Python Binary Decoder based on nao-sec's php decoder found here: https://github.com/nao-sec/files/tree/master/RigEK/Binary_Decoder
This script decodes the malware dropped from RigEK (application/x-msdownload).
$ python decoder.py -i [input] -o [output]
RigEK_Decoder is open-sourced software licensed under the MIT License