expurgar

Simple script that helps removing junk bytes included in malware binaries. It's a well-known technique used to avoid ending up in a sandbox analysis.

usage: expurgar.py [-h] -f FILE [-c CHAIN]

[-c CHAIN] is the minimmum number of identical bytes to trigger a chain ( default=80 )

test example

Real malware sample with different bundled files and with multiple layers of obfuscation.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
img		img
samples		samples
.gitignore		.gitignore
expurgar.py		expurgar.py
readme.md		readme.md