Skip to content

XLMMacroDeobfuscator-v0.1.4-beta

Pre-release
Pre-release
Compare
Choose a tag to compare
@DissectMalware DissectMalware released this 30 May 23:28
· 214 commits to master since this release
v0.1.4-beta
c3e8402
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

The following list summarizes the most notable features added in this version:

  1. The following XLM functions are added: ROUND, SET.NAME, DIRECTORY, CONCATENATE, ACTIVE.CELL, SELECT, AND, OR, WHILE, LEN, REGISTER
  2. Dumps shellcodes injected into a process. It interprets the following Windows APIs: VirtualAlloc, WriteProcessMemory, RtlCopyMemory
  3. Guesses the correct day for DAY(NOW()) used for deobfuscating XLM macro.
  4. Supports range addresses
  5. New switches: --with-ms-excel, --password (--no-ms-excel is deprecated)
  6. Bug fixes
Assets 4
Loading