Build your own AI based Dynamic Reversing Lab, x64dbg automate YouTube video by MalwareAnalysisForHedgehogs

New Video: Build your own LLM dynamic analysis lab 🦔🎥

➡️ AI debugs and unpacks with x64dbg
➡️ AI can access powershell terminal

www.youtube.com/watch?v=QrWz...

My malware analysis courses have now a new certificate design.

malwareanalysis-for-hedgehogs.learnworlds.com/courses

Added a task for the SugarSMP spark stealer sample to samplepedia

samplepedia.cc/sample/060ed...

Minecraft: SugarSMP's Dark Tale of Scams, Malware & Extortion Some Minecraft players were looking for safe haven away from griefers, but found an elaborate web of malware, deception and extortion.

I wrote an article about SugarSMP Minecraft scams, Spark stealer, extortion and hacked accounts.

After a brief contact to the threat actor, we talked to two victims and followed the trail.

Analysis in collaboration with @rifteyy
#GDATATechblog #GDATA
blog.gdatasoftware.com/2026/03/3839...

Build your own AI Malware Analysis Lab with Remnux YouTube video by MalwareAnalysisForHedgehogs

🦔 📹 Video: Building your own AI Malware Analysis Lab
➡️ old system, 16 GB RAM
➡️ using Remnux
#MalwareAnalysisForHedgehogs #LLM
www.youtube.com/watch?v=YOdu...

Sample: samplepedia.cc/sample/49660...

Related tweet: x.com/struppigel/s...

PKG tool: github.com/struppigel/h...

Malware Analysis - Deobfuscating NodeJs pkg packed stealer MythJs YouTube video by MalwareAnalysisForHedgehogs

🦔 📹 New video: NodeJs analysis when deobfuscator fails
➡️ #MythJs stealer sample
➡️ pkg VFS exploration tool
➡️ js-confuser

#MalwareAnalysisForHedgehogs
www.youtube.com/watch?v=gtLq...

New blog: Using LLMs the right way for malware analysis

💡Tips for building an autonomous AI analysis lab on a 12 yo laptop and getting stuff done faster without loss of accuracy.

blog.gdatasoftware.com/2026/03/3838...

You will find the same malware family with this VT search query:

vhash:087076656d156d05655253z72zff7z11z23z13z93z12b4z11z behaviour_processes:"C:\\Windows\\system32\\cmd.exe /d /s /c \"taskkill /F /IM discord.exe\""

The wallet exfiltration webhook uses a photo of Abdullah Öcalan as its avatar image.

GuvercinInstaller.exe 1/72
#kurdishmyth stealer, NodeJS

➡️Infects discord_desktop_core\index.js
➡️Steals various browser and discord data.
➡️Exfiltrates via discord webhook.

The code references kurdishmyth and mythprivate

www.virustotal.com/gui/file/496...

hedgehog-tools/HijackLoader at main · struppigel/hedgehog-tools Contribute to struppigel/hedgehog-tools development by creating an account on GitHub.

HijackLoader tools are here: github.com/struppigel/h...

Some of them currently only work for the sample we looked at, but I will likely update this.

Usually I only try to publish generic tools, but in this instance I found it useful to do that because of the malware's complexity

Free Games, Costly Consequences, and Loads of Malware The Spanish games platform PiviGames is being abused as a malware distribution hub. This was discovered after someone looked for help on Reddit.

We wrote about HijackLoader. Not exactly a new topic, but certainly an interesting journey.
It provides some tools for HijackLoader too.
blog.gdatasoftware.com/2026/02/3837...

samplepedia.cc update:

You have now a new "My articles" overview (see profile dropdown menu), which allows you to add article drafts and manage articles.

You can decide to publish such a draft as a solution later.

Found a nice trainings sample for analysis of kernel mode rootkits
↓
samplepedia.cc/sample/465dc...

Looks like the dev told an LLM to generate test files for a Shai Hulud detection app.

The LLM complied and generated malicious test files...

github.com/Cobenian/sha...

I created an extraction script for custom PyInstaller applications as seen in suspected EvilAI PDF apps.

Script (modified pyinstxtractor-ng): github.com/struppigel/h...

Article: samplepedia.cc/sample/8c9d9...

#Samplepedia updates

* you can upload images for articles
* view count for samples and articles
* expert difficulty available
samplepedia.cc

anyPDF decompilation - a highly evasive, fully undetected, signed PDF editor bundled with AdClicker Trojan and Spyware In this post, we will decrypt a highly evasive C# malicious sample that is fully undetected and inspect it's source code using dnSpy.

anyPDF malware analysis report

rifteyy.org/report/anypd...

That's very useful, thank you!

Samples are in samplepedia.cc?tag=openxml

Malware Analysis - Malicious MS Office files without Macros YouTube video by MalwareAnalysisForHedgehogs

🦔 📹 New Video: Can office files be malicious without Macros?

➡️ VSTO Add-Ins
➡️ External Templates
➡️ Checklist for Office analysis
#MalwareAnalysisForHedgehogs
www.youtube.com/watch?v=RtHH...

If you like binary refinery, check out this sample
It's also mostly undetected yet on VT:
samplepedia.cc/sample/361f2...

Floxif File Infector with Control Flow Obfuscation Analysis (Stream - 06/01/2026) YouTube video by Invoke RE

@invokereversing.bsky.social is analyzing Floxif with binary ninja
👇
www.youtube.com/watch?v=2F_B...

Samplepedia update: Users can submit their own images with the samples and there is a platform field.

samplepedia.cc

I have created a website, where you can share your sample analysis (via links or posts) and search samples for training based on tags and difficulty.

If you write analysis blogs, you can share them there.
samplepedia.cc

hedgehog-tools/Python helper scripts/monitor_and_dump_changed_files.py at main · struppigel/hedgehog-tools Contribute to struppigel/hedgehog-tools development by creating an account on GitHub.

I added a python script to monitor a folder during dynamic analysis and dump changed files with timestamp

github.com/struppigel/h...

Malware Analysis - RenPy game, finding malware code in 2956 files, Beginner friendly YouTube video by MalwareAnalysisForHedgehogs

🦔 📹New Video: RenPy game loads stealer, beginner friendly
➡️ strategies for finding malware in 2956 files
➡️ extracting and decompiling RenPy
➡️ remote access tool config extraction
➡️ unpacking native payload
#MalwareAnalysisForHedgehogs #RenPy
www.youtube.com/watch?v=Fmfg...

Browser Hijacking: Three Technique Studies If you are searching for technical information on how browser hijacking works, there does not seem to be much out there apart from generic removal instructions. This might be an educational gap we sho...

New blog: Browser Hijacking techniques -- when malware has different preferences than you

www.gdatasoftware.com/blog/2025/11...

#GDATA #GDATATechblog #BrowserHijacking

hedgehog-tools/RenPy at main · struppigel/hedgehog-tools Contribute to struppigel/hedgehog-tools development by creating an account on GitHub.

I added a RenPy archive (.rpa, .rpi) extractor to my tools repo

github.com/struppigel/h...