Sample

Metadata

SHA256: 0b38ca277bbb042d43bd1f17c4e424e167020883526eb2527ba929b2f0990a8f
Difficulty: medium
Platform: Windows
Tags: obfuscated rat scripting windows
Likes: 1
Views: 2
Submitter: larsborn

Analysis

Goal

Circumvent unnecessary API calls by NOPing them out

Description

Write a script to automate the process, the following Ghidra APIs currentSelection, clearListing, and setByte might come in handy.

Recommended Tools

ghidra

Solutions

Programmatically NOP the Current Selection in Ghidra Reference by larsborn

Comments

Please login to view and post comments.