Skip to content

CybercentreCanada/assemblyline-service-deobfuscripter

BranchesTags

Repository files navigation

DeobfuScripter Service

NOTE: This service does not require you to buy any licence and is preinstalled and working after a default installation.

Static script de-obfuscator. The purpose is not to get surgical de-obfuscation, but rather to extract obfuscated IOCs.

Stage 1 Modules (in order of execution):

  1. HTML script extraction

Stage 2 Modules (in order of execution):

  1. MSOffice Embedded script
  2. CHR and CHRB decode
  3. String replace
  4. Powershell carets
  5. Array of strings
  6. Fake array vars
  7. Reverse strings
  8. B64 Decode - This module may also extract files
  9. Simple XOR function
  10. Charcode hex
  11. Powershell vars
  12. MSWord macro vars
  13. Concat strings
  14. Charcode

About

Assemblyline 4 Scripts deobfuscator

cybercentrecanada.github.io/assemblyline4_docs/

Topics

javascript ioc powershell scripts vba malware-analysis assemblyline

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

8 stars

Watchers

2 watching

Forks

7 forks
Report repository

Releases 115

v4.5.0.stable19 Latest
Oct 30, 2024
+ 114 releases

Packages

No packages published

Contributors 5

Languages