đź“˝ New Video: D3fack loader analysis
➡ Inno Setup pascal script analysis
➡ string deobfuscation with binary refinery
➡ JPHP decompilation
A new Malware as a Service named D3fack Loader ships as Inno Setup in its first stage and continues to download a JPHP executable. JPHP runs on the Java VM but it cannot be compiled by Java decompilers.
How is it possible to reverse engineer this unusual language implementation?
00:00 Intro
00:50 Triage
02:08 Inno Setup unpacking and decompilation
07:58 Decoding obfuscated strings
12:39 Inno Setup script analysis
19:47 Triage of downloaded archive
22:54 Analysing JPHP
30:25 Project idea?
➡ Inno Setup pascal script analysis
➡ string deobfuscation with binary refinery
➡ JPHP decompilation
A new Malware as a Service named D3fack Loader ships as Inno Setup in its first stage and continues to download a JPHP executable. JPHP runs on the Java VM but it cannot be compiled by Java decompilers.
How is it possible to reverse engineer this unusual language implementation?
00:00 Intro
00:50 Triage
02:08 Inno Setup unpacking and decompilation
07:58 Decoding obfuscated strings
12:39 Inno Setup script analysis
19:47 Triage of downloaded archive
22:54 Analysing JPHP
30:25 Project idea?
