Sample

Metadata

SHA256: 7409250e8be3bdcdaa756faff2150b13677ae066e42cefa52844c87451f6f60d
Difficulty: medium
Platform: Windows
Tags: d3f@ck inno string deobfuscation loader stage 1
Likes: 1
Views: 2
Submitter: struppigel

Analysis

Goal

Extract the InnoSetup script and decode the strings. Figure out the download URL statically.
Afterwards continue with the next stage

Description

This is d3f@ck loader.

D3f@ck Loader ships as Inno Setup in its first stage and continues to download a JPHP executable.
This is the first stage. The next stage is this ZIP archive here

Recommended Tools

inno setup decompiler innounp binary refinery

Solutions

D3f@ck Loader from Inno Setup to JPHP Reference by struppigel

Image

Video

Solution by struppigel: D3f@ck Loader from Inno Setup to JPHP

Comments

Please login to view and post comments.