diff --git a/oletools/olevba.py b/oletools/olevba.py
index 211099e..941d4a0 100644
--- a/oletools/olevba.py
+++ b/oletools/olevba.py
@@ -218,8 +218,9 @@ from __future__ import print_function
 # 2019-04-09       PL: - decompress_stream accepts bytes (issue #422)
 # 2019-05-23 v0.55 PL: - added option --pcode to call pcodedmp and display P-code
 # 2019-06-05       PL: - added VBA stomping detection
+# 2019-09-24       PL: - included DridexUrlDecode into olevba (issue #485)
 
-__version__ = '0.55.dev3'
+__version__ = '0.55.dev4'
 
 #------------------------------------------------------------------------------
 # TODO:
@@ -2201,6 +2202,46 @@ def detect_base64_strings(vba_code):
                 # if an exception occurs, it is likely not a base64-encoded string
     return results
 
+# DridexUrlDecode written by James Habben
+# Originally published on https://github.com/JamesHabben/MalwareStuff
+# included here with James' permission
+# 2015-01-27 Slight modifications from Philippe Lagadec (PL) to use it from olevba
+
+def StripChars (input) :
+    result = ''
+    for c in input :
+        if c.isdigit() :
+            result += c
+    return int(result)
+
+def StripCharsWithZero (input) :
+    result = ''
+    for c in input :
+        if c.isdigit() :
+            result += c
+        else:
+            result += '0'
+    return int(result)
+
+def DridexUrlDecode (inputText) :
+    work = inputText[4:-4]
+    strKeyEnc = StripCharsWithZero(work[(len(work) / 2) - 2: (len(work) / 2)])
+    strKeySize = StripCharsWithZero(work[(len(work) / 2): (len(work) / 2) + 2])
+    nCharSize = strKeySize - strKeyEnc
+    work = work[:(len(work) / 2) - 2] + work[(len(work) / 2) + 2:]
+    strKeyEnc2 = StripChars(work[(len(work) / 2) - (nCharSize/2): (len(work) / 2) + (nCharSize/2)])
+    work = work[:(len(work) / 2) - (nCharSize/2)] + work[(len(work) / 2) + (nCharSize/2):]
+    work_split = [work[i:i+nCharSize] for i in range(0, len(work), nCharSize)]
+    decoded = ''
+    for group in work_split:
+        # sys.stdout.write(chr(StripChars(group)/strKeyEnc2))
+        decoded += chr(StripChars(group)/strKeyEnc2)
+    return decoded
+
+# DridexUrlDecode("C3iY1epSRGe6q8g15xStVesdG717MAlg2H4hmV1vkL6Glnf0cknj")
+# DridexUrlDecode("HLIY3Nf3z2k8jD37h1n2OM3N712DGQ3c5M841RZ8C5e6P1C50C4ym1oF504WyV182p4mJ16cK9Z61l47h2dU1rVB5V681sFY728i16H3E2Qm1fn47y2cgAo156j8T1s600hukKO1568X1xE4Z7d2q17jvcwgk816Yz32o9Q216Mpr0B01vcwg856a17b9j2zAmWf1536B1t7d92rI1FZ5E36Pu1jl504Z34tm2R43i55Lg2F3eLE3T28lLX1D504348Goe8Gbdp37w443ADy36X0h14g7Wb2G3u584kEG332Ut8ws3wO584pzSTf")
+# DridexUrlDecode("YNPH1W47E211z3P6142cM4115K2J1696CURf1712N1OCJwc0w6Z16840Z1r600W16Z3273k6SR16Bf161Q92a016Vr16V1pc")
+
 
 def detect_dridex_strings(vba_code):
     """
@@ -2209,9 +2250,6 @@ def detect_dridex_strings(vba_code):
     :param vba_code: str, VBA source code
     :return: list of str tuples (encoded string, decoded string)
     """
-    # TODO: move this at the beginning of script
-    from oletools.thirdparty.DridexUrlDecoder.DridexUrlDecoder import DridexUrlDecode
-
     results = []
     found = set()
     for match in re_dridex_string.finditer(vba_code):
diff --git a/oletools/thirdparty/DridexUrlDecoder/DridexUrlDecoder.py b/oletools/thirdparty/DridexUrlDecoder/DridexUrlDecoder.py
deleted file mode 100644
index 4c083b3..0000000
--- a/oletools/thirdparty/DridexUrlDecoder/DridexUrlDecoder.py
+++ /dev/null
@@ -1,42 +0,0 @@
-# Written by @JamesHabben
-# https://github.com/JamesHabben/MalwareStuff
-
-# 2015-01-27 Slight modifications from Philippe Lagadec (PL) to use it from olevba
-
-import sys
-
-def DridexUrlDecode (inputText) :
-    work = inputText[4:-4]
-    strKeyEnc = StripCharsWithZero(work[(len(work) / 2) - 2: (len(work) / 2)])
-    strKeySize = StripCharsWithZero(work[(len(work) / 2): (len(work) / 2) + 2])
-    nCharSize = strKeySize - strKeyEnc
-    work = work[:(len(work) / 2) - 2] + work[(len(work) / 2) + 2:]
-    strKeyEnc2 = StripChars(work[(len(work) / 2) - (nCharSize/2): (len(work) / 2) + (nCharSize/2)])
-    work = work[:(len(work) / 2) - (nCharSize/2)] + work[(len(work) / 2) + (nCharSize/2):]
-    work_split = [work[i:i+nCharSize] for i in range(0, len(work), nCharSize)]
-    decoded = ''
-    for group in work_split:
-        # sys.stdout.write(chr(StripChars(group)/strKeyEnc2))
-        decoded += chr(StripChars(group)/strKeyEnc2)
-    return decoded
-
-def StripChars (input) :
-    result = ''
-    for c in input :
-        if c.isdigit() :
-            result += c
-    return int(result)
-
-def StripCharsWithZero (input) :
-    result = ''
-    for c in input :
-        if c.isdigit() :
-            result += c
-        else:
-            result += '0'
-    return int(result)
-
-
-# DridexUrlDecode("C3iY1epSRGe6q8g15xStVesdG717MAlg2H4hmV1vkL6Glnf0cknj")
-# DridexUrlDecode("HLIY3Nf3z2k8jD37h1n2OM3N712DGQ3c5M841RZ8C5e6P1C50C4ym1oF504WyV182p4mJ16cK9Z61l47h2dU1rVB5V681sFY728i16H3E2Qm1fn47y2cgAo156j8T1s600hukKO1568X1xE4Z7d2q17jvcwgk816Yz32o9Q216Mpr0B01vcwg856a17b9j2zAmWf1536B1t7d92rI1FZ5E36Pu1jl504Z34tm2R43i55Lg2F3eLE3T28lLX1D504348Goe8Gbdp37w443ADy36X0h14g7Wb2G3u584kEG332Ut8ws3wO584pzSTf")
-# DridexUrlDecode("YNPH1W47E211z3P6142cM4115K2J1696CURf1712N1OCJwc0w6Z16840Z1r600W16Z3273k6SR16Bf161Q92a016Vr16V1pc")
diff --git a/oletools/thirdparty/DridexUrlDecoder/LICENSE.txt b/oletools/thirdparty/DridexUrlDecoder/LICENSE.txt
deleted file mode 100644
index f29a1c3..0000000
--- a/oletools/thirdparty/DridexUrlDecoder/LICENSE.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-DridexUrlDecoder.py is published by James Habben (@JamesHabben)
-on https://github.com/JamesHabben/MalwareStuff
-without explicit license.
\ No newline at end of file
diff --git a/oletools/thirdparty/DridexUrlDecoder/__init__.py b/oletools/thirdparty/DridexUrlDecoder/__init__.py
deleted file mode 100644
index e69de29..0000000
--- a/oletools/thirdparty/DridexUrlDecoder/__init__.py
+++ /dev/null
diff --git a/setup.py b/setup.py
index 2c45c76..0c65d5a 100644
--- a/setup.py
+++ b/setup.py
@@ -31,6 +31,7 @@ to install this package.
 # 2019-02-26       CH: - add optional dependency msoffcrypto for decryption
 # 2019-05-22       PL: - 'msoffcrypto-tool' is now a required dependency
 # 2019-05-23 v0.55 PL: - added pcodedmp as dependency
+# 2019-09-24       PL: - removed oletools.thirdparty.DridexUrlDecoder
 
 #--- TODO ---------------------------------------------------------------------
 
@@ -50,7 +51,7 @@ import os, fnmatch
 #--- METADATA -----------------------------------------------------------------
 
 name         = "oletools"
-version      = '0.55.dev3'
+version      = '0.55.dev4'
 desc         = "Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR"
 long_desc    = open('oletools/README.rst').read()
 author       = "Philippe Lagadec"
@@ -91,7 +92,6 @@ packages=[
     'oletools.thirdparty.xxxswf',
     'oletools.thirdparty.prettytable',
     'oletools.thirdparty.xglob',
-    'oletools.thirdparty.DridexUrlDecoder',
     'oletools.thirdparty.tablestream',
     'oletools.thirdparty.oledump',
 ]