├── README.md ├── doc └── EN_emotet_packer_analysis_and_config_extraction_v1.pdf ├── resources ├── cmd.gif ├── gui.gif ├── idc.gif └── usage.png ├── unpacked_sample_idc ├── emotet.unpacked.bin └── emotet.unpacked.idc └── unpacker ├── TitanEngine.dll ├── TitanEngine_x64.dll ├── TitanEngine_x86.dll └── src ├── configuration.py ├── dump_parser.py ├── main.py ├── titan_engine ├── __init__.py └── teSdk.py ├── unpacker.py └── yara ├── emotet_code.yar ├── emotet_rsa_key.yar └── hooks.yar /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d00rt/emotet_research/HEAD/README.md -------------------------------------------------------------------------------- /doc/EN_emotet_packer_analysis_and_config_extraction_v1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d00rt/emotet_research/HEAD/doc/EN_emotet_packer_analysis_and_config_extraction_v1.pdf -------------------------------------------------------------------------------- /resources/cmd.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d00rt/emotet_research/HEAD/resources/cmd.gif -------------------------------------------------------------------------------- /resources/gui.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d00rt/emotet_research/HEAD/resources/gui.gif -------------------------------------------------------------------------------- /resources/idc.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d00rt/emotet_research/HEAD/resources/idc.gif -------------------------------------------------------------------------------- /resources/usage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d00rt/emotet_research/HEAD/resources/usage.png -------------------------------------------------------------------------------- /unpacked_sample_idc/emotet.unpacked.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d00rt/emotet_research/HEAD/unpacked_sample_idc/emotet.unpacked.bin -------------------------------------------------------------------------------- /unpacked_sample_idc/emotet.unpacked.idc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d00rt/emotet_research/HEAD/unpacked_sample_idc/emotet.unpacked.idc -------------------------------------------------------------------------------- /unpacker/TitanEngine.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d00rt/emotet_research/HEAD/unpacker/TitanEngine.dll -------------------------------------------------------------------------------- /unpacker/TitanEngine_x64.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d00rt/emotet_research/HEAD/unpacker/TitanEngine_x64.dll -------------------------------------------------------------------------------- /unpacker/TitanEngine_x86.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d00rt/emotet_research/HEAD/unpacker/TitanEngine_x86.dll -------------------------------------------------------------------------------- /unpacker/src/configuration.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d00rt/emotet_research/HEAD/unpacker/src/configuration.py -------------------------------------------------------------------------------- /unpacker/src/dump_parser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d00rt/emotet_research/HEAD/unpacker/src/dump_parser.py -------------------------------------------------------------------------------- /unpacker/src/main.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d00rt/emotet_research/HEAD/unpacker/src/main.py -------------------------------------------------------------------------------- /unpacker/src/titan_engine/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /unpacker/src/titan_engine/teSdk.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d00rt/emotet_research/HEAD/unpacker/src/titan_engine/teSdk.py -------------------------------------------------------------------------------- /unpacker/src/unpacker.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d00rt/emotet_research/HEAD/unpacker/src/unpacker.py -------------------------------------------------------------------------------- /unpacker/src/yara/emotet_code.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d00rt/emotet_research/HEAD/unpacker/src/yara/emotet_code.yar -------------------------------------------------------------------------------- /unpacker/src/yara/emotet_rsa_key.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d00rt/emotet_research/HEAD/unpacker/src/yara/emotet_rsa_key.yar -------------------------------------------------------------------------------- /unpacker/src/yara/hooks.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d00rt/emotet_research/HEAD/unpacker/src/yara/hooks.yar --------------------------------------------------------------------------------