Live Stream VOD: Reverse Engineering Polyglot Dropper Malware (Patreon)

In this Twitch stream we reverse engineer a dropper that is using a polyglot JPEG file to deliver its second stage payload. 

The mawlare is currently unknown. Submissions to VirusTotal indicate that the original file name was 申博公司服务器采购表.exe which roughly translates to Shenbo company server purchase form.exe

SHA256: 104bd2d33c119d007df2adbc571a3e8cfac722cf1f0b6156ba211f413905e9f4 

When executed the sample downloads a polyglot jpg as a second stage from http[:]//43.129.168[.]248/xlb.jpg

Full notes can be found in our Lab-Notes