A Blog about malware and file formats

All articles for category: intermediate
Cutting corners against a Dridex downloader
Cutting corners against a Dridex downloader

When one faces obfuscated code, it is sometimes more efficient to focus on the data instead. By using Malcat's different views and analyses (and a bit of guessing as well), we will show how to statically unpack an excel downloader and the following obfuscated native dropper without (much) reverse engineering.

Read more →