Closed Beercow closed 3 years ago
It seems your code is not updated. Please update from new-version branch.
It had still another issue, which I fixed a few seconds ago
Merged new-version branch with master. Update from master and it should work.
Not sure what is going on on my end. It keeps running and never ends. Seems to be stuck in a loop.
It took me 41 seconds to deobfuscate this sample, please give it some time
Please also make sure that you update xlrd2
pip install -U https://github.com/DissectMalware/xlrd2/archive/master.zip --no-cache
Please also make sure that you update xlrd2
pip install -U https://github.com/DissectMalware/xlrd2/archive/master.zip --no-cache
That was the issue. Thanks. :-)
CELL:D87 , FullEvaluation , DEFINE.NAME("tyilvtu",19) CELL:D91 , FullEvaluation , NEXT CELL:D77 , FullEvaluation , WHILE(AND(fhosr<vhVS)) -> [True] CELL:D80 , FullEvaluation , DEFINE.NAME("fhosr",20) CELL:D84 , FullEvaluation , SET.VALUE($D$93,"=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))") CELL:D87 , FullEvaluation , DEFINE.NAME("tyilvtu",20) CELL:D91 , FullEvaluation , NEXT CELL:D77 , FullEvaluation , WHILE(AND(fhosr<vhVS)) -> [True] CELL:D80 , FullEvaluation , DEFINE.NAME("fhosr",21) CELL:D84 , FullEvaluation , SET.VALUE($D$93,"=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))") CELL:D87 , FullEvaluation , DEFINE.NAME("tyilvtu",21) CELL:D91 , FullEvaluation , NEXT CELL:D77 , FullEvaluation , WHILE(AND(fhosr<vhVS)) -> [False] Error [deobfuscator.py:2277 parse_tree = self.xlm_parser.parse(formula)]: Unexpected token Token('CMPOP', '=') at line 1, column 45. Expected one of:
[Day of Month] 28
Files:
[END of Deobfuscation] time elapsed: 0.32625532150268555
Hash of file: 07e6ece14527349fae6cb7d6a7300cc23d80a74fbde902d506a4ddc35dc96cc7