Module refinery.units.obfuscation.vba.brackets
Expand source code Browse git
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import re
from refinery.units.obfuscation import Deobfuscator, StringLiterals
from refinery.lib.patterns import formats
class deob_vba_brackets(Deobfuscator):
_SENTINEL = re.compile(
RF'''(?<![\w"']{{2}})''' # this may be a function call
RF'''\(\s*({formats.vbaint}|{formats.vbastr}|{formats.float})\s*(\S)''',
flags=re.IGNORECASE
)
def deobfuscate(self, data):
strlit = StringLiterals(formats.vbastr, data)
repeat = True
@strlit.outside
def replacement(match):
nonlocal repeat
if match[2] == ')':
repeat = True
return match[1]
while repeat:
repeat = False
data = self._SENTINEL.sub(replacement, data)
return dataClasses
class deob_vba_brackets-
Expand source code Browse git
class deob_vba_brackets(Deobfuscator): _SENTINEL = re.compile( RF'''(?<![\w"']{{2}})''' # this may be a function call RF'''\(\s*({formats.vbaint}|{formats.vbastr}|{formats.float})\s*(\S)''', flags=re.IGNORECASE ) def deobfuscate(self, data): strlit = StringLiterals(formats.vbastr, data) repeat = True @strlit.outside def replacement(match): nonlocal repeat if match[2] == ')': repeat = True return match[1] while repeat: repeat = False data = self._SENTINEL.sub(replacement, data) return dataAncestors
Class variables
var required_dependenciesvar optional_dependencies
Methods
def deobfuscate(self, data)-
Expand source code Browse git
def deobfuscate(self, data): strlit = StringLiterals(formats.vbastr, data) repeat = True @strlit.outside def replacement(match): nonlocal repeat if match[2] == ')': repeat = True return match[1] while repeat: repeat = False data = self._SENTINEL.sub(replacement, data) return data
Inherited members