Home
dr4k0nia
Cancel

NixImports a .NET loader using HInvoke

A while ago, I released HInvoke, a project showcasing API hashing for managed functions. The initial release was rather basic and lacked desirable features like support for non-static methods. NixI...

Analysing A Sample Of Arechclient2

In this post, I will be going over my process of analyzing a sample of ArechClient2. Including initial analysis, deobfuscation and unpacking of the loader. Followed by the analysis of the .NET payl...

Unpacking RedLine Stealer

In this post, we are going to take a look at Redline Stealer, a well-known .NET based credential stealer. I will focus on unpacking the managed payload and extracting it’s config, for a more detail...

String Obfuscation The Malware Way

Malware authors like to use string obfuscation to make their code harder to analyze and detect. One obfuscation technique is to insert special characters into a string, and then use some code to re...

Encrypting strings in .NET

Implementing custom string encryption for .NET binaries utilizing an XOR-based cipher and AsmResolver. Encrypting strings is a common practice to slow down static analysis or evade automatic analys...

Unpacking OriginLogger Builder

Unpacking OriginLogger Builder OriginLogger is a keylogger that shares a lot of similarities with the well-known Agent Tesla malware. Today I will take a look at their builder and unpack it. A lit...

HInvoke and avoiding PInvoke

A very minimalistic approach of calling .net runtime functions or accessing properties using only hashes as identifiers. It does not leave any strings or import references since we dynamically reso...

Some thoughts on making a crackme

In the last few weeks, I’ve been taking a closer look at crackmes, especially beginner focused ones. And noticed a few things that I think many new developers get wrong. Therefore this is a little ...

Taking a look at AntiDumps

After developing a runtime packer in the last post, I tinkered with anti dumping techniques using PE Header manipulation. In this post I will talk about different approaches and take a look at the ...

Writing a Packer

Taking a detailed look at my .net executable packer Origami, specifically about the runtime and how it works. Also giving some general overview about packing executables. Basic knowledge of C# and ...