A Blog about malware and file formats

All articles for category: office
Cutting corners against a Dridex downloader

Cutting corners against a Dridex downloader

Sun 13 March 2022
When one faces obfuscated code, it is sometimes more efficient to focus on the data instead. By using Malcat's different views and analyses (and a bit of guessing as well), we will show how to statically unpack an excel downloader and the following obfuscated native dropper without (much) reverse engineering.
Read more →