To deal with a particular maldoc sample, I added an option to numbers-to-hex.py to deal with signed bytes (negative and positive numbers used to represent byte values).
Here is a video:
Usage: numbers-to-hex.py [options] [[@]file ...] Program to convert decimal numbers into hex numbers Arguments: @file: process each file listed in the text file specified wildcards are supported Source code put in the public domain by Didier Stevens, no Copyright Use at your own risk https://DidierStevens.com Options: --version show program's version number and exit -h, --help show this help message and exit -m, --man Print manual -o OUTPUT, --output=OUTPUT Output to file -i, --ignore Do not generate an error when a number larger than 255 is found -n NUMBER, --number=NUMBER Minimum number of numbers per line (1 by default) -s, --signed Numbers are signed bytes: add 256 if negative Manual: This program reads lines from the given file(s) or standard input, and then extracts decimal numbers from each line. A decimal number is a sequence of digits (optionally prefixed with a dash - for negative numbers). All numbers found in a line are converted to hexadecimal and outputed as a line. Hexadecimal numbers are separated by a space character. If a number is smaller than 0 or larger than 255/0xFF, an error is generated, except when option -i is used. Option -s (--signed) indicates that the input numbers are signed bytes: -1 is 0xFF, -2 is 0xFE, ... Option -n NUMBER (--number) requires that at least NUMBER numbers are present in the input line (the default is 1 number). The hexadecimal numbers are written to standard output, except when option -o is used. When option -o is used, the numbers are written to the file specified by option -o.