Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan Matrix ThePornDude
Home Artists Posts Import Register
Patreon importer is back online! Tell your friends ✅

Live Steam VOD: RansomHouse Part 2 - PE Rebuilding (Patreon)

Published:
2024-06-27 14:00:12
Imported:
Tags:

Content

This is the second part in our analysis of RansomHouse ransomware loader. In this stream we rebuild a custom PE format used by the loader.

Sample

acf361296c9e1cf5b4ceff11e1790c57e6e1d753df9bef087aadad256dc5a123

No notes, just pure RE and chill 🍹👾

Files

Live Steam VOD: RansomHouse Part 2 - PE Rebuilding

Comments

Karsten Hahn

Using IMAGE_NT_HEADERS64 instead of IMAGE_NT_HEADERS would have fixed the misaligned access to the data directory