Skip to content

Instantly share code, notes, and snippets.

Karsten Hahn katjahahn

View GitHub Profile
View dedosfuscator.py
import sys
import re
if len(sys.argv) <= 1: exit()
scriptpath = sys.argv[1]
with open(scriptpath, 'r') as scriptfile:
script = scriptfile.read().replace('^', '')
p = re.compile('\([Ss][Ee][Tt][^=]+=([^&]+)&&')
s = p.search(script)
@katjahahn
katjahahn / Petna.txt
Last active Jul 3, 2017
Petna / Eternalblue Petya
View Petna.txt
Petna / Eternalblue Petya
-------------------------
Hashes:
Main DLL: 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745
Hashes below via McAfee article: https://securingtomorrow.mcafee.com/mcafee-labs/new-variant-petya-ransomware-spreading-like-wildfire/
Main DLL: 64b0b58a2c030c77fdb2b537b2fcc4af432bc55ffb36599a31d418c7c69e94b1
PSEXEC.EXE: f8dbabdfa03068130c277ce49c60e35c029ff29d9e3c74c362521f3fb02670d5
64-bit EXE: 02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f
32-bit EXE: eae9771e2eeb7ea3c6059485da39e77b8c0c369232f01334954fbac1c186c998
You can’t perform that action at this time.