Sample
- SHA256
-
3c086e76942fb9fd3d1e4384e9c1228c227c00c78dc29fca512ed95ee919ee5e - Difficulty
- medium
- Platform
- Windows
- Tags
- acrstealer game python renpy
- Likes
- 0
- Views
- 14
- Submitter
- struppigel
Analysis
Goal
This application consists of almost 3000 files. Find proof that the sample is malicious by finding the malicious code. A weird filename with homoglyphs is not enough, nor is behavioral analysis in a sandbox.
Description
RenPy "game", I set the medium difficulty because the payload requires unpacking and loader code might be difficult to find. The loader and payload are mostly non-obfuscated. The execution environment is somewhat unusual but there is tooling
Recommended Tools
ProcMon notepad++ x64dbg
Image
Video
Comments
Please login to view and post comments.