Unpacking and decryption tools for the Emotet malware by Deep Instinct.
The first tool is a static unpacker for the variants of the Emotet loader listed in Loaders-SHA256.txt. It can extract the encrypted payload from the resource without executing the malware.
The Python scripts reveal the hidden strings and API calls the payload uses. The first one is a standalone script that can be used to extract this information from a large number of payloads. The second one is an IDA plugin. It adds this information as comments in the code.
deepinstinct/DeMotet
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
About
Unpacking and decryption tools for the Emotet malware
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published