Video: De-DOSfuscation Example

Published: 2018-12-29
Last Updated: 2018-12-29 19:45:23 UTC
by Didier Stevens (Version: 1)
0 comment(s)

I created a video showing how to de-obfuscate a DOSfuscated PowerShell command obtained from a maldoc I analyzed in diary entry "De-DOSfuscation Example":

This is the obfuscated command:

In the video, I rely mainly on my tool numbers-to-string to do the de-obfuscation.

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

0 comment(s)

Comments


Diary Archives