Latest Reports

Welcome! On this website you will find a new malware sample analysis every week.

There is no required order to follow. You can simply search for any sample you want to analyze.

The idea is simple: I provide the download link for the sample, and you perform the analysis yourself. You can then read my report and compare it with your results. More information about why this website exists is available on the About page.

ENCRYPTED.ps1

A fully fledged modular infostealer targeting browser, Discord and Mail clients.

ps1 C# InfoStealer Dropping Secondary Payloads Process Hollowing VIPKeyLogger

Updated 9 May 2026

Difficulty Easy

WannaCry - invoice_greenanimals.pdf.exe

The WannaCry-family executable checks a hardcoded kill-switch domain and, if unresolved, encrypts user files, deletes backups, and propagates laterally via SMB while establishing persistence through Windows services and registry modifications. It disables recovery options, uses anti-debugging and service-disguise techniques for stealth, and aggressively scans the internal network to maximize disruption and data loss.

C++ Ransomware Ransomworm Worm Command and Control C2 Communication Command Execution via Powershell Cmd Bash File Encryption Persistence Mechanisms WannaCryptor

Updated 15 February 2026

Difficulty Medium

VenomRAT - ClientAny.exe

A 32-bit C# VenomRAT-style Trojan persists in AppData and decrypts an AES-256 config (RSA-signed) before connecting to a certificate-pinned C2 over TLS. It logs keystrokes, enumerates system info, downloads plugins, and continuously runs anti-analysis checks plus a process-killer to evade inspection.

C# Remote Access Trojan Persistence Mechanisms Command Execution via Powershell Cmd Bash Data-Exfiltration VenomRAT

Updated 15 November 2025

Difficulty Easy