Malware Reverse Engineering
Debugging, disassembling and documenting interesting malware...
360 topics in this forum
-
Zbot Malware Unpacking
by Pacman- 0 replies
- 4.4k views
Hi everyone, I have tried to unpack the Zbot malware but I cannot fully unpack because packed as Aspack. I have found last loaded dll and import function by setting LoadLibraryA/W and GetProcAddress functions(loaded last dll is ntmarta.dll and last function is GetMartaExtensionInterface). I have continued to exit from unpacking stub. I've reached the marked address and I selected Analyze Code option. Last state, and I was dumping debugged process using OllyDump but this address may not OEP also IAT could not be fully repaired. I cannot progress more. Can you help me please? I have tested known all of techniques. Have you an idea?…
-
- 1 reply
- 4.2k views
I am studying about a virus.The virus hooks the some functions of nt.dll loaded in to the space of explorer.exe.It seemes that the nt.dll loaded by aother process ( say wordpad.exe) may not be hooked by the virus.Is it possible to compare the the two nt.dll address space and locate the hooked apis.I am using windows XP
-
Baldr Stealer Confused
by krown- 1 reply
- 4.4k views
Malware Protected by Confuser modded sample(2).exe
-
Linux binary to exploit
by cjack- 0 replies
- 4.3k views
Hi guys. I have a linux "hacking challenge" x64 binary that is difficult to exploit, you can find it attached to this email. This binary it's vulnerable to buffer overflow + ROP + canary bypass, so will be possible to execute shellcode. The vulnerable input fields are "HOURS WORKED" and "REASON FOR OVERTIME" (this field it's also vulnerable to format string vulnerability, so with an input like %016llX,%016llX,%016llX etc... will be possible to dump the stack and the canary value) Any of you that can give it a look? Thanks a lot guys! (the vulnerable binary it's "vulnelf") vulnelf
-
OSX Bundlore
by JMC31337- 0 replies
- 10.4k views
Grabbed it while cruising around on the iPhone AdobeFlashPlayer_Bundlore.zip
-
How are some malware persistant?
by Videogamer555- 2 replies
- 5k views
For example some malware seem to know when they have been shut down via task manager, and start themselves running again. How does that work? If you stop it from running, it's not running, so it has no code running that can then detect that it's not running. It seems almost like magic.
-
Chinese Spy App
by JMC31337- 0 replies
- 14.5k views
MobileHunter base.apk
-
Evil Gnome
by JMC31337- 0 replies
- 4.2k views
Linux Evil Gnome pass: infected HUGE APT collection with others where this came from at: https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/ 7ffab36b2fa68d0708c82f01a70c8d10614ca742d838b69007f5104337a4b869.zip
-
BIOS Rootkit ?
by kb432- 2 replies
- 6.2k views
How to Implement BIOS BIOS & UEFI based rootkit ? Any sample online or guide ? Thanks
-
this is what a could find and rar up 2 tmp files 1 exe that is really a dll 1 lnk file 1 lnk file (suckme) 1 sys file 1 dll file (suckme) vidnux.com offensivecomputing 4shared it may still yet be incomplete.. so if it is.. lemme know.. there are 2 sys files yet i could only find 1... sites are listed that i found parts of this worm at... rar passwd: infected StuxNet.rar
-
BlackRouter
by JMC31337- 0 replies
- 11.6k views
BlackRouter or variant thereof Also found at https://www.kernelmode.info/forum/viewtopic.php?t=5405 Pass: infected BlackRouter.zip
-
Hidden Bee: Let’s go down the rabbit hole
by Teddy Rogers- 0 replies
- 3.2k views
Hidden Bee: Let’s go down the rabbit hole https://blog.malwarebytes.com/threat-analysis/2019/05/hidden-bee-lets-go-down-the-rabbit-hole/ Ted.
-
Global ATM Malware Wall
by Xyl2k- 3 replies
- 7.6k views
Hi there, With few guys we made a zoo dedicated to malware targeting ATM platforms, as far as i know nobody has made a similar public project so voila. You will find here malwares that specifically targets ATMs, and reports (notice) about them. Files of interest got harvested from kernelmode.info, but also virustotal and various other services and peoples interested about the project. I'm using binGraph, pedump, Python, bintext, for the engine on reports. Some samples exist in 'duplicate' on the wall (we also provide unpacks for few files), if it is the case: it's mentioned on the report. We have hashs who are without references (i mean not associate…
-
Malware Against the C Monoculture
by Teddy Rogers- 0 replies
- 3.7k views
https://research.checkpoint.com/malware-against-the-c-monoculture/ Ted.
-
FujiFuscator malware
by Cursedzx- 1 reply
- 6k views
Can someone please tell me how to remove antidebug and antitamper in this malware. i got all the methods decrypted except the strings. FilestealerMalware.exe
-
- 2 replies
- 4.2k views
Recently i have been studying on malware analysis on my own, as a college student,through books (Practical Malware Analysis),online tutorials (kienmanowar OLLYDBG) and self programming. No experience yet ,but i tried to write a simple keylogger program in C, and i was wondering: How can a keylogger program send data over other network to the Attacker? Assuming the victim's machine has the Internet Connection. I have done some research on C Socket Programming, but it seems like a non-practical way for a real-life keylogger program to achieve this purpose. I would appreciate if someone could give me some keywords, links to related documents,or book name …
-
x86 Linux Parasite
by JMC31337- 0 replies
- 3.8k views
//./gcc -m32 -masm=intel -o file file.c //https://www.cs.bgu.ac.il/~caspl152/wiki.files/ps05_152.pdf\ //One-oh-one on Linux Virii written by herm1t (x) VxHeavens.com, June 2010 //Since Ive now written a parasite in both x86 formats (Win & Lin) //Things need to be said about this knowledge and power //When I 1st began writing viruses (or virii for all those correctedness types //I strove to be as a good as 29A - still i fall short of such titles //I owe my mentor herm1t (and other VXRs) a ton of respect //for putting up with my constant annoyances of every line and piece of new code //added - thanks herm1t for not holding my hand (in facf youre tutorial insists upon …
-
X86 PE Parasite
by JMC31337- 1 follower
- 3 replies
- 6.3k views
//./gcc -masm=intel -mwindows -m32 -o file.exe xfile.c //Run the virus under a debugger (the jmp orig EP only works //after first infection is completed - afterwards all files //will infect and run as normal //it will infect 1 exe file per run in current dir //x86 PE Parasite //WARNING! //For educational purposes and virology analysis ONLY! //The author is not responsible for any damage caused //by this code //NOTE: I took some cheap tactics and tricks to get this //to work and its some real convoluted coding //============virt mem array========= //virtallocAPI* [ebp+0x00] (win7) //findfirstfileAPI [ebp+0x0…
-
Obfuscated Malware Sample
by hex4d0r- 1 reply
- 5k views
Hi all, RDG says It's DotWall Obfuscator but I think its somehow different or I'm too sh*tty to deobfuscate it. I couldn't deobfuscate fully. Could you help about it and tell me how it is different or what i did wrong? Btw It's a malware sample. Thanks in advance. infected.zip
-
How to make a file with a ReverseEngineering
by nimaarek- 1 reply
- 4.7k views
Using Fuzz, I found a vulnerability that was a problem in the file format structure. But because I'm in the test environment I patch the file responsible for checking CRC32 so I can not use exploit outside the test environment. To fix this, I need to create a file in standard file format But there is no documentation of this file extension The only way I have to do is, of course, I think I'll reverse engineer the program that makes this file and create a new file as an exploit. Is this a logical solution? Do you have a better idea?
-
which Malware is expensive
by malware- 5 replies
- 10.4k views
which malware is expensive ? price like 500M or 1B worth malware source code ? I need suggestion i wanna build a career as malware author for govt parties. I will appreciate your suggestion.
-
Recognizing Junk code?
by malware- 6 replies
- 5.1k views
I am looking for and want to learn reverse engineering and recognizing junk code? and cleaning junk code? (reverse engineering binary to C code) Any example?
-
Resources for analyzing malware
by malware- 1 reply
- 4.1k views
I am looking for websites to read malware analysis paper (white paper) or articles? resources to learn and study malware analysis day to day basis. I will appreciate your suggestion and recommendation.
-
- 6 replies
- 4.8k views
Reverse engineering a keylogger (Email based logger) is it possible to to get the email address and Password which is set to get key logs.
-
Where to start malware analysis
by malware- 0 replies
- 3.8k views
how do i start my career as malware analyst? where should i begin?