LukeAcha.com logo LukeAcha.comMalware Analysis & Detection Research

LukeAcha.com

Downloads

Malware analysis tools, decoders, extraction scripts, and deobfuscation utilities.

GitHub Repo

Repo containing YARA, SIGMA and OpenIOC Rules

Downloads

  • Powershell String Format De-obfuscation Lucas Acha

    This decoder written in python will work for malware variants that use obfuscation such as described here:

    Example: string something = String.Format("{4}{2}{3}{1}{0}", "ion", "at", "fu", "sc", "ob");

    To use, simply replace the content in flagindex and flaglist

    Download

  • DOSfuscation Decoder 1 Lucas Acha

    This decoder written in python works to decode cmd/bat file variables which use a custom "alphabet" as shown in this public sample:

    Example:set gevemcijbn=0.iR'x.GLbN872we)1sb"0/Nti gevemcijbn:~2,1%%gevemcijbn:~38,1%%gevemcijbn:~5,1%%

    Download

  • DOSfuscation Decoder 2 Lucas Acha

    This decoder written in python works to decode cmd/bat file variables which use a custom "alphabet" as shown in this public sample:

    Example:set XMY=aKCCwqhCJrGjTzC7WfZ/N &&for %9 in (73;17;66;49;47;58;4;11;

    Download

  • Multibyte XOR Decoder Lucas Acha

    This decoder was written for a CTF where there was a known text key for a multibyte xor encoded image file.

    #For multibyte text based key #xorkey.py -k -f inputfile -o outputfile

    Download