#APT #MuddyWater
alpha1 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
alpha2 = 'NOPQRSTUVWXYZABCDEFGHIJKLMnopqrstuvwxyzabcdefghijklm'
fileName = 'C:\\Users\\xxx\\Desktop\\malware\\MuddyWater.txt'
outfileName = 'C:\\Users\\xxx\\Desktop\\malware\\MuddyWater_decode.txt'
def decode(strEnc):
return strEnc.translate(str.maketrans(alpha2, alpha1))#rot13
if __name__ == '__main__':
with open(outfileName, "w+", encoding='utf-8') as file:
with open(fileName) as f:
content = f.readlines()
for line in content:
pattern1 = re.compile('function \w+')
result1 = pattern1.findall(line)
if result1 != []:
result = result1[0].split('function ')[1]
rot13 = decode(result)
line = line.replace(result,rot13)
#line = re.sub( result, rot13, line, count=0, flags=0)#替换
#print(line)
pattern2 = re.compile('\$\w+')
result2 = pattern2.findall(line)
if result2 != []:
for value in result2:
rot13_1 = decode(value)
line = line.replace(value,rot13_1)
#line = re.sub(value, rot13_1, line, count=0, flags=0)#替换
#print(line)
file.write(line)
file.flush()
f.close()
file.close()