Trainings Samples

Samples

Clear

SHA256	Author	Difficulty	Tags	Goal	Solutions	Comments	Created
`1c33eef0d22dc54bb2a41af485070612cd4579529e31b63be2141c4be9183eb6`	struppigel	easy	loader stage 1 bloated zpaq	This file has an unusual archive format. Figure out how to extract it. Then debloat the sample and determine how [the next stage](https://samplepedia.cc/sample/c2c466e178b39577912c9ce989cf8a975c574d5febe15ae11a91bbb985ca8d2e/80/) is decrypted or decoded. After that continue analysis of [the next stage](https://samplepedia.cc/sample/c2c466e178b39577912c9ce989cf8a975c574d5febe15ae11a91bbb985ca8d2e/80/).	—	0	27 Jan 2026
`56f5623daa470bee190ae0ecd961be8e6df71c8da1ccf7b268fe876b84c183d9`	struppigel	easy	loader msoffice openxml vsto add-in	Where does this file load the next stage from?	3	3	20 Jan 2026
`29325e23a684f782db14a1bf0dc56c65228e666d1f561808413a735000de3515`	struppigel	easy	loader msoffice external template openxml	Where does this file load the next stage from?	2	0	20 Jan 2026
`e7cf02ad880e8ebb37134c5370189bd2620ce1bf60794aa8776db6ccc4d4f0f7`	struppigel	medium	loader d3f@ck jphp jvm stage 2	Decompile the main malware code and figure out where it downloads the next stage. If the download URL is not available anymore, the deaddrop URL will suffice. This ZIP archive is downloaded by this [InnoSetup sample](https://samplepedia.cc/sample/7409250e8be3bdcdaa756faff2150b13677ae066e42cefa52844c87451f6f60d/54/). You may want to start analyzing there.	1	0	09 Jan 2026
`7409250e8be3bdcdaa756faff2150b13677ae066e42cefa52844c87451f6f60d`	struppigel	medium	string deobfuscation loader d3f@ck inno stage 1	Extract the InnoSetup script and decode the strings. Figure out the download URL statically. Afterwards continue with [the next stage](https://samplepedia.cc/sample/e7cf02ad880e8ebb37134c5370189bd2620ce1bf60794aa8776db6ccc4d4f0f7/55/)	1	0	09 Jan 2026
`6f8f1b26324ea0f3f566fbdcb4a61eb92d054ccf0300c52b3549c774056b8f02`	malcat	medium	hta loader macro office	List all the download urls for the next stage using static analysis only. Bonus point if you do not use Excel.	1	0	04 Jan 2026
`13063a496da7e490f35ebb4f24a138db4551d48a1d82c0c876906a03b8e83e05`	malcat	easy	loader emulation office cve-2018-0798	Extract the next stage download url	1	0	04 Jan 2026
`9887f1e95b4e11825941bd207400d1cc1580a7d438969f6c8d8c656551d339e2`	struppigel	easy	loader macro office	Figure out the download URL of this malware with static analysis	2	0	04 Jan 2026
`5bc8b1a067ec4b487e88c2bb93728158633f4fdf22b111d5562cbb4ad3426d30`	struppigel	medium	loader js obfuscated stage 1	Deobfuscate this loader such that you get the download URL.	2	0	04 Jan 2026
`3d1a4b9e37868f54e7e7eb98aae0203e2c50b2977170e0006cd3cbcb071c6b94`	struppigel	medium	lummastealer powershell vbscript hta loader	Build a binary refinery pipeline or CyberChef recipe that extracts the download URL from the loader.	1	0	29 Dec 2025

Page 1 of 1