Quantcast
Channel: Reverse Engineering Malware
Browsing all 9 articles
Browse latest View live

Loki-Bot: Come out, come out, wherever you are!

:0
:0
May 6, 2017, 9:35 pm

Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This...

View Article
Search

Defeating the VB5 Packer

:0
:0
June 7, 2017, 11:09 am

In this post, I provide step-by-step instruction on how to unpack an executable that has been packed with a VB5 Packer. I will also cover the bypassing of multiple anti-analaysis controls that were...

View Article

Analyzing Malicious Password Protected Office Documents

:0
:0
June 29, 2017, 11:43 am

Over the past year-or-so, there seems to have been an uptick of miscreants password protecting the malicious office documents that they send to their target victims. They do this in an effort to bypass...

View Article

AutoIt Malware: From Compiled Binary to Plain-Text Script

:0
:0
July 10, 2017, 3:34 pm

AutoIt is yet-another-development-language that malware authors leverage to create and obfuscate their malware. As a matter of fact, AutoIt is so closely associated with malware, that AutoIT's website...

View Article

Loki-Bot: Inside & Out

:0
:0
July 13, 2017, 10:38 am

Everything you've ever wanted to know about Loki-Bot. Includes a Cheat Sheet, IDS signatures, python script, and a link to my 177 page research paper on the subject

View Article

From Emotet, PSDecode is born!

:0
:0
December 15, 2017, 2:22 pm

It’s been way too long since my last post. DEFCON happened, then I got a new job, thanksgiving getaway to San Francisco, got sick (dirty airport people), excuse++. Things are starting to settle down a...

View Article

PSDecode Update: New-Object override + Actions output

:0
:0
December 28, 2017, 2:45 pm

After I published the first iteration of PSDecode, my next goal with the tool was to figure out how to override methods within system classes typically used by malware authors, such as...

View Article

String Hashing: Reverse Engineering an Anti-Analysis Control

:0
:0
February 15, 2018, 1:32 pm

String hashing is a method employed by malware authors to disguise strings that are critical to its (stealthy) execution such as library, function and/or process names. Being able to determine what...

View Article
Search
Image may be NSFW.
Clik here to view.

Manual analysis of new PowerSplit maldocs delivering Emotet

:0
:0
January 5, 2021, 4:46 pm

Wow. It’s been a long time since my last blog post (~ 2 years). The new year has inspired me to dust off some cobwebs and produce a blog post that hopefully someone can learn from. In this post, I’ll...

View Article
Browsing all 9 articles
Browse latest View live
More Pages to Explore .....
Search

Latest Images

Eco Data 4/26/24

Eco Data 4/26/24

April 25, 2024, 5:00 pm
‘Pay day every day’ may become Shangri-La Group, BPOs’ secret to happy employees

‘Pay day every day’ may become Shangri-La Group, BPOs’ secret to happy employees

April 25, 2024, 5:51 am
Nonprofit donates custom home in this East Bay city for Marine injured in...

Nonprofit donates custom home in this East Bay city for Marine injured in...

April 23, 2024, 7:00 am
New private rooms on Tokaido Shinkansen change the way we travel from Tokyo...

New private rooms on Tokaido Shinkansen change the way we travel from Tokyo...

April 22, 2024, 6:00 am
Ukraine bans military from online gambling amid addiction concerns

Ukraine bans military from online gambling amid addiction concerns

April 22, 2024, 5:17 am
ಮಂಡ್ಯದಿಂದ ಸುಮಲತಾ ದೂರ; ಹೆಚ್‌ಡಿಕೆ ಪರ ಪ್ರಚಾರಕ್ಕಿಳಿಯದ ಸಂಸದೆ –ಬರ್ತಾರೆ ನೋಡೋಣ ಎಂದ...

ಮಂಡ್ಯದಿಂದ ಸುಮಲತಾ ದೂರ; ಹೆಚ್‌ಡಿಕೆ ಪರ ಪ್ರಚಾರಕ್ಕಿಳಿಯದ ಸಂಸದೆ –ಬರ್ತಾರೆ ನೋಡೋಣ ಎಂದ...

April 20, 2024, 8:08 pm
OCBC Bank Singapore Offers Up to 2.8% p.a. Fixed Deposit Promotion from 21...

OCBC Bank Singapore Offers Up to 2.8% p.a. Fixed Deposit Promotion from 21...

April 20, 2024, 12:38 pm
National Poetry Month 2024: Maxine Starr

National Poetry Month 2024: Maxine Starr

April 19, 2024, 9:56 am
Vegan Chicken Pot Pie

Vegan Chicken Pot Pie

April 19, 2024, 9:18 am
Firefox UX: On Purpose: Collectively Defining Our Team’s Mission Statement

Firefox UX: On Purpose: Collectively Defining Our Team’s Mission Statement

April 19, 2024, 7:03 am