A Blog about malware and file formats

All articles for category: easy
Statically unpacking a simple .NET dropper
Statically unpacking a simple .NET dropper

Our target is a 2-layers .NET dropper using multiple cipher passes (XOR, AES ECB and AES CBC + PBKDF2) to finally drop a Loki sample. Without even starting a debugger, we will show how to unpack it 100% statically using Malcat's builtin transformations and the python scripting engine.

Read more →