Maijin
commented
4 years ago Actually I see you are working a better solution here https://github.com/DissectMalware/XLMMacroDeobfuscator/tree/smt-solver, closing.
Closed Maijin closed 4 years ago
Maijin
commented
4 years ago Actually I see you are working a better solution here https://github.com/DissectMalware/XLMMacroDeobfuscator/tree/smt-solver, closing.
DissectMalware
commented
4 years ago SMTSolver solution was not very successful. However, now xlmdeobfuscator automatically guesses the correct value of the day/
An idea -
In addition to the ability to force a specific number of the day, would be nice to have an option like
-d bfto attempt bruteforcing.Maybe with a list of known routines like Shell32, ShellExecuteA URLDownloadToFileA etc. and/or leaving the user to search for a specific for example if there is a msgbox, user could add "corrupt" as a keyword to search
The script would then check how many of those keywords are found per day number to avoid false positives and show that to the user in a table (tabulate) and show output for the one with the most values: