Decoding Malware Payload encoded in a PNG part 2 - "W.H.O.bat"
· β 7 min read · βοΈ suidroot
This post is a sequel to the post covering the sample βBank Statement.bat.β I had received this message before the Bank Statement message, but I found the sample in the previous post was less obfuscated and easier to reverse engineer.
In this post, I will cover the different ways that this sample hid the decoding routes and how I was able to gather the data to run the same decoding script I used before to extract the payload from the PNG data within this sample.