Reverse engineered using IDA Pro + Ghidra. Live binaries are in /sample/binaries.zip
Password: infected
Samples are for malware research ONLY. Do not use decompiled versions of the framework to cause harm, I am not responsible for any damages caused. Handle live binaries with care, and use a VM for any dynamic analysis.