277089cb78a9c493cecd8f5fbe70df0577d4f9557fb8b55ff5f7c2505308ca3a

Metadata

SHA256: 277089cb78a9c493cecd8f5fbe70df0577d4f9557fb8b55ff5f7c2505308ca3a
Difficulty: advanced
Platform: Windows
Tags: anti-dumping dridex obfuscated
Likes: 1
Views: 4
Submitter: malcat

Analysis

Goal

Extract the final Dridex downloader payload using static analysis.

Description

Since this samples uses code obfuscation, a good strategy there is to focus on the data first (i.e. the encrypted payload), and then make your way backward to the decryption routines. Also a small added difficulty: PE headers are somewhat trashed!

Recommended Tools

malcat

Solutions

Cutting corners against a Dridex downloader (part #2) Reference by malcat

Sample