The following python decoders were written based on obfuscation observations of different variations of Emotet. I have filled in the example variables with benign data that mimics the malware, this was originally done as a CTF I ran.  I will add more details on these scripts at a later time.

Program

Emotet Decoder 1

This python decoder will work for malware variants that use obfuscation such as described here:

Emotet Decoder 2

This python script will work for DOSfuscation per the following observation of this Hybrid-Analysis run

Emotet Decoder 3

This python script will work for DOSfuscation per the following observation of this app.any.run