Karsten Hahn
@struppigel.bsky.social
I created an extraction script for custom PyInstaller applications as seen in suspected EvilAI PDF apps.
Script (modified pyinstxtractor-ng): github.com/struppigel/h...
Article: samplepedia.cc/sample/8c9d9...
Script (modified pyinstxtractor-ng): github.com/struppigel/h...
Article: samplepedia.cc/sample/8c9d9...
February 1, 2026 at 12:23 PM
I created an extraction script for custom PyInstaller applications as seen in suspected EvilAI PDF apps.
Script (modified pyinstxtractor-ng): github.com/struppigel/h...
Article: samplepedia.cc/sample/8c9d9...
Script (modified pyinstxtractor-ng): github.com/struppigel/h...
Article: samplepedia.cc/sample/8c9d9...
#Samplepedia updates
* you can upload images for articles
* view count for samples and articles
* expert difficulty available
samplepedia.cc
* you can upload images for articles
* view count for samples and articles
* expert difficulty available
samplepedia.cc
February 1, 2026 at 5:48 AM
#Samplepedia updates
* you can upload images for articles
* view count for samples and articles
* expert difficulty available
samplepedia.cc
* you can upload images for articles
* view count for samples and articles
* expert difficulty available
samplepedia.cc
🦔 📹 New Video: Can office files be malicious without Macros?
➡️ VSTO Add-Ins
➡️ External Templates
➡️ Checklist for Office analysis
#MalwareAnalysisForHedgehogs
www.youtube.com/watch?v=RtHH...
➡️ VSTO Add-Ins
➡️ External Templates
➡️ Checklist for Office analysis
#MalwareAnalysisForHedgehogs
www.youtube.com/watch?v=RtHH...
Malware Analysis - Malicious MS Office files without Macros
YouTube video by MalwareAnalysisForHedgehogs
www.youtube.com
January 25, 2026 at 7:30 AM
🦔 📹 New Video: Can office files be malicious without Macros?
➡️ VSTO Add-Ins
➡️ External Templates
➡️ Checklist for Office analysis
#MalwareAnalysisForHedgehogs
www.youtube.com/watch?v=RtHH...
➡️ VSTO Add-Ins
➡️ External Templates
➡️ Checklist for Office analysis
#MalwareAnalysisForHedgehogs
www.youtube.com/watch?v=RtHH...
If you like binary refinery, check out this sample
It's also mostly undetected yet on VT:
samplepedia.cc/sample/361f2...
It's also mostly undetected yet on VT:
samplepedia.cc/sample/361f2...
January 23, 2026 at 7:13 PM
If you like binary refinery, check out this sample
It's also mostly undetected yet on VT:
samplepedia.cc/sample/361f2...
It's also mostly undetected yet on VT:
samplepedia.cc/sample/361f2...
Samplepedia update: Users can submit their own images with the samples and there is a platform field.
samplepedia.cc
samplepedia.cc
January 8, 2026 at 4:32 AM
Samplepedia update: Users can submit their own images with the samples and there is a platform field.
samplepedia.cc
samplepedia.cc
I have created a website, where you can share your sample analysis (via links or posts) and search samples for training based on tags and difficulty.
If you write analysis blogs, you can share them there.
samplepedia.cc
If you write analysis blogs, you can share them there.
samplepedia.cc
January 4, 2026 at 5:53 AM
I have created a website, where you can share your sample analysis (via links or posts) and search samples for training based on tags and difficulty.
If you write analysis blogs, you can share them there.
samplepedia.cc
If you write analysis blogs, you can share them there.
samplepedia.cc
I added a python script to monitor a folder during dynamic analysis and dump changed files with timestamp
github.com/struppigel/h...
github.com/struppigel/h...
hedgehog-tools/Python helper scripts/monitor_and_dump_changed_files.py at main · struppigel/hedgehog-tools
Contribute to struppigel/hedgehog-tools development by creating an account on GitHub.
github.com
December 27, 2025 at 9:08 AM
I added a python script to monitor a folder during dynamic analysis and dump changed files with timestamp
github.com/struppigel/h...
github.com/struppigel/h...
🦔 📹New Video: RenPy game loads stealer, beginner friendly
➡️ strategies for finding malware in 2956 files
➡️ extracting and decompiling RenPy
➡️ remote access tool config extraction
➡️ unpacking native payload
#MalwareAnalysisForHedgehogs #RenPy
www.youtube.com/watch?v=Fmfg...
➡️ strategies for finding malware in 2956 files
➡️ extracting and decompiling RenPy
➡️ remote access tool config extraction
➡️ unpacking native payload
#MalwareAnalysisForHedgehogs #RenPy
www.youtube.com/watch?v=Fmfg...
Malware Analysis - RenPy game, finding malware code in 2956 files, Beginner friendly
YouTube video by MalwareAnalysisForHedgehogs
www.youtube.com
December 21, 2025 at 1:02 PM
🦔 📹New Video: RenPy game loads stealer, beginner friendly
➡️ strategies for finding malware in 2956 files
➡️ extracting and decompiling RenPy
➡️ remote access tool config extraction
➡️ unpacking native payload
#MalwareAnalysisForHedgehogs #RenPy
www.youtube.com/watch?v=Fmfg...
➡️ strategies for finding malware in 2956 files
➡️ extracting and decompiling RenPy
➡️ remote access tool config extraction
➡️ unpacking native payload
#MalwareAnalysisForHedgehogs #RenPy
www.youtube.com/watch?v=Fmfg...
New blog: Browser Hijacking techniques -- when malware has different preferences than you
www.gdatasoftware.com/blog/2025/11...
#GDATA #GDATATechblog #BrowserHijacking
www.gdatasoftware.com/blog/2025/11...
#GDATA #GDATATechblog #BrowserHijacking
Browser Hijacking: Three Technique Studies
If you are searching for technical information on how browser hijacking works, there does not seem to be much out there apart from generic removal instructions. This might be an educational gap we sho...
www.gdatasoftware.com
December 15, 2025 at 6:52 AM
New blog: Browser Hijacking techniques -- when malware has different preferences than you
www.gdatasoftware.com/blog/2025/11...
#GDATA #GDATATechblog #BrowserHijacking
www.gdatasoftware.com/blog/2025/11...
#GDATA #GDATATechblog #BrowserHijacking
My colleague Banu wrote about a new infostealer Arkanix
www.gdatasoftware.com/blog/2025/12...
www.gdatasoftware.com/blog/2025/12...
Arkanix: New Infostealer grabs Browser Data, Wifi Logins, Cryptowallets
G DATA researcher Banu Ramakrishnan has discovered a previously undocumented infostealer malware called Arkanix. Learn about the details in the G DATA blog!
www.gdatasoftware.com
December 1, 2025 at 4:13 PM
My colleague Banu wrote about a new infostealer Arkanix
www.gdatasoftware.com/blog/2025/12...
www.gdatasoftware.com/blog/2025/12...
🦔📹 New Video: Modifying string decrypter for a ConfuserEx2 variant
➡️ Defeating antis with Harmony hooks
➡️ AsmResolver
➡️ .NET string deobfuscation
#MalwareAnalysisForHedgehogs
www.youtube.com/watch?v=sARn...
➡️ Defeating antis with Harmony hooks
➡️ AsmResolver
➡️ .NET string deobfuscation
#MalwareAnalysisForHedgehogs
www.youtube.com/watch?v=sARn...
Malware Analysis - Defeating ConfuserEx Anti-Analysis with Hooking
YouTube video by MalwareAnalysisForHedgehogs
www.youtube.com
November 30, 2025 at 11:01 AM
🦔📹 New Video: Modifying string decrypter for a ConfuserEx2 variant
➡️ Defeating antis with Harmony hooks
➡️ AsmResolver
➡️ .NET string deobfuscation
#MalwareAnalysisForHedgehogs
www.youtube.com/watch?v=sARn...
➡️ Defeating antis with Harmony hooks
➡️ AsmResolver
➡️ .NET string deobfuscation
#MalwareAnalysisForHedgehogs
www.youtube.com/watch?v=sARn...
Black Friday offers:
60% off for 2 malware analysis courses (beginner & intermediate)
Or 40% off for single course
malwareanalysis-for-hedgehogs.learnworlds.com/courses
60% off for 2 malware analysis courses (beginner & intermediate)
Or 40% off for single course
malwareanalysis-for-hedgehogs.learnworlds.com/courses
Courses
malwareanalysis-for-hedgehogs.learnworlds.com
November 28, 2025 at 6:41 AM
Black Friday offers:
60% off for 2 malware analysis courses (beginner & intermediate)
Or 40% off for single course
malwareanalysis-for-hedgehogs.learnworlds.com/courses
60% off for 2 malware analysis courses (beginner & intermediate)
Or 40% off for single course
malwareanalysis-for-hedgehogs.learnworlds.com/courses
Lecture on Anti Tamper by Tim Blazytko www.youtube.com/watch?v=hQi9...
SP25: Anti Tamper
YouTube video by mr_phrazer
www.youtube.com
November 22, 2025 at 7:00 AM
Lecture on Anti Tamper by Tim Blazytko www.youtube.com/watch?v=hQi9...
Rhadamanthys loader deobfuscation
cyber.wtf/2025/11/19/r...
cyber.wtf/2025/11/19/r...
Rhadamanthys Loader Deobfuscation | cyber.wtf
cyber.wtf
November 19, 2025 at 12:14 PM
Rhadamanthys loader deobfuscation
cyber.wtf/2025/11/19/r...
cyber.wtf/2025/11/19/r...
I am suggesting a new malware type: the browser remote access tool (BRAT)
It's a form of browser hijacker that remotely controls your browser based on server commands.
Typical form: press key combos for copy-pasting URLs, opening tabs, context menu, downloading files etc
It's a form of browser hijacker that remotely controls your browser based on server commands.
Typical form: press key combos for copy-pasting URLs, opening tabs, context menu, downloading files etc
November 17, 2025 at 11:43 AM
I am suggesting a new malware type: the browser remote access tool (BRAT)
It's a form of browser hijacker that remotely controls your browser based on server commands.
Typical form: press key combos for copy-pasting URLs, opening tabs, context menu, downloading files etc
It's a form of browser hijacker that remotely controls your browser based on server commands.
Typical form: press key combos for copy-pasting URLs, opening tabs, context menu, downloading files etc
For anyone who wants to understand certificates better and how to spot abuse,
this is a great read
certcentral.org/training
this is a great read
certcentral.org/training
November 13, 2025 at 3:12 PM
For anyone who wants to understand certificates better and how to spot abuse,
this is a great read
certcentral.org/training
this is a great read
certcentral.org/training
🦔 📹 Video: Analysis of malicious NordVPN setup
➡️ beginner-suitable
➡️ sorry, no spoilers here ;)
www.youtube.com/watch?v=5-OY...
#MalwareAnalysisForHedgehogs
➡️ beginner-suitable
➡️ sorry, no spoilers here ;)
www.youtube.com/watch?v=5-OY...
#MalwareAnalysisForHedgehogs
Malware Analysis - Trojanized NordVPN Setup, Beginner Sample
YouTube video by MalwareAnalysisForHedgehogs
www.youtube.com
October 26, 2025 at 6:02 AM
🦔 📹 Video: Analysis of malicious NordVPN setup
➡️ beginner-suitable
➡️ sorry, no spoilers here ;)
www.youtube.com/watch?v=5-OY...
#MalwareAnalysisForHedgehogs
➡️ beginner-suitable
➡️ sorry, no spoilers here ;)
www.youtube.com/watch?v=5-OY...
#MalwareAnalysisForHedgehogs
I am looking for good resources for Linux malware analysis, including books and courses.
If you have any recommendations please let me know.
If you have any recommendations please let me know.
October 15, 2025 at 3:33 PM
I am looking for good resources for Linux malware analysis, including books and courses.
If you have any recommendations please let me know.
If you have any recommendations please let me know.
My #VirusBulletin2025 loot 😍
I also met someone from vxunderground and all I got was this lousy sticker
I also met someone from vxunderground and all I got was this lousy sticker
September 30, 2025 at 12:20 PM
My #VirusBulletin2025 loot 😍
I also met someone from vxunderground and all I got was this lousy sticker
I also met someone from vxunderground and all I got was this lousy sticker
Steam game BlockBlasters downloads malware
written by Arvin Tan
#GDATATechblog @GDATA #GDATA
www.gdatasoftware.com/blog/2025/09...
written by Arvin Tan
#GDATATechblog @GDATA #GDATA
www.gdatasoftware.com/blog/2025/09...
Infected Steam game downloads malware disguised as patch
A 2D platformer game called BlockBlasters has recently started showing signs of malicious activity after a patch release on August 30. While the user is playing the game, various bits of information a...
www.gdatasoftware.com
September 22, 2025 at 9:04 AM
Steam game BlockBlasters downloads malware
written by Arvin Tan
#GDATATechblog @GDATA #GDATA
www.gdatasoftware.com/blog/2025/09...
written by Arvin Tan
#GDATATechblog @GDATA #GDATA
www.gdatasoftware.com/blog/2025/09...
My colleague Banu wrote about the connection between AppSuite, OneStart and ManualFinder
www.gdatasoftware.com/blog/2025/09...
www.gdatasoftware.com/blog/2025/09...
AppSuite, OneStart & ManualFinder: The Nexus of Deception
Having taken a look at AppSuite in one of our last articles, we have started pulling on a few loose threads to see where it would take us. It turns out that there are relationships with other maliciou...
www.gdatasoftware.com
September 17, 2025 at 2:30 AM
My colleague Banu wrote about the connection between AppSuite, OneStart and ManualFinder
www.gdatasoftware.com/blog/2025/09...
www.gdatasoftware.com/blog/2025/09...
🦔 📹 New video: What breakpoints to set for unpacking malware?
➡️ Steps of unpacking stub
➡️ Breakpoint targets
➡️ VirtualAlloc from user to kernel mode
#MalwareAnalysisForHedgehogs #Unpacking
www.youtube.com/watch?v=fn8r...
➡️ Steps of unpacking stub
➡️ Breakpoint targets
➡️ VirtualAlloc from user to kernel mode
#MalwareAnalysisForHedgehogs #Unpacking
www.youtube.com/watch?v=fn8r...
Malware Theory - What breakpoints to set for unpacking
YouTube video by MalwareAnalysisForHedgehogs
www.youtube.com
September 8, 2025 at 7:12 AM
🦔 📹 New video: What breakpoints to set for unpacking malware?
➡️ Steps of unpacking stub
➡️ Breakpoint targets
➡️ VirtualAlloc from user to kernel mode
#MalwareAnalysisForHedgehogs #Unpacking
www.youtube.com/watch?v=fn8r...
➡️ Steps of unpacking stub
➡️ Breakpoint targets
➡️ VirtualAlloc from user to kernel mode
#MalwareAnalysisForHedgehogs #Unpacking
www.youtube.com/watch?v=fn8r...