VERY IMPORTANT

This report provides an analysis of Pikabot, a malware loader that emerged in early 2023 and employed advanced string encryption techniques to evade detection. It explains the obfuscation method used by Pikabot, which involved a combination of AES-CBC and RC4 algorithms for encrypting binary strings. The report presents an IDA plugin developed by the authors to assist in binary analysis by automating the process of decrypting Pikabot's obfuscated strings. It outlines the technical approach used in the plugin and provides the source code for the plugin.