Josh StroscheinDec 2, 20201 min readEmotet Maldoc Analysis – Embedded DLL and CertUtil for Base64 DecodingOn 11/10/2020, AnyRun posted an Emotet maldoc that utilized CertUtil to decode a DLL payload that was used for unpacking and running the...