Sample
- SHA256
-
c2c466e178b39577912c9ce989cf8a975c574d5febe15ae11a91bbb985ca8d2e - Difficulty
- medium
- Platform
- Windows
- Tags
- .net encrypted injector packed string deobfuscation purecrypter stage 2
- Likes
- 1
- Views
- 13
- Submitter
- struppigel
Analysis
Goal
This is Gnwwcgocwzl.wav. Decrypt this file based on the previous stage's analysis. Unpack the payload.
Afterwards continue with payload analysis here
Description
This is a .NET based injector of the PureCrypter family, which is obfuscated with Smart Assembly.
It has obfuscated strings and performs process injection to run the payload.
(Note: The payload has a different family)
Recommended Tools
dnspyex powershell
Image
Comments
Please login to view and post comments.