Didier Stevens

Tuesday 30 January 2018

Update: translate.py Version 2.5.2

Filed under: My Software,Update — Didier Stevens @ 0:00

Yesterday I had to analyze a malicious document, carrying embedded PowerShell scripts with Gzip compression. I use translate.py to do the Gzib decompression as I explained in this blog post.

But it’s still not that practical, copying that onliner from my blog post, so I’m releasing a new version of translate.py where I defined function GzipD as that onliner (and I also defined ZlibD).

Here is how I use build-in function GzipD to decompress the malicious payload:

translate_v2_5_2.zip (https)
MD5: 1499C7D9C03928F2CE90BAA813A982DA
SHA256: 34451966781CA9821CD66AEF54379A3B47576CD4FCE8CBEFD9EFA3DA06E49CE9


  1. […] Update: translate.py Version 2.5.2 […]

    Pingback by Overview of Content Published In January | Didier Stevens — Thursday 1 February 2018 @ 0:00

  2. […] Update: translate.py Version 2.5.2 […]

    Pingback by Week 5 – 2018 – This Week In 4n6 — Sunday 4 February 2018 @ 10:34

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.

%d bloggers like this: