Malware Reverse Engineering
Debugging, disassembling and documenting interesting malware...
359 topics in this forum
-
Live Malware Samples...
by Teddy Rogers- 1 follower
- 18 replies
- 25.9k views
Thought I would start a topic with a list of places to find malware samples. Feel free to post other sources if you have any... and remember live samples will be harmful to your computer so if you don't know what your doing and/or how to work with malware don't read any further for the sake of your own sanity... Malware Domain List : http://www.malwaredomainlist.com/mdl.php Malware Blacklist : http://www.malwareblacklist.com/showMDL.php Ted.
-
.Net Malware Analyses
by CodeExplorer- 0 replies
- 6.8k views
.Net Malware Analyses Malicious download link: http://downloadcsoftware.blogspot.ro/2014/09/download-reaver-pro-wifi-hack-full-crack.html http://pasted.co/21439e76Do not execute the malware!private static void Main() { Running = Assembly.Load(Dew("Bctlx.pryor.resources")); // Dew method return bytes of assembly to be loaded Swagger("Scribe", new object[] { Dew("Myft.pryor.resources"), false, "winini.exe", true, 0 }); while (Threads.Count > 0) { Threads.Dequeue().Join(); } } On Swagger method: private static void Swagger(string name, params object[] values) { Thread item = new Thread(delegate { Type type = Running.GetType("Ax");…
-
- 0 replies
- 6.6k views
.NET malware: De-obfuscation, decryption and debugging - tips and tricks: http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/NET-malware-De-obfuscation-decryption-and-debugging-tips-and/ba-p/6463402#.VRMpDeHUcWE
-
.NET/MSIL Malicious Code and AV/Heuristic Engines
by CodeExplorer- 2 replies
- 6k views
.NET/MSIL Malicious Code and AV/Heuristic Engines />http://www.symantec.com/connect/articles/netmsil-malicious-code-and-avheuristic-engines Nice article; the only thing nice from Symantec
-
(Help Request) .Net Protector Identification 1 2
by madskillz- 25 replies
- 21.3k views
Hi I tried die , peid , protecton id , rdg , but cannot detect protector. de4dot detected as deepsea , but deobfuscation ws not done. File attached FoxUserTools.zip File can be malware , etc , please use VM , protection. Need packer identification and unpack help. Regards
-
[ BBC Tech ] Massive cyber-attack discovered
by News Feeder- 10 replies
- 7.2k views
A cyber-attack which has covertly collected vast amounts of sensitive data from countries like Israel and Iran has been uncovered, Russian researchers say. View the full article
-
[ Discussion ] How Anti-Malware Applications Work ?
by CodeXpert- 1 reply
- 5.7k views
As descriped above in the title.. How Anti-Malware Applications Work ? How does it find the sign. for specific malware. And a cerious question is how scan works.. It is very fast so it approximately not searching in databases >?! Any comments will be appreciated
-
[DecompileMe] Virus found in my PC [.NET]
by bomblader- 4 replies
- 6.6k views
Looks like I was infected by some virus, no idea where I got it. It's .NET You have to run it like this in order to run: adobe_flash_player.exe /00000017 Anyone can decompile this and find out what's doing? Looks like a custom obfuscator was used. De4Dot is cleaning it up but strings and other data is still encrypted. Thanks! adobe_flash_player.rar
-
[HelpMe] pyArmor Obfuscated Malware
by rhythm- 2 followers
- 3 replies
- 9.3k views
Somebody has any suggestion for decompiling pyArmor Obfuscated code (main.pyc)? I have not experience in python decompiling. Someone attacked our entities with this malware and I want to study the actual malicious code. You can download this malware at ... https://app.any.run/tasks/0fea95f7-25cf-4b7a-b26b-f26ac4f1995d/ Malware Source: https://www.adobe-flash-player.cc/down/flash_installer.exe main.pyc
-
[Opinion] Way to understand computer virus.
by Edieneo- 5 replies
- 6.7k views
Since I'm Taking Programming Course , I'm Interested With Virus Stuff. I Hope You Guys Have Any Introduction Or Reference That I Can Follow To Successful My Point.?
-
- 1 follower
- 2 replies
- 4.4k views
I've looked on this forum, other forums, I have googled, and used stack overflow but nothing useful seems to come out of it. I was wondering if any of you guys know a way to get the complete source code of a dll that is written is C++. Thank you.
-
- 1 follower
- 0 replies
- 1.7k views
Hi all, this is my analysis of Disk Knight, an old usb-spread worm (written in VB6) from 2007 that I first encountered at my school PC Lab around that time. ENGLiSH VERSiON: https://lucadamico.dev/papers/malware_analysis/DiskKnight.pdf iTALiAN VERSiON: https://lucadamico.dev/papers/malware_analysis/DiskKnight_ITA.pdf I'm also attaching both PDF files here, just in case. I'm more interest in old-school malware that have an interesting background history behind them (for example, Disk Knight became a worm due to some programming errors), have nice/funny (or scarry) payloads or are motivated by some weird physicological reasons: in other wor…
-
{MProtect - Share knowledge
by only me- 2 replies
- 10.2k views
Hi All , most of malware analyst gets a pain from VMProtect packing as I hear:), I am new to this area and I was starting my search about this packing. Could you please share your method to dial with this packing.
-
0day Wednesday – Newish Malware That Came Across My Desk...
by Teddy Rogers- 1 reply
- 5.6k views
0day Wednesday – Newish Malware That Came Across My Desk... http://www.gironsec.com/blog/2013/12/0day-wednesday-newish-malware-that-came-across-my-desk/ Malware sample can be found here: http://www.gironsec.com/blog/wp-content/uploads/2013/12/0daywednesday.7z Ted.
-
29A INC files
by CodeExplorer- 2 replies
- 6k views
29A INC files - virus source ASM Link: />http://vx.org.ua/29a/29a-2/29a-2.3_3
-
90$ XSS Worm Project
by tibe87- 4 replies
- 30.8k views
Introduction This is a school project (educational purpose), so I don't care about hacking any website. Its a bit over my head so thats why I am posting this project.Basically I need to reproduce the ''Samy worm'' known also as "myspace worm" in a controlled environment. Requierements For starters I need a "mini" myspace/facebook to test the worm. To make it simpler , there are some free social networks available like Ellg, Oxwall that you can use. (I have an old version of Oxwall already vulnerable to basic XSS) Or you can make it vulnerable yourself by editing it. (I know for sure that this is possible) Or maybe its easier for you to build it from scratch implementin…
-
- 0 replies
- 5.5k views
This blog post discussed the details of analysing some .net malware: http://blogs.cisco.com/security/talos/reversing-multilayer-net-malware
-
A Good Ebooks & Documents
by Amer- 2 replies
- 6.2k views
Hi, I found a very useful library belongs to Malicious Software Research. I apologize in advance if this post is illegal for the forum rulls http://www.vxheaven.org/lib/pdf
-
A worm virus
by as1- 10 replies
- 7.3k views
As you can understand I have a worm virus on my computer, iI have used Ad-Aware,Malware Bytes,Security Task Manager and Windows Defender and non of them can effectively remove the virus entirely. There's one file that I know exists but have no way of deleting it (my version of Security Task Manager isnt registered so I can't remove drivers and DLLs....can't find a registered one). The file I cant delete is called afmain0.dll and I its the reason why i keep getting other worm-like viruses for a week now... is there anything I can do besides formating the hard-drive?
-
Ace Translator - scam software in all its entirety
by CodeExplorer- 1 reply
- 6.3k views
Link to tutorial: http://www.plunder.com/-download-45f2240fd7.htm Link to discussions regarding this: http://snd.astalavista.ms/board/index.php?...c=2288&st=0 Ace Translator use google free service for translating so this program is a joke and whit no contribution at all. Also under the "cracked" version it will grab all you information (include your email addresses from outlook) and send it to a server - they already grab my own useless information. After that they send you some warning emails (at email addresses from outlook): just a scare tactic to make another sale.
-
Activities regarding malwares
by CodeExplorer- 0 replies
- 4.6k views
A blog about activities, products and ideas regarding malwares: http://sunbeltblog.blogspot.com/2007_12_01_archive.html Criminals try to 'copyright' malware: http://www.msnbc.msn.com/id/24394270/ Conficker Malware to Return April 1: http://itmanagement.earthweb.com/secu/arti...urn-April-1.htm Websense: Cybercriminals Imitating Social Networks To Spread Malware: http://www.darkreading.com/security/client...client+security
-
- 1 reply
- 4.8k views
Link: http://www.kishorethakur.com/2008/12/advan...-forensics.html Here are a few quick steps for performing malware analysis on various badware (viruses, works, trojans, rootkits) that you may find in the course of a computer forensics investigation. In this case, I'm analyzing a variant of Sohanad, a Instant Messaging Worm, also known as "the cool pics worm".
-
All network traffic sniffer
by R4ndom- 5 replies
- 6.4k views
I think I may have a rootkit or keylogger on my other computer and I'm wondering if someone can recommend a good program to see ALL data that leaves your computer over a wired network, sort of like what wireshark does for wifi. It doesn't need to be complicated, just something that shows me every bit that goes over the wire so I can see if there is suspicious data flowing from my computer. I tried running the rootkit detection software out there but it doesn't work very well for 64-bit windows. Thanks for you help.
-
Am I infected?
by Victor- 7 replies
- 6.9k views
Any more information needed just ask. Thanks in advance.
-
An Insight into the Aurora Communication Protocol
by Teddy Rogers- 3 replies
- 5.4k views
/>http://www.avertlabs.com/research/blog/index.php/2010/01/18/an-insight-into-the-aurora-communication-protocol/ Ted.
