Latest Reports

Welcome! On this website you will find a new malware sample analysis every week.

There is no required order to follow. You can simply search for any sample you want to analyze.

The idea is simple: I provide the download link for the sample, and you perform the analysis yourself. You can then read my report and compare it with your results. More information about why this website exists is available on the About page.

WannaCry - invoice_greenanimals.pdf.exe

The WannaCry-family executable checks a hardcoded kill-switch domain and, if unresolved, encrypts user files, deletes backups, and propagates laterally via SMB while establishing persistence through Windows services and registry modifications. It disables recovery options, uses anti-debugging and service-disguise techniques for stealth, and aggressively scans the internal network to maximize disruption and data loss.

C++ Ransomware Ransomworm Worm Command and Control C2 Communication Command Execution via Powershell Cmd Bash File Encryption Persistence Mechanisms WannaCryptor

Updated 15 February 2026

Difficulty Medium

VenomRAT - ClientAny.exe

A 32-bit C# VenomRAT-style Trojan persists in AppData and decrypts an AES-256 config (RSA-signed) before connecting to a certificate-pinned C2 over TLS. It logs keystrokes, enumerates system info, downloads plugins, and continuously runs anti-analysis checks plus a process-killer to evade inspection.

C# Remote Access Trojan Persistence Mechanisms Command Execution via Powershell Cmd Bash Data-Exfiltration VenomRAT

Updated 15 November 2025

Difficulty Easy

Claim_732989680_03292021.xlsm

Excel workbook with hidden sheets that download and execute three DLLs from three different IP addresses.

vbscript xml Malicious Macros in Office Documents Dropping Secondary Payloads

Updated 25 October 2025

Difficulty Easy