Malware Reverse Engineering

Does anyone have old Locky sample?

October 23, 2016 by gundamfj

7 replies
5.4k views

So I am doing research on Locky. I notice recent Locky sample doesn't import SMB related API. You may have heard of Locky also tries to encrypt files in network share e.g. printer. So does anyone have old Locky samples(5 months ago)? I got one old sample from one guy in this forum. But that sample crashes on InterlockedIncrement. I could only find recent samples in VirusShare.

Last reply by Noteworthy, October 25, 2016

need help to unpack .NET malware

October 16, 2016 by gundamfj

17 replies
9.3k views

I have this malware(possibly Locky variant), which is packed by an unknown packer(de4dot -d). It looks like it's packed by customized ConfuserEx, but I am not 100% sure(newbie). I have tried using tools like NoFuserEx, de4dot, UnconfuserEx, without any luck. I have this idea: maybe I could pause on some memory management API, e.g. VirtualAlloc and monitor the memory region's size it allocates. If the memory region is enough large to hold the malware actual payload, keep an eye on it, maybe I could finally get the payload. So is there any .NET debugger allowing me to pause on System API like VirtualAlloc? I know I could use debugger like Olly, but if I open…

Last reply by Etor Madiv, October 19, 2016

cerber ransomware reverse question

August 18, 2016 by Guest kinn7s

3 replies
5.9k views

Hi, I'm reversing this ransomware after an interesting reading found surfing the net. hxxps://blog.malwarebytes.com/threat-analysis/2016/03/cerber-ransomware-new-but-mature/ What I'm trying to do is reversing the file encryption routines. Found where key is generated, buffer encrypted ecc. Can't undestand how the key is encrypted and stored into the file! (decrypt the original key) If someone is really interested, I'll share my findings (malware authors read this forum too I guess...) I'm doing this only because it' become a big challange to me and can't move on... sorry for my english

Last reply by Guest, August 20, 2016

I have a malicious dotnet sample

July 29, 2016 by Hacktreides

5 replies
5.8k views

Hello, I have a malicious dotnet sample packer, anyone known the packer type and how to unpack it? I have try de4dot but it's failed. Thank you Dumped.zip

Last reply by 0xNOP, July 31, 2016

Research Rootkit (Linux)

July 25, 2016 by kao

0 replies
4.7k views

https://github.com/NoviceLive/research-rootkit

Last reply by kao, July 25, 2016

Reference a movie? auscultated code!

June 12, 2016 by 0nion

1 reply
5k views

A reference from "black hat' movie 2015. The hacker cracks Encrypted code. How a malware has Encrypted code ended in ? And how to crack that ? Any information or tutorial or article would be appreciated. I do reverse engineer using IDA pro ( static analysis ).

Last reply by crystalboy, June 12, 2016

Guide for Static malware analysis [?]

April 20, 2016 by Cyberwarfare

5 replies
5.6k views

Is there any Ebook or video series or tutorial on Reverse engineering using IDA Pro ( static analysis ) ? I will appreciate your concern ! Thanks

Last reply by XenocodeRCE, April 20, 2016

(Help Request) .Net Protector Identification 1 2

April 2, 2016 by madskillz

25 replies
21.3k views

Hi I tried die , peid , protecton id , rdg , but cannot detect protector. de4dot detected as deepsea , but deobfuscation ws not done. File attached FoxUserTools.zip File can be malware , etc , please use VM , protection. Need packer identification and unpack help. Regards

Last reply by madskillz, April 12, 2016

reversing industrial malwares

February 10, 2016 by Mr.peach

6 replies
5.4k views

Hi all experts I want to know what tools are used to analyze the industrial malwares

Last reply by Mr.peach, February 14, 2016

Reversing an obfuscated java malware

October 7, 2015 by Extreme Coders

1 reply
6.4k views

This document is a small write up demonstrating tools and techniques that can be used while reversing java code. The malware used for this purpose is the AlienSpy RAT (Remote Access Trojan) which has also been attached to this post. The password of the file malware sample.rar is infected. This is live malware. Secure your system before tinkering with it. Additionally, the decompiled source code of the malware has also been provided for study. Reversing an obfuscated java malware.pdf malware sample.rar decompiled malware source.rar

Last reply by crystalboy, January 14, 2016

Reverse Kaspersky Virus Signatures

January 26, 2015 by helderc

4 replies
7.2k views

Does any body know how to reverse Kaspersky virus signatures? I have looking for something like that in the leaked source code, but its huge and I couldnt find anything. Comments are welcome!

Last reply by cLn, November 17, 2015

Which Virtual Machine Software do you prefer? 1 2 3

September 18, 2011 by deepzero

1 follower
61 replies
34.3k views

Hi, I have been using Microsoft VirtualPC for years now. Which Virtualization Software do you prefer?

Last reply by Reasen, November 16, 2015

Tyupkin Malware...or bank's worst nightmare

October 27, 2015 by cucuielu

1 reply
6.2k views

Can anyone fully deobfuscate theese 2 samples? MALWARE!!! It's not meant for regular PC... Tyupkin.zip

Last reply by Xyl2k, October 31, 2015

WinRAR Vulnerability...

September 30, 2015 by Teddy Rogers

6 replies
6.4k views

WinRAR Vulnerability https://blog.malwarebytes.org/security-threat/2015/09/latest-winrar-vulnerability-has-yet-to-be-patched/ Ted.

Last reply by Loki, October 8, 2015

[DecompileMe] Virus found in my PC [.NET]

September 30, 2015 by bomblader

4 replies
6.6k views

Looks like I was infected by some virus, no idea where I got it. It's .NET You have to run it like this in order to run: adobe_flash_player.exe /00000017 Anyone can decompile this and find out what's doing? Looks like a custom obfuscator was used. De4Dot is cleaning it up but strings and other data is still encrypted. Thanks! adobe_flash_player.rar

Last reply by kao, September 30, 2015

The Antivirus Hacker’s Handbook

September 30, 2015 by kao

0 replies
5.6k views

Table of contents: All I can say is that I really enjoyed the book. Get your own copy from hxxp://ifreebooks.com/book/6295/ or your favorite torrent tracker.

Last reply by kao, September 30, 2015

Tutorials About Viruses

September 30, 2015 by CodeExplorer

0 replies
6.6k views

Tutorials About Viruses Link download: http://www82.zippyshare.com/v/GFWYz9g2/file.html Tutorials list: (176 tutorials) 64-bit rugrats.pdf A Survey of Cryptologic Issues in Computer Virology.pdf Advanced Code Evolution Techniques and Computer Virus Generator Kits.pdf Advanced Metamorphic Techniques in Computer Viruses.pdf Advanced Polymorphic Techniques.pdf AGIS- Towards Automatic Generation of …

Last reply by CodeExplorer, September 30, 2015

Reverse malware PDFs

September 26, 2015 by CodeExplorer

0 replies
5.1k views

Reverse malware PDFs, Link: http://repo.hackerzvoice.net/depot_madchat/vxdevl/reverse/

Last reply by CodeExplorer, September 26, 2015

VX Reversing I, the basics & VX Reversing II, Sasser.B

September 26, 2015 by CodeExplorer

0 replies
4.8k views

VX Reversing I, the basics & VX Reversing II, Sasser.B: Tutorials about viruses. VX_Reversing_I&II.zip

Last reply by CodeExplorer, September 26, 2015

Malware Forensics- Investigating and Analyzing Malicious Code

September 25, 2015 by CodeExplorer

0 replies
5.3k views

Malware Forensics- Investigating and Analyzing Malicious Code Link download: http://www97.zippyshare.com/v/JZbv2iGo/file.html

Last reply by CodeExplorer, September 25, 2015

Identifying Malicious Code Through Reverse Engineering

September 23, 2015 by CodeExplorer

0 replies
5.5k views

Identifying Malicious Code Through Reverse Engineering Author: Sushil Jajodia Identifying Malicious Code Through Reverse Engineering.zip

Last reply by CodeExplorer, September 23, 2015

.Net Malware Analyses

September 20, 2015 by CodeExplorer

0 replies
6.9k views

.Net Malware Analyses Malicious download link: http://downloadcsoftware.blogspot.ro/2014/09/download-reaver-pro-wifi-hack-full-crack.html http://pasted.co/21439e76Do not execute the malware!private static void Main() { Running = Assembly.Load(Dew("Bctlx.pryor.resources")); // Dew method return bytes of assembly to be loaded Swagger("Scribe", new object[] { Dew("Myft.pryor.resources"), false, "winini.exe", true, 0 }); while (Threads.Count > 0) { Threads.Dequeue().Join(); } } On Swagger method: private static void Swagger(string name, params object[] values) { Thread item = new Thread(delegate { Type type = Running.GetType("Ax");…

Last reply by CodeExplorer, September 20, 2015

Process replacement question

September 15, 2015 by Pancake

1 reply
5.4k views

Hi. Im about to try proof of concept process replacement technique. I got some questions tho. First of all, when i create process as suspended where it is actually halted? The sections are mapped right, but are improts resolved? (so what comes with it, do i have all the useless import dlls from old process loaded or not) ? Next question is pretty similar. If i create a process from system32, like svchost or lsass and then i replace it with anything from other folder will the improts be properly resolved? Because from what i see, if the replacement exe has some custom dll near it, then loader will look for it inside system32 instead of the replacement process directory, …

Last reply by Kurapica, September 15, 2015

What is the best way for heuristic malware scan, what to check?

June 25, 2015 by rijeka2008

6 replies
6k views

What is the best way for heuristic malware scan, what good AV should check?

Last reply by AcidShout, August 26, 2015

Chinese gang shoots down aerospace security with MSFT flaws

August 10, 2015 by SkyProud

0 replies
4.7k views

http://www.theregister.co.uk/2015/08/06/emissary_panda_apt_group_dell/

Last reply by SkyProud, August 10, 2015

Sign In