Malware Analysis [Video] Unpacking Ageostealer built with Electron Framework

Not open for further replies.


Thread author
Staff Member
Apr 9, 2020
I made a short malware analysis instruction video based on the file posted here: Suspicious "game"

We investigate a "game" named crazydown.exe. The application was written in JavaScript and built with Electron Framework resulting in a huge Portable Executable. Where do we find the malware code in a 150 MB application?

Sample: Triage | Malware sandboxing report by Hatching Triage
Asar Plugin: Asar7z
Electron: Introduction | Electron

00:00 Intro, what is Electron Framework
00:50 Triage on VirusTotal
03:44 Unpacking Nullsoft
04:09 Unpacking .asar archive
06:52 Decrypting the JavaScript stealer


Level 42
Honorary Member
Top Poster
Content Creator
Apr 13, 2013
Very nice and informative video! Although I didn't dive deeply into this thingy, an executable that engages in DNS tunneling, packages personal data (Documents, Photos, etc) in an archive,, and also uses a Get Autofills command (among other nasties) is rarely a good thing.

Sandbox Breaker

Level 9
Jan 6, 2022
The process of finding the needle in the haystack is completed by malware analysis pilot @struppigel . In the coming days I will create a new thread where we will look at the distribution and why it went under the radar.
@struppigel Is actually one of my role models. I aspire to be like you. I love your work. The industry needs more like you to make armies like Tridents and Sandbox Breakers and more. Hail @struppigel

Just getting a thanks from you made me JAM.🥳 @struppigel


Level 8
Mar 24, 2016
@struppigel The malware has been updated. Downloaded from the original itchio page, which is marked as suspicious, but you can still download things. Now there are no errors when running the sample. It is detected by Kaspersky by behaviour + domain. Avast missed both, not good(CyberCapture intervened twice, both times deemed safe). I was expecting at least the domain to be blocked, shame...

Last edited:
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.