Category Archives: DeXRAY

DeXRAY 2.20 update

Posted on by

A massive update to VBN processing thanks to Brian who became de facto Symantec Quarantine files SME. His new code helps to handle even the most obscure VBN samples in our collections so it’s a win-win for DFIR. Thank you Brian!

The latest version of DeXRAY can be downloaded here.

DeXRAY 2.17 update

Posted on by

This is a minor update that fixes an odd bug. When I published the 2.16 I fixed a bug in VBN file recovery. I simply commented out an old code that didn’t work and added one that does work. It turns out that disabling that old code breaks a recovery process of some other VBN files.

I didn’t have a chance to look at what causes it, but I am releasing a version that simply recovers quarantined files using 2 approaches simultaneously, and saves the attempts to 2 different .out files. One of them should always work…

You can find the latest version of DeXRAY here.

If you come across files that DeXRAY cannot decrypt please let me know.