Skip to content
/ expurgar Public

Remove junk bytes from malware binaries

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

martibarri/expurgar

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
img
img
 
 
samples
samples
 
 
.gitignore
.gitignore
 
 
expurgar.py
expurgar.py
 
 
readme.md
readme.md
 
 

Repository files navigation

expurgar

Simple script that helps removing junk bytes included in malware binaries. It's a well-known technique used to avoid ending up in a sandbox analysis.

usage: expurgar.py [-h] -f FILE [-c CHAIN]

[-c CHAIN] is the minimmum number of identical bytes to trigger a chain ( default=80 )

test example

malware example

Real malware sample with different bundled files and with multiple layers of obfuscation.

About

Remove junk bytes from malware binaries

Topics

python3 deobfuscation malware-analysis binary-analysis xxd unpacker reversing junk-cleaner malware-unpacker deobfuscate-scripts

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages