XLMMacroDeobfuscator

XLMMacroDeobfuscator copied to clipboard

I came across older QakBot dropper sample that randomly selects values using calls to RANDBETWEEN to build URLs. Of course when using xlmdeobfuscator, the same outcome is generated each time, as expected.

When running xlmdeobfuscator -x, although the various possible URL components are displayed, the calls to RANDBETWEEN are omitted from the output. I think those would be good to have in the output. Can you make some changes so those calls are included when -x is used? Also curious about what other things you think could be improved, if any, as I very new to XLM macros.