Solutions Overview

Solution Search

Solution	Author	SHA256	Difficulty	Tags	Likes	Posted
Extractor for custom PyInstaller executables as seen in PDFly or PDFClick	struppigel	`09474277051fc387a9b43f7f08a9bf4f6817c24768719b21f9f7163d9c5c8f74`	advanced	packed custom wrapper evilai pdf converter pyinstaller		01 Feb 2026
Virut, Unpacking a Polymorphic File Infector, Part I	struppigel	`096607aa89ea6f17e5a815a67b94bc245ecbf18a87705e1dec2f1d85f8350e32`	advanced	packed virut polymorphic virus hooking self-modifying		28 Dec 2025
Virut's Ntdll Hooking and Process Infection, Part 2	struppigel	`096607aa89ea6f17e5a815a67b94bc245ecbf18a87705e1dec2f1d85f8350e32`	advanced	packed virut polymorphic virus hooking self-modifying		28 Dec 2025
Virut's File Infection, Part 3	struppigel	`096607aa89ea6f17e5a815a67b94bc245ecbf18a87705e1dec2f1d85f8350e32`	advanced	packed virut polymorphic virus hooking self-modifying		28 Dec 2025
Writing an Unpacker for a 3-Stage Stub with Emulation via Speakeasy	struppigel	`0ad4f87dfa9b814b78e9db2360a89ea7940fb5ad919637bbaacb1222fb44098d`	medium	emulation peunion write unpacker anti-emulation		31 Dec 2025
Programmatically NOP the Current Selection in Ghidra	larsborn	`0b38ca277bbb042d43bd1f17c4e424e167020883526eb2527ba929b2f0990a8f`	medium	obfuscated rat windows scripting		05 Jan 2026
Programmatically NOP the Current Selection in Ghidra	larsborn	`0b38ca277bbb042d43bd1f17c4e424e167020883526eb2527ba929b2f0990a8f`	easy	obfuscation		13 Jan 2026
Defeating ConfuserEx Anti-Analysis with Hooking	struppigel	`0d7e7c6c1e02f7e5e5d0bf8f191e9d50636e71cabc2b4883d112b0f04da3d9f0`	advanced	string deobfuscation .net		29 Dec 2025
Exploit, steganography and Delphi: unpacking DBatLoader (part #1)	malcat	`13063a496da7e490f35ebb4f24a138db4551d48a1d82c0c876906a03b8e83e05`	easy	loader emulation office cve-2018-0798		04 Jan 2026
Statically unpacking a simple .NET dropper	malcat	`15180ee9f6a8682b24a0d5cb0491bb4e09d457bfab5a24ec1fcb077dab59773b`	easy	.net		04 Jan 2026
A Deep Dive into a Loader-as-a-Service	malwarecakefactory	`161f2a6ecf64dcbbc1616d536cb2ed2e53afc5a4f5deca810b0f55cc82a6b447`	medium	matanbuchus		22 Feb 2026
Use Babel to Deobfuscate JavaScript Malware	larsborn	`1bc77b013c83b5b075c3d3c403da330178477843fc2d8326d90e495a61fbb01f`	advanced	js obfuscated ast control flow gootloader		18 Jan 2026
Zpaq to .NET Downloader to Injector DLL Unpacking	struppigel	`1c33eef0d22dc54bb2a41af485070612cd4579529e31b63be2141c4be9183eb6`	easy	loader stage 1 bloated zpaq		27 Jan 2026
Malware Analysis - Writing X64dbg Unpacking Scripts	struppigel	`20946142795ea4b9fafad9a279e5da0e2f491f567380d7f37570d451f3aa6b8f`	medium	process injection .net upx		27 Dec 2025
C2 Extractor for Turla's Kopiluwak Using Binary Refinery	struppigel	`2299ff9c7e5995333691f3e68373ebbb036aa619acd61cbea6c5210490699bb6`	medium	js macro office apt kopiluwak turla vba		11 Jan 2026
Cutting corners against a Dridex downloader (part #2)	malcat	`277089cb78a9c493cecd8f5fbe70df0577d4f9557fb8b55ff5f7c2505308ca3a`	advanced	obfuscated anti-dumping dridex		04 Jan 2026
Reversing a NSIS dropper using quick and dirty shellcode emulation	malcat	`291df8186e62df74b8fcf2c361c6913b9b73e3e864dde58eb63d5c3159a4c32d`	medium	shellcode emulation config extraction nsis		04 Jan 2026

Page 1 of 4

»