ANY.RUNJul 11, 2025

๐Ÿšจ #Ducex is an advanced #Android packer found in Triada #trojan samples. It employs serious obfuscation through function encryption using a modified RC4 algorithm with added shuffling.

๐Ÿ‘จโ€๐Ÿ’ป Explore our technical analysis to see how it works: https://any.run/cybersecurity-blog/ducex-packer-analysis/?utm_source=mastodon&utm_medium=post&utm_campaign=ducex_analysis&utm_term=110725&utm_content=linktoblog

ANY.RUNJul 8, 2025

๐Ÿ‘พ #Ducex is a packer used by #Triada trojan. It stands out due to:
๐Ÿ”น Native code
๐Ÿ”น Encrypted functions & strings
๐Ÿ”น Self-debugging
๐Ÿ”น Signature checks
๐Ÿ”น Frida & Xposed detection

๐Ÿ‘จโ€๐Ÿ’ป Read our technical analysis to see how it works: https://any.run/cybersecurity-blog/ducex-packer-analysis/?utm_source=mastodon&utm_medium=post&utm_campaign=ducex_analysis&utm_term=080725&utm_content=linktoblog

Technical Analysis of Ducex: Packer of Triada Android Malware

Read a technical analysis of the Ducex packer used by Android malware like Triada for obfuscation and analysis evasion.

ANY.RUN's Cybersecurity Blog