XOR Script (Skips NULL bytes “00”)

[Description of XOR Script]

Updated January 2014


I’ve made a script (in python) that can take an XORed (file or string) and will XOR it with a user-defined XOR Key (single-byte or multi-byte). The reason for this is because there is XORed malware out there that is scripted to apply an XOR in various ways .

If you are unfamiliar with the bitwise XOR operation (also known as Exclusive OR, EOR, EXOR) there is a write-up on Wikipedia HERE

There are multiple ways this script will apply the XOR key:

When it runs into either skip a (NULL byte “00”) OR (when XOR key byte = byte to XOR) you can specify it to either:

You can also do the following:

Currently the only output is a raw file.

Things To Do:


Since my entire programming career is based of a few 100-level courses; I know my code is still in need of cleanup. To be honest this is the first script I’ve written in Python as well. Any constructive feedback is very appreciated.

To leave feedback either post a comment, or send an E-mail to interdimensional_shambler@malwerewolf.com.

Code for this can be found here:


 Post details 

 Leave a comment 

Your email address will not be published. Required fields are marked *



 © 2018 -