DissectMalware
commented
3 years ago It seems your code is not updated. Please update from new-version branch.
It had still another issue, which I fixed a few seconds ago
Closed Beercow closed 3 years ago
DissectMalware
commented
3 years ago It seems your code is not updated. Please update from new-version branch.
It had still another issue, which I fixed a few seconds ago
DissectMalware
commented
3 years ago Merged new-version branch with master. Update from master and it should work.
Beercow
commented
3 years ago Not sure what is going on on my end. It keeps running and never ends. Seems to be stuck in a loop.
DissectMalware
commented
3 years ago It took me 41 seconds to deobfuscate this sample, please give it some time
DissectMalware
commented
3 years ago Please also make sure that you update xlrd2
pip install -U https://github.com/DissectMalware/xlrd2/archive/master.zip --no-cache
Beercow
commented
3 years ago Please also make sure that you update xlrd2
pip install -U https://github.com/DissectMalware/xlrd2/archive/master.zip --no-cache
That was the issue. Thanks. :-)
CELL:D87 , FullEvaluation , DEFINE.NAME("tyilvtu",19) CELL:D91 , FullEvaluation , NEXT CELL:D77 , FullEvaluation , WHILE(AND(fhosr<vhVS)) -> [True] CELL:D80 , FullEvaluation , DEFINE.NAME("fhosr",20) CELL:D84 , FullEvaluation , SET.VALUE($D$93,"=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))") CELL:D87 , FullEvaluation , DEFINE.NAME("tyilvtu",20) CELL:D91 , FullEvaluation , NEXT CELL:D77 , FullEvaluation , WHILE(AND(fhosr<vhVS)) -> [True] CELL:D80 , FullEvaluation , DEFINE.NAME("fhosr",21) CELL:D84 , FullEvaluation , SET.VALUE($D$93,"=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))=T(CHAR(INT(ZnYWIcb)))") CELL:D87 , FullEvaluation , DEFINE.NAME("tyilvtu",21) CELL:D91 , FullEvaluation , NEXT CELL:D77 , FullEvaluation , WHILE(AND(fhosr<vhVS)) -> [False] Error [deobfuscator.py:2277 parse_tree = self.xlm_parser.parse(formula)]: Unexpected token Token('CMPOP', '=') at line 1, column 45. Expected one of:
[Day of Month] 28
Files:
[END of Deobfuscation] time elapsed: 0.32625532150268555
Hash of file: 07e6ece14527349fae6cb7d6a7300cc23d80a74fbde902d506a4ddc35dc96cc7