malware▌

Performs static analysis of Windows PE (Portable Executable) malware samples using PEStudio to examine file headers, imports, strings, resources, and indicators without executing the binary. Identifies suspicious characteristics including packing, anti-analysis techniques, and malicious imports. Activates for requests involving static malware analysis, PE file inspection, Windows executable analysis, or pre-execution malware triage.

Reverse engineers malicious Android APK files using JADX decompiler to analyze Java/Kotlin source code, identify malicious functionality including data theft, C2 communication, privilege escalation, and overlay attacks. Examines manifest permissions, receivers, services, and native libraries. Activates for requests involving Android malware analysis, APK reverse engineering, mobile malware investigation, or Android threat analysis.

Extracts indicators of compromise (IOCs) from malware samples including file hashes, network indicators (IPs, domains, URLs), host artifacts (file paths, registry keys, mutexes), and behavioral patterns for threat intelligence sharing and detection rule creation. Activates for requests involving IOC extraction, threat indicator harvesting, malware indicator collection, or building detection content from samples.

Malware analysis and network traffic techniques for CTF challenges. \n \n Covers script deobfuscation (JavaScript, PowerShell, base64/hex decoding), YARA rule writing, shellcode analysis with Unicorn Engine and Capstone, and memory forensics using Volatility 3 (malfind, process injection detection) \n Includes PE and .NET binary analysis (peframe, dnSpy, AsmResolver), malware configuration extraction, and sandbox evasion detection (VM detection, timing checks, API hashing) \n Provides C2 traffic