Malware Reverse Engineering

364 topics in this forum

1. 

   Trojan.Zhelatin.Pk Reverse Engineering

   November 2, 2008 by evilcry

   • 4 replies
   • 6.4k views

   Hi, I've released a paper on Trojan.Zhelatin.pk RCE Analysis, that can be downloaded here: http://evilcry.netsons.org/tuts/Mw/Zhelatin.pdf Have a nice read.. Regards, Giuseppe 'Evilcry' Bonfa'

   

   Last reply by evilcry, November 13, 2008
2. 

   Rustock C The Beast

   June 8, 2008 by evilcry

   • 16 replies
   • 9.8k views

   Hi, Rustock C is definitely the most powerful advanced rootkit for Windows ever seen, the Pure Evil Here some papers about it http://info.drweb.com/show/3342/en http://www.rootkit.com/newsread.php?newsid=879 http://blog.threatexpert.com/2008/05/rusto...ested-doll.html http://blog.threatexpert.com/2008/06/new-r...to-hotmail.html

   

   Last reply by steve10120, November 5, 2008
3. 

   Tracking Gimmiv...

   November 5, 2008 by Teddy Rogers

   • 0 replies
   • 17.9k views

   Research_Blog___Research___SecureWorks.pdf http://www.secureworks.com/research/blog/i...racking-gimmiv/ Ted.

   

   Last reply by Teddy Rogers, November 5, 2008

   • 
4. 

   BIG VIRUS COMING

   August 9, 2008 by Ac

   • 6 replies
   • 8.9k views

   VERY IMPORTANT - BIG VIRUS COMING !!! PLEASE READ http://www.snopes.com/computer/virus/postcard.asp Hi All, I checked with Norton Anti-Virus, and they are gearing up for this virus! I checked Snopes (URL above:), and it is for real!! Get this E-mail message sent around to your contacts ASAP. You should be alert during the next few days. Do not open any message with an attachme nt entitled 'POSTCARD FROM HALLMARK,' regardless of who sent it to you. It is a virus which opens A POSTCARD IMAGE, which 'burns' the whole hard disc C of your computer. This virus will be received from someone who has y…

   

   Last reply by metr0, October 29, 2008
5. 

   Coreflood/AFcore Trojan Analysis

   July 17, 2008 by Teddy Rogers

   • 0 replies
   • 4.5k views

   http://www.secureworks.com/research/threat...hreat=coreflood Ted.

   

   Last reply by Teddy Rogers, July 17, 2008

   • 
6. 

   CUT.exe Reverse Engineering Analysis

   July 15, 2008 by evilcry

   • 0 replies
   • 4.5k views

   Hello I've just released CartellaUnicaTasse.exe An Italian Malware Case Study, it can be downloaded here: http://evilcry.altervista.org/tuts/Mw/CartellaUnicaTasse.pdf if does not works the link, just go on the home of my site and reach it from the link Regards to Tuts4You Community, Evilcry

   

   Last reply by evilcry, July 15, 2008
7. 

   Delphi virus source code

   June 27, 2008 by motan

   • 3 replies
   • 8.5k views

   Hi. Anyone knows from where I can get the source code of a virus made in Delphi? Doesn't matter what virus it is as long as I can learn something from it. Thanks a lot.

   

   Last reply by motan, July 11, 2008
8. 

   Set up VirtualBox for malware analyzing?

   June 7, 2008 by high6

   • 8 replies
   • 6.6k views

   I wanna get into malware analyzing with a virtual box but I have a few questions. What are some things I should/shouldn't do with the virtual machine that might make it secure/insecure? Will installing guest additions make the virtual box insecure? Will having a shared folder with read only permission make it insecure? And what are some things I should know about VirtualBox before I debug malware?

   

   Last reply by GEEK, June 9, 2008
9. 

   Storm Worm Analysis

   June 3, 2008 by Loki

   • 1 reply
   • 4.7k views

   Site : http://honeyblog.org/archives/175-Storm-Wo...esentation.html Paper : http://honeyblog.org/junkyard/paper/08_storm_ITSF.pdf

   

   Last reply by oricode, June 3, 2008

   • 
10. 

    Trojan-Downloader.Win32.Small

    May 16, 2008 by Teddy Rogers

    • 2 replies
    • 5.3k views

    Trojan-Downloader.Win32.Small or Win32/PolyCrypt Analysis Trojan_DownloaderWin32Small.pdf Ted.

    

    Last reply by evilcry, May 24, 2008

    • 
11. 

    Automatic Patch-Based Exploit Generation

    May 23, 2008 by 0000007a

    • 0 replies
    • 4.6k views

    source: http://www.cs.cmu.edu/~dbrumley/pubs/apeg.html full pdf article(Worth Reading) http://www.cs.cmu.edu/~dbrumley/pubs/apeg.pdf PS I was not sure where does it fit.

    

    Last reply by 0000007a, May 23, 2008
12. 

    The Toolbox of the Forensics Examiner

    May 17, 2008 by evilcry

    • 3 replies
    • 9.4k views

    Hi, Here a little collection of links where you can download the basical Digital Forensics tools.. http://www.opensourceforensics.org/tools/windows.html http://www.forinsect.de/forensics/forensics-tools.html and WinHex http://www.winhex.com/winhex/ In a next post I'll talk about the first procedures of HDD Acquisition. Have a nice Day, Evilcry

    

    Last reply by evilcry, May 19, 2008
13. 

    Malware Analysis Course

    April 17, 2008 by Loki

    • 2 replies
    • 5.5k views

    This looks like its worth checking out: As soon as we announced that we were running such a unique course, we received lots of questions about the material. So now we're happy to announce that all the course material from the lectures are publicly available from the course webpage.Now the course is coming to a close. The students are currently working on their final project: designing and implementing an antivirus engine. While this sounds like a daunting task (it takes a lot of time to develop a good engine), we are keeping things reasonable. The main focus is on coming up with a sound design and implementing a basic engine to test it out.Our students have been very succ…

    

    Last reply by ChupaChu, April 17, 2008
14. 

    W32/stormworm.gen1 Network Analysis

    March 25, 2008 by Loki

    • 2 replies
    • 4.9k views

    Another paper from the guys at offensive computing http://www.offensivecomputing.net/?q=node/678 PDF direct link : http://www.offensivecomputing.net/papers/j...m-3-23-2008.pdf

    

    Last reply by Loki, March 25, 2008