TransWikia.com

How can I de-obfuscate a VBScript (.vbs) file?

Reverse Engineering Asked by Sean W. on August 17, 2021

I have a VBScript (.vbs) file that is a malware dropper. It executes correctly in a commercial malware sandbox. but does not act the same in my manual analysis lab, and I need to figure out why. The script is heavily obfuscated (i.e. not simply using execute), and I don’t know how to begin to analyze it.

So far, i’ve tried the open source tool ViperMonkey, put it failed to trace the script.

Any suggestions?

One Answer

Try running the following from the command line:

cscript /x .malwaresample.vbs

That should open it up in Visual Studios and allow you to step through it.

Answered by Jimmy D on August 17, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP