Desofuscation vbs (cscript.exe)

Some things that could be useful to debug/desofuscate a malicious vbs file:

echo

Wscript.Echo "Like this?"

Commnets

' this is a comment

Test

cscript.exe file.vbs

Write data to a file

Function writeBinary(strBinary, strPath)

    Dim oFSO: Set oFSO = CreateObject("Scripting.FileSystemObject")

    ' below lines pupose: checks that write access is possible!
    Dim oTxtStream

    On Error Resume Next
    Set oTxtStream = oFSO.createTextFile(strPath)

    If Err.number <> 0 Then MsgBox(Err.message) : Exit Function
    On Error GoTo 0

    Set oTxtStream = Nothing
    ' end check of write access

    With oFSO.createTextFile(strPath)
        .Write(strBinary)
        .Close
    End With

End Function

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

desofuscation-vbs-cscript.exe.md

desofuscation-vbs-cscript.exe.md

Desofuscation vbs (cscript.exe)

echo

Commnets

Test

Write data to a file

Files

desofuscation-vbs-cscript.exe.md

Latest commit

History

desofuscation-vbs-cscript.exe.md

File metadata and controls

Desofuscation vbs (cscript.exe)

echo

Commnets

Test

Write data to a file