DeobfuScripter Service
NOTE: This service does not require you to buy any licence and is preinstalled and working after a default installation.
Static script de-obfuscator. The purpose is not to get surgical de-obfuscation, but rather to extract obfuscated IOCs.
Stage 1 Modules (in order of execution):
- HTML script extraction
Stage 2 Modules (in order of execution):
- MSOffice Embedded script
- CHR and CHRB decode
- String replace
- Powershell carets
- Array of strings
- Fake array vars
- Reverse strings
- B64 Decode - This module may also extract files
- Simple XOR function
- Charcode hex
- Powershell vars
- MSWord macro vars
- Concat strings
- Charcode