B5
SHA256: 11A9B5D47657C123845007E3E29FB331CAE7483B6A4A3AC54276DB90116911B5
I wrote a Python program to decode encoded VBS scripts (VBE).
decode-vbe_V0_0_1.zip (https)
MD5: 87E61217BC77275DBACEA77B8EDF12B5
SHA256: 11A9B5D47657C123845007E3E29FB331CAE7483B6A4A3AC54276DB90116911B5
RSS feed for comments on this post. TrackBack URI
This site uses Akismet to reduce spam. Learn how your comment data is processed.
[…] Didier Stevens released a python script to decode encoded VBScripts. The script appears to print out the contents of the VBE script. Decoding VBE […]
Pingback by Week 13 – 2016 – Thisweekin4n6 — Sunday 3 April 2016 @ 13:13
[…] example, I added a definition for VBE/JSE files (encoded .vbs/.js […]
Pingback by New Tool: file-magic.py | Didier Stevens — Wednesday 11 July 2018 @ 0:00
[…] obfuscation layer can be decoded by a great Python tool written by Didier Stevens, named Decode-VBE. It outputs a more readable text that allows us to continue decoding the malware. Even with the use […]
Pingback by Adobe worm faker uses lolbins and dynamic techniques to deliver customized payloads – clarkwap — Thursday 27 June 2019 @ 13:52