Trainings Samples

Samples

Clear

SHA256	Author	Difficulty	Tags	Goal	Solutions	Comments	Created
`361f20f5843a9d609d42fc17f164eb44ed4f86ae3062e66e978c2c93890f65fd`	struppigel	medium	python packed smokedham	LICENSE.txt was run via > %ALLUSERSPROFILE%\Microsoft\AppUpdate\SystemInfo\UsbService86.exe LICENSE.txt UsbService86.exe has the signer Python Software Foundation Decompile the code, then create a binary refinery pipeline to unpack the next layers. (CyberChef might be an alternative, but I did not check if it has all necessary algorithms)	1	1	23 Jan 2026
`94237eac80fd2a20880180cab19b94e8760f0d1f06715ff42a6f60aef84f4adf`	humpty_tony	medium	python stealer	This post’s goal is to show how you reverse a “boring” stealer by treating the loader chain as the real specimen. Peel multi-stage Python loaders safely: - Identify and undo container transforms (reverse bytes + zlib). - Recognize when crypto code is “almost right” but relies on a modified library (the PyAES GCM mismatch), then swap in a compatible implementation to decrypt without executing. - Deal with Python marshalled bytecode. - Reduce obfuscation to primitives (base64 aliasing, rot13, marshal.loads, LZMA/XZ payloads, BlankOBF patterns), so you can turn “giant blob soup” into discrete stages you can write to disk, identify with file, and decompile. So the analysis goal is basically: build a repeatable methodology for unpacking + staging + version-correct decompilation of Python malware—because that workflow applies to tons of commodity stealers and loaders.	1	1	04 Jan 2026
`3c086e76942fb9fd3d1e4384e9c1228c227c00c78dc29fca512ed95ee919ee5e`	struppigel	medium	acrstealer game python renpy	This application consists of almost 3000 files. Find proof that the sample is malicious by finding the malicious code. A weird filename with homoglyphs is not enough, nor is behavioral analysis in a sandbox.	1	0	26 Dec 2025

Page 1 of 1