I came across older QakBot dropper sample that randomly selects values using calls to RANDBETWEEN to build URLs. Of course when using xlmdeobfuscator, the same outcome is generated each time, as expected.
When running xlmdeobfuscator -x, although the various possible URL components are displayed, the calls to RANDBETWEEN are omitted from the output. I think those would be good to have in the output. Can you make some changes so those calls are included when -x is used? Also curious about what other things you think could be improved, if any, as I very new to XLM macros.
I came across older QakBot dropper sample that randomly selects values using calls to
RANDBETWEENto build URLs. Of course when usingxlmdeobfuscator, the same outcome is generated each time, as expected.When running
xlmdeobfuscator -x, although the various possible URL components are displayed, the calls toRANDBETWEENare omitted from the output. I think those would be good to have in the output. Can you make some changes so those calls are included when-xis used? Also curious about what other things you think could be improved, if any, as I very new to XLM macros.