I analyzed a malicious document send by a reader of the Internet Storm Center, and to decode the payload I wanted to use my tool translate.py.
But an option was lacking: I had to combine 2 byte streams to result in the decoded payload, while translate will only accept one byte stream (file, stdout, …).
I solved my problem with a small custom Python script, but then I updated translate.py to accept a second file/byte stream (option -2).
This is how I use it to decode the payload:
translate_v2_5_0.zip (https)
MD5: 768F895537F977EF858B4D82E0E4387C
SHA256: 5451BF8A58A04547BF1D328FC09EE8B5595C1247518115F439FC720A3436519F
Article Link: https://blog.didierstevens.com/2017/07/31/update-translate-py-version-2-5-0/