I can’t help feeling some kind of satisfaction when a friend uses my tools to analyze malware, and hacks his way to a solution when my tool falls short
In this nice blogpost, @bluejay00 analyzes RTF malware with my rtfdump.py tool. But because of obfuscation, rtfdump.py is not able to extract the object. @bluejay00 understands this, deobfuscates the RTF sample with an editor, and is then able to get my tool to work correctly.
I’ll just show how I would have used my translate.py tool to remove the obfuscation:
Article Link: https://blog.didierstevens.com/2017/07/06/i-will-follow-no-not-talking-about-social-media/