Ankur Saini kernelm0de

## decode_colibri.py
import sys, base64

file = open(sys.argv[1], "rb")
data = file.read()

start = b'$OO00O0000='
end = b';eval'

length = int(data[data.find(start) + len(start) : data.find(end)], 16)

## colibri_decoded_strings.txt
check
ping
32bit
update
%s\SysWOW64\regsrv32.exe
%s\System32\regsrv32.exe
/vpnchecker.php
cmd.exe
powershell.exe -windowstyle hidden
runas
	import sys, base64

	file = open(sys.argv[1], "rb")
	data = file.read()

	start = b'$OO00O0000='
	end = b';eval'

	length = int(data[data.find(start) + len(start) : data.find(end)], 16)
	check
	ping
	32bit
	update
	%s\SysWOW64\regsrv32.exe
	%s\System32\regsrv32.exe
	/vpnchecker.php
	cmd.exe
	powershell.exe -windowstyle hidden
	runas