![Statically unpacking a simple .NET dropper](https://malcat.fr/blog/statically-unpacking-a-simple-net-dropper/anom.png)
Statically unpacking a simple .NET dropper
Our target is a 2-layers .NET dropper using multiple cipher passes (XOR, AES ECB and AES CBC + PBKDF2) to finally drop a Loki sample. Without even starting a debugger, we will show how to unpack it 100% statically using Malcat's builtin transformations and the python scripting engine.
Read more →