Deobfuscation – Lost in Security (and mostly everything else)

Posts tagged "Deobfuscation"

2022-05-13 Quick Remcos Deobfusction

Herbie Zimmerman May 17, 2022 May 17, 2022Code 0

Summary ========= Decided that I would take a crack at trying to deobfuscate the VBScript that was in a sample of Remcos malspam since I haven’t been doing it for a long while. The VBScript can be found over at Any.Run inside a zip file (malspam attachment). I’ll do a…

Deobfuscating an Emotet MalDoc Script

Herbie Zimmerman December 5, 2017 December 5, 2017Code 0

So this post covers the malicious macro script that was found in an older writeup for Emotet which you can find here. While one could develop tools to help deobfuscate the macro script like @David Ledbetter did in his blog post, I wanted to show another way of doing it…