Malware Reverse Engineering

Malware Database

December 12, 2011 by ramtin

2 replies
5.6k views

Hi anyone know somethings about "Beijing-based KnownSec" that want to share it's malware db? see below link http://www.first.org.../20090703a.html or http://www.cio.co.uk...rity-companies/ please help me to find this database!!!

Last reply by ramtin, December 13, 2011

[ Discussion ] How Anti-Malware Applications Work ?

November 17, 2011 by CodeXpert

1 reply
6.3k views

As descriped above in the title.. How Anti-Malware Applications Work ? How does it find the sign. for specific malware. And a cerious question is how scan works.. It is very fast so it approximately not searching in databases >?! Any comments will be appreciated

Last reply by ramtin, December 12, 2011

W32.Duqu a.k.a. Stuxnet II

October 19, 2011 by PaperBall

10 replies
8.3k views

Anyone have a copy of this new malware that was discovered last week?

Last reply by frank_boldewin, October 29, 2011

The Exception Table hook

October 25, 2011 by STRELiTZIA

0 replies
4.7k views

Using Exception Table hook to spread malicious code, paper by Peter Ferrie. http://pferrie.host22.com/papers/holey.pdf

Last reply by STRELiTZIA, October 25, 2011

Virus reverse engineering

August 18, 2011 by linuscomex

8 replies
7.6k views

Hi all please help me to virus reverse engineering and find virus source code Through reverse engineering

Last reply by chickenbutt, October 23, 2011

.NET/MSIL Malicious Code and AV/Heuristic Engines

July 12, 2011 by CodeExplorer

2 replies
6.6k views

.NET/MSIL Malicious Code and AV/Heuristic Engines />http://www.symantec.com/connect/articles/netmsil-malicious-code-and-avheuristic-engines Nice article; the only thing nice from Symantec

Last reply by chickenbutt, October 23, 2011

rootkit.com archive

July 24, 2011 by lr300

1 reply
6.4k views

Does anyone have any archive of this great site? I've bought Subverting the Windows Kernel book but without sources from site the book is only partially useful. Please help. Thanks in advance.

Last reply by abhijit mohanta, October 12, 2011

IEEE Software Taggant System For Exposing Malware Creators...

August 11, 2011 by Teddy Rogers

12 replies
9k views

IEEE Software Taggant System For Exposing Malware Creators Well... I have been hearing and reading about this everywhere for a while now. Numerous packer and protector developers have already been trumping this up as the bee-all for software developers who use their packer/protector products as a means to stop false positives and at the same time be used to identify/flag stolen or bogus protector licences used on files. For those who do not know (yet) if it becomes standard we may see this being common place. />http://standards.ieee.org/news/2011/icsg_software.html How practical and to what purpose it will end up serving exactly I still have doubts to. Have a read and…

Last reply by deepzero, October 7, 2011

Virus Bulletin Jully 2011

September 9, 2011 by CodeExplorer

0 replies
4.4k views

Virus Bulletin Jully 2011 />http://www.sysreveal.com/uploads/vb/VBJuly2011.pdf

Last reply by CodeExplorer, September 9, 2011

Maleware selfchecking Zeus Bot

August 12, 2011 by ltheonel

2 replies
5k views

Since noboy is interested, thread can be deleted please. zbot.zip

Last reply by Teddy Rogers, September 1, 2011

HITB Magazines

August 24, 2011 by C0M3ND4D0R

0 replies
15.8k views

A collection of (so far) 6 magazines HITB.......on malware analysis and exploiting among other issues free distribution http://magazine.hackinthebox.org/hitb-magazine.html

Last reply by C0M3ND4D0R, August 24, 2011

Malware Using Right to Left Override Unicode

August 21, 2011 by Sina_DiR

6 replies
6k views

This is the new trick in Unicode string that could deceive users to open and exe file that showing pdf txt etc. It could be new way to spammers For more information check out F-Secure analyze: Redirect to F-Secure

Last reply by Sina_DiR, August 22, 2011

How do I get a flash drive infected with stuxnet?

August 18, 2011 by malfreak

1 reply
5.5k views

I downloaded stuxnet from http://tuts4you.com/download.php?view.3011. The files seem valid as I scanned the contents at virustotal. Then I inserted a flash drive and executed the dropper.exe file. According to Microsoft (http://blogs.technet.com/b/mmpc/archive/2010/07/16/the-stuxnet-sting.aspx), the dropper (TrojanDropper:Win32/StuxnetA) should drop the following into the system: Worm:Win32/Stuxnet.A Trojan:WinNT/Stuxnet.A Trojan:WinNT/Stuxnet.B (initially called VirTool:WinNT/Rootkitdrv.HK) Trojan:Win32/Stuxnet.A Worm:Win32/Stuxnet.B Although, it seemed to have triggered some components of stuxnet,(the shortcut and tmp files got hidden, so the rootkit was on its way) I a…

Last reply by deepzero, August 18, 2011

Honeynet Project Challenge 9...

August 17, 2011 by Teddy Rogers

1 reply
4.7k views

Honeynet Project Challenge 9 Submissions to be submitted by September 4th 2011. https://www.honeynet.org/node/751 http://malphx.free.f...es-final.tar.gz Ted.

Last reply by evlncrn8, August 17, 2011

Sophail: A Critical Analysis of Sophos Antivirus

August 5, 2011 by mudlord

0 replies
4.6k views

A nice paper I found on the utter trash that is Sophos.... />http://lock.cmpxchg8b.com/Sophail.pdf Sophail.pdf

Last reply by mudlord, August 5, 2011

Joebox

December 29, 2010 by CodeExplorer

2 replies
7.7k views

Joebox Joebox is an extensive runtime analysis system. It is designed for automatic runtime analysis of malware and other software on Windows based operating systems. Joebox executes a potential malicious program on a full Windows system and observes the behavior of the program during execution. It manages the complete analysis cycle automatically. Link: />http://www.joebox.ch/

Last reply by k5h, July 31, 2011

How Digital Detectives Deciphered Stuxnet...

July 12, 2011 by Teddy Rogers

2 replies
4.6k views

/>http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1 Ted.

Last reply by cozofdeath, July 30, 2011

Patent application title: Heuristic detection of malicious code

July 12, 2011 by CodeExplorer

1 reply
6.2k views

Patent application title: Heuristic detection of malicious code />http://www.faqs.org/patents/app/20090013405

Last reply by metr0, July 12, 2011

Monthly Malware Statistics, June 2011

July 6, 2011 by News Feeder

1 reply
8k views

The following statistics were compiled in June using data from computers running Kaspersky Lab products: 249,345,057 network attacks blocked. View the full article

Last reply by dn5, July 8, 2011

Can i attach a c-file to a c-compiler?

June 21, 2011 by tukki_2020

3 replies
6.6k views

Hey guys, i just want to brainstorm an idea so please be patient. I have made a c-program which writes all the images(rgb content) in a folder to a structure in another c-file( along with the needed code to compile and execute) and deletes the images. Now if i compile and run the new .c-file, i am able to restore these images lets say on providing a password or something. But of-course i need a c-compiler to do the compiling. So i have the question: 1.> I want to make it independent in the sense that i want the compiler to travel with the original exe file and later when needed it compiles the second c-file that contains the structure for the images. Is it possible? t…

Last reply by ghandi, June 28, 2011

How do AV systems find packed Malicious Software

March 1, 2010 by GoJonnyGo

11 replies
10.3k views

Hi there, i am wondering, how antivirus systems can find viruses in packed software. Do they know every unpacking routine and first look at with with protector it is packed and unpack it then to perform a search or do they wait till the exe unpacked itself and is on oep or how does this happen?

Last reply by chickenbutt, May 28, 2011

BlackHole Exploit Kit 1.0.2 - Download !

May 24, 2011 by Guest zikmik

3 replies
7.6k views

First Public Release of BlackHole Exploit Kit. BlackHole exploit kit is yet another in an ongoing wave of attack toolkits flooding the underground market. The kit first appeared on the crimeware market in September of 2010 and ever since then has quickly been gaining market share over its vast number of competitors. In fact, many antivirus vendors now claim that this is one of the most prevalent exploit kits used in the wild. Even Malware Domain List is showing quite a few domains infected with the BlackHole exploit kit. Black Market Cost : Users can purchase the annual license for $1500, semi-annual license for $1000, or just a quarterly license for $700. The license inc…

Last reply by CodeExplorer, May 24, 2011

automated analysis by Comodo

May 22, 2011 by deepzero

0 replies
4k views

just saw that Comodo offers an automated malware analysis service: http://camas.comodo.com/cgi-bin/submitwhich indeed seems to output lots of interesting information.

Last reply by deepzero, May 22, 2011

VM Detecting in malware

May 12, 2011 by Pooya

1 reply
6.7k views

Hi Guys As I've been searching through this topic , I've got some interesting picture aside of VM Fingerprints.... like I/O Backdoor in VMware... but my main question is that how to find a way like VMware Method ? I've read that the more reliable technique for detecting is relying on assembly-level code that behaves differently in VM... so how can I observe this behavior ??? Any little tiny clue would be appreciated Best Regards

Last reply by chickenbutt, May 13, 2011

Paper: Hunting rootkits with Windbg

January 22, 2011 by frank_boldewin

2 replies
7.5k views

Here are the slides to my talk "Hunting rootkits with Windbg" at the Ruhr University of Bochum yesterday. I'll introduce several ways to find well known rootkits like Rustock or TDL Versions 3+4 with Windbg and scripts. Enjoy! Paper The Windbg script shown in the slides to grab Kernelcallbacks can be found here: Windbg Script

Last reply by Pooya, May 11, 2011

Sign In