Malware Reverse Engineering
Debugging, disassembling and documenting interesting malware...
369 topics in this forum
-
Help Unpacking
by pichoo- 4 replies
- 14.1k views
Hi, can anyone help me to figure out what this malware is packed with. PeID does not identify it, and VirusTotal gives these results from F-Prot and Authentium: packers (F-Prot): PE-Armor, Malware_Prot.V packers (Authentium): PE-Armor, Malware_Prot.V I've attached the file in a password protected Rar, password is "password". Any help would be appreciated. Thank you Also, I'm new to these forums, so if I'm breaking any rules, please let me know. malware.rar
-
- 8 replies
- 17.2k views
get the whole exploit code here: http://www.milw0rm.com/exploits/6031 i think this exploit is dangerous. maybe some software will use it to avoid debugging? or probably malware will use it. keep your eyes open
-
Strange file was sent, help analyzing.
by carb0n- 2 replies
- 4.7k views
There was a file sent from my email that I didn't authorize, me and my staff have been analyzing but haven't come u with a lot of stuff, here is what we got so far: johnnyk analyzed the crypter drops this smss.exe into windows directory hers some reports http://anubis.iseclab.org/?action=result&a...amp;format=html http://research.sunbelt-software.com/ViewM...aspx?id=6585843 http://www.novirusthanks.org/analisis/39b5...18cba37b757e2b4 plus it dorps this crypter.exe and this txt file saying Your files zip,rar,doc,txt,xls,ppt,vbs,htm,html,pas,bas,c,cpp,exe were encrypted . Send mail to unknowncrypter@mail.ru for unencryption key. Your …
-
Mu_hr00M_CryT0r_V1.0
by Teddy Rogers- 0 replies
- 4.1k views
I came across this some months back but only taken a look at it now. Strange thing is after running the crypter everytime I now go in to the directory, "Mu_hr00M_CryT0r_V1.0" it crashes and reboots the OS. Same thing for the filename... http://rapidshare.com/files/142314333/Mu_h...r_V1.0.zip.html Ted.
-
Is this Malicious?
by Blah- 5 replies
- 5.8k views
hey all.. i want to try this app out but when clicking the setup exe zone alarm says its malicious but not sure if its true since the source is right from the web page heres the homepage http://www.pitchtrain.com/ exe http://www.pitchtrain.com/PTsetup.exe thanx mates...
-
Trojan.Zhelatin.Pk Reverse Engineering
by evilcry- 4 replies
- 6.6k views
Hi, I've released a paper on Trojan.Zhelatin.pk RCE Analysis, that can be downloaded here: http://evilcry.netsons.org/tuts/Mw/Zhelatin.pdf Have a nice read.. Regards, Giuseppe 'Evilcry' Bonfa'
-
Rustock C The Beast
by evilcry- 16 replies
- 10.2k views
Hi, Rustock C is definitely the most powerful advanced rootkit for Windows ever seen, the Pure Evil Here some papers about it http://info.drweb.com/show/3342/en http://www.rootkit.com/newsread.php?newsid=879 http://blog.threatexpert.com/2008/05/rusto...ested-doll.html http://blog.threatexpert.com/2008/06/new-r...to-hotmail.html
-
Tracking Gimmiv...
by Teddy Rogers- 0 replies
- 18.1k views
Research_Blog___Research___SecureWorks.pdf http://www.secureworks.com/research/blog/i...racking-gimmiv/ Ted.
-
BIG VIRUS COMING
by Ac- 6 replies
- 9.1k views
VERY IMPORTANT - BIG VIRUS COMING !!! PLEASE READ http://www.snopes.com/computer/virus/postcard.asp Hi All, I checked with Norton Anti-Virus, and they are gearing up for this virus! I checked Snopes (URL above:), and it is for real!! Get this E-mail message sent around to your contacts ASAP. You should be alert during the next few days. Do not open any message with an attachme nt entitled 'POSTCARD FROM HALLMARK,' regardless of who sent it to you. It is a virus which opens A POSTCARD IMAGE, which 'burns' the whole hard disc C of your computer. This virus will be received from someone who has y…
-
Coreflood/AFcore Trojan Analysis
by Teddy Rogers- 0 replies
- 4.8k views
http://www.secureworks.com/research/threat...hreat=coreflood Ted.
-
CUT.exe Reverse Engineering Analysis
by evilcry- 0 replies
- 4.7k views
Hello I've just released CartellaUnicaTasse.exe An Italian Malware Case Study, it can be downloaded here: http://evilcry.altervista.org/tuts/Mw/CartellaUnicaTasse.pdf if does not works the link, just go on the home of my site and reach it from the link Regards to Tuts4You Community, Evilcry
-
Delphi virus source code
by motan- 3 replies
- 8.7k views
Hi. Anyone knows from where I can get the source code of a virus made in Delphi? Doesn't matter what virus it is as long as I can learn something from it. Thanks a lot.
-
- 8 replies
- 6.9k views
I wanna get into malware analyzing with a virtual box but I have a few questions. What are some things I should/shouldn't do with the virtual machine that might make it secure/insecure? Will installing guest additions make the virtual box insecure? Will having a shared folder with read only permission make it insecure? And what are some things I should know about VirtualBox before I debug malware?
-
Storm Worm Analysis
by Loki- 1 reply
- 4.9k views
Site : http://honeyblog.org/archives/175-Storm-Wo...esentation.html Paper : http://honeyblog.org/junkyard/paper/08_storm_ITSF.pdf
-
Trojan-Downloader.Win32.Small
by Teddy Rogers- 2 replies
- 5.5k views
Trojan-Downloader.Win32.Small or Win32/PolyCrypt Analysis Trojan_DownloaderWin32Small.pdf Ted.
-
Automatic Patch-Based Exploit Generation
by 0000007a- 0 replies
- 4.9k views
source: http://www.cs.cmu.edu/~dbrumley/pubs/apeg.html full pdf article(Worth Reading) http://www.cs.cmu.edu/~dbrumley/pubs/apeg.pdf PS I was not sure where does it fit.
-
The Toolbox of the Forensics Examiner
by evilcry- 3 replies
- 9.6k views
Hi, Here a little collection of links where you can download the basical Digital Forensics tools.. http://www.opensourceforensics.org/tools/windows.html http://www.forinsect.de/forensics/forensics-tools.html and WinHex http://www.winhex.com/winhex/ In a next post I'll talk about the first procedures of HDD Acquisition. Have a nice Day, Evilcry
-
Malware Analysis Course
by Loki- 2 replies
- 5.7k views
This looks like its worth checking out: As soon as we announced that we were running such a unique course, we received lots of questions about the material. So now we're happy to announce that all the course material from the lectures are publicly available from the course webpage.Now the course is coming to a close. The students are currently working on their final project: designing and implementing an antivirus engine. While this sounds like a daunting task (it takes a lot of time to develop a good engine), we are keeping things reasonable. The main focus is on coming up with a sound design and implementing a basic engine to test it out.Our students have been very succ…
-
- 2 replies
- 5.2k views
Another paper from the guys at offensive computing http://www.offensivecomputing.net/?q=node/678 PDF direct link : http://www.offensivecomputing.net/papers/j...m-3-23-2008.pdf
