Fireeye made a white paper on cmd.exe command obfuscation (DOSfuscation). We deobfuscate a malware sample that uses techniques described in their paper.
Malware analysis courses: https://malwareanalysis-for-hedgehogs.learnworlds.com/courses
Buy me a coffee: https://ko-fi.com/struppigel
Follow me on Twitter: https://twitter.com/struppigel
Dosfuscation white paper: https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/dosfuscation-report.pdf
Sample VirusBay: https://beta.virusbay.io/sample/browse/60ae52600db539ccbf48ca18072a1c2c
Deobfuscation script: https://gist.github.com/katjahahn/c8fb092622e8c5c869fd18ac5489f8e0
GData article: https://www.gdatasoftware.com/blog/2018/07/30924-g-data-analysis-discovers-dosfuscation-in-the-wild
Notepad++: https://notepad-plus-plus.org/
Python: https://www.python.org/
