> Family · Unclassified .NET PE32 Malware_

~/packetpursuit $ cat /intel/families/unclassified-pe32-dotnet.md

typeentityconfidencelowcreated2026-06-02updated2026-06-02dotnetobfuscationloaderinfostealer

Unclassified .NET PE32 Malware

Umbrella label for .NET Framework PE32 binaries where family attribution is not possible from static analysis alone. Observed specimens are typically obfuscated with commercial protectors (SmartAssembly, Xenocode, Dotfuscator) and use manifest resource streams for payload delivery.

Capabilities

  • dotnet-manifest-resource-decryption
  • aes-base64-payload-decryption
  • process-spawn-vb-shell
  • version-info-masquerade