Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Decoder for the obfuscated strings from malware: ef0cb0a1a29bcdf2b36622f72734aec8d38326fc8f7270f78bd956e706a5fd57
#include <iostream>
#include <Windows.h>
char* decode_string(const char *a1)
{
const BYTE *enc_str = (BYTE*)a1;
signed int enc_len = strlen(a1);
BYTE *v4;
int v5;
signed int v6;
BYTE *result = (BYTE*) malloc(enc_len + 1);
if (enc_len <= 0)
{
*result = 0;
}
else
{
v4 = result;
v5 = enc_str - result;
v6 = enc_len;
do
{
*v4 = v4[v5] - 1;
++v4;
--v6;
} while (v6);
result[enc_len] = 0;
}
return (char*) result;
}
int main(int argc, char *argv[])
{
if (argc < 2) {
std::cout << "Decoder for the encoded string from malware:\nSHA256: ef0cb0a1a29bcdf2b36622f72734aec8d38326fc8f7270f78bd956e706a5fd57\n";
std::cout << "Args: <encoded string>\n";
system("pause");
return 0;
}
char *my_str = argv[1];
char *dec = decode_string(my_str);
std::cout << dec << std::endl;
int len = strlen(dec);
free(dec);
return len;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment