I analyzed a malicious document send by a reader of the Internet Storm Center, and to decode the payload I wanted to use my tool translate.py.
But an option was lacking: I had to combine 2 byte streams to result in the decoded payload, while translate will only accept one byte stream (file, stdout, …).
I solved my problem with a small custom Python script, but then I updated translate.py to accept a second file/byte stream (option -2).
This is how I use it to decode the payload:
Article Link: https://blog.didierstevens.com/2017/07/31/update-translate-py-version-2-5-0/