Skip to content
/ rev_dotnettojscript Public

Extract malicious PE/DLL from dotnettojscript VBA payloads.

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pyperanger/rev_dotnettojscript

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
README.md
README.md
 
 
portable_windows.7z
portable_windows.7z
 
 
rev_dotnettojscript.go
rev_dotnettojscript.go
 
 

Repository files navigation

Extract malicious PE/DLL from dotnettojscript VBA payloads.

^.^ helping u fight the bad guys during malware analysis

Instalation(windows/linux).

$ git clone https://github.com/pyperanger/rev_dotnettojscript.git # or download from github :)
$ cd rev_dotnettojscript && go build .

Windows: Portable version avaiable :)

Usage

Extract HEX payload from VBA code, cast to binary(ex: xxd -r -p payload.cer).

Input is the serialized binary

Usage of ./rev_dotnettojscript:
  -f string
     Filename (the serialized binary)
  -o string
     Output`
After

Now you have the PE/DLL :) tip: use dotPeek or another decompiler to read the new binary

Base64 payload is the same logic.. thx

About

Extract malicious PE/DLL from dotnettojscript VBA payloads.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages