Sample
- SHA256
-
361f20f5843a9d609d42fc17f164eb44ed4f86ae3062e66e978c2c93890f65fd - Difficulty
- medium
- Platform
- Windows
- Tags
- packed python smokedham
- Likes
- 0
- Views
- 2
- Submitter
- struppigel
Analysis
Goal
LICENSE.txt was run via > %ALLUSERSPROFILE%\Microsoft\AppUpdate\SystemInfo\UsbService86.exe LICENSE.txt
UsbService86.exe has the signer Python Software Foundation
Decompile the code, then create a binary refinery pipeline to unpack the next layers.
(CyberChef might be an alternative, but I did not check if it has all necessary algorithms)
Description
This sample is a great beginner sample for training binary refinery.
I did not test if it can decompile the code, because I used an external tool for that, but it can do all of the following layers in one pipeline without any complicated tricks.
Tip: If you have trouble with aes, check for an alternative binref unit.
Recommended Tools
binary refinery cyberchef
Image
Comments
Please login to view and post comments.