Malware Reverse Engineering
Debugging, disassembling and documenting interesting malware...
364 topics in this forum
-
Recognizing Junk code?
by malware- 6 replies
- 5.3k views
I am looking for and want to learn reverse engineering and recognizing junk code? and cleaning junk code? (reverse engineering binary to C code) Any example?
-
Resources for analyzing malware
by malware- 1 reply
- 4.3k views
I am looking for websites to read malware analysis paper (white paper) or articles? resources to learn and study malware analysis day to day basis. I will appreciate your suggestion and recommendation.
-
- 6 replies
- 5.1k views
Reverse engineering a keylogger (Email based logger) is it possible to to get the email address and Password which is set to get key logs.
-
Where to start malware analysis
by malware- 0 replies
- 3.9k views
how do i start my career as malware analyst? where should i begin?
-
PLC infection malware
by malware- 5 replies
- 5.5k views
Can anyone help me figure out PLC infection worm work. I am looking for to analyze such malware which infect PLC. How PLC infection mlaware work such as stuxnet. I will appreciate you concern.
-
How much "Stuxnet" malware would costs?
by malware- 0 replies
- 7.7k views
how much "Stuxnet" malware source code would cost ? https://en.wikipedia.org/wiki/Stuxnet Is it worth 1 Billion USD ? how much would it costs sophisticated malware like stuxnet? Thanks
-
svchost rootkit
by jolin wong- 1 reply
- 10.7k views
I have ten svchost.exe process running in the computer, process explorer shows all of them coming from c:\windows\system32 directory, so looks like no malware, but is there any chance that rootkit can do process injection to svchost, any tool can detect it? thanks
-
latest Malware analysis and threat intel
by jolin wong- 1 reply
- 4.7k views
Dear Expert, I want to know is there any threat intelligence forum which share the latest month malware and threat analysis report (in PDF)? thanks
-
Backup (offline version) of vxheaven website
by malware- 1 reply
- 4.9k views
To check my skill set i am looking for virus source code written using assembly. I know a website name vxheaven which is offline now. Can anybody tell me where can i find exe and com infection tutorial perhaps backup of vxheaven website. Thanks
-
malware database with api access
by jolin wong- 0 replies
- 4.2k views
we want to know any commercial/free malware database besides virustotal which can provide api access, we want to pull from them the malware list into our system on a daily basis, thanks
-
malware download possibility
by jolin wong- 0 replies
- 4.1k views
in my previous company, we use arcsight siem, so malware ticket is generated after siem get log from various resouce, in the log we can see malware name (for example name of *.exe, *.pdf, *.doc file), also malware can be downloaded from siem, my current company facing a problem, the arcsight siem can't sow malware name, also attachment does not have malware executable file. it is very difficult to analyze malware, is there anything need to be configured from siem, so malware name will appear and dowloadable. or we have to set up a ftp folder for user to upload the suspected exe file, then we analyze from there?
-
How to determine md5 algorithm
by malware- 0 replies
- 5.1k views
I am analyzing carberp malware. there is a md5 hash algorithm in that malware. how do i locate and dissemble the algorithm? not only md5 other encryption like aes to name a few.
-
Help me understand the source code?
by malware- 3 replies
- 5.5k views
can you explain the following code of a known malware ? Thanks
-
unknown malware detection
by alialiali- 2 replies
- 6.6k views
hi Does anyone have a list of sequences or number of repetitive malicious api functions for identifying unknown malware? For example, a list of the api functions sequence used in virus worms and .etc If not how can it be reached ?
-
Any IDA Pro Tutorials ?
by megam- 2 replies
- 5.7k views
Hello , i am new in Reverse Engineering and i want to learn how to patch files like cracking hardware id's or vmware check inside .dll files can someone help me with tutorials on where can i learn IDA Pro i cannot find any tutorial online . Also why my IDA Pro Debugger is missing in toolbar (if someone knows) . Thanks :)
-
Malware VMProtect
by ONDragon- 5 replies
- 15.4k views
When I reverse the MALWARE , I realise it was PROTECTED by VM , so I try to run it so that catch its behavior .BUT there are some anti'VMware (I try to run it both in VMWare and VirtualBox) ways. The Questions: If I encounter the MALWARE , what shound I do? PS: How to Unpack the VM and how to hide the VMWare of both VMWare and VirtualBox!!! Please help ME . THANKS!!!
-
bypassing anti-vm inside protected samples
by zixkhalid- 0 replies
- 4.8k views
this is a good starting point as you know: Sandboxes and virtual environments are full of artefacts that betray their analysis environment. Malware can protect itself against these by running some checks to detect such environments before performing any malicious actions. i'm looking for bypass that use by malware analyst to overcome this anti-vm stuff?
-
Unknown RAT/Keylogger
by Asentrix- 7 replies
- 7.1k views
Unsure of the protection, just want it reversed I checked it in Hxd and it looks like a 3 is just added to every byte I also ran it in a debugger and themida popped up. Checked on virustotal and it says packed with: BobSoft Mini Delphi -> BoB / BobSoft Included are 3 files. 1. The original, which isn't an exe file 2. Renamed exe but not fixed 3. Fixed exe with digital signature Thats as far as we got! DEOB.zip
-
VMProtect malware
by NeoNCoding- 2 replies
- 5.3k views
Hello, can somebody tell me what this Malware(Application) contains and what it does ? BE CAREFUL! I don't know what it does.. Test it only on VM ! svchos2t.exe
-
Setting hook without calling SetWindowsHookEx
by Aldhard Oswine- 2 replies
- 12k views
Is this possible to set hook without calling SetWindowsHookEx?
-
{MProtect - Share knowledge
by only me- 2 replies
- 14.2k views
Hi All , most of malware analyst gets a pain from VMProtect packing as I hear:), I am new to this area and I was starting my search about this packing. Could you please share your method to dial with this packing.
-
- 0 replies
- 6k views
I thought all you reverse engineers out there might enjoy this since it talks about the calls use in late malware https://blogs.technet.microsoft.com/mmpc/2017/03/08/uncovering-cross-process-injection-with-windows-defender-atp/
-
third-party library in IDA pro
by Aldhard Oswine- 0 replies
- 6.8k views
What ways are to analyze unnamed third-party library functions in IDA Pro, such as OpenSSL, Boost, etc.
-
Reversing the petya ransomware with constraint solvers
by Extreme Coders- 5 replies
- 7.8k views
Ransomware is very common these days. Once it installs on a user machine it begins encrypting files. When the user comes to know about the ransomware attack it is already too late. Unless the user has a backup, he/she must must pay the ransom to recover the files. Luckily there has been cases where due to a faulty implementation of cryptography breaking such malware becomes feasible. The recently discovered petya ransomware is an example. This blog post is a short walk through on breaking the petya ransomware with a constraint solvers. Hope you like it & find useful. http://0xec.blogspot.com/2016/04/reversing-petya-ransomware-with.html
-
Set Virtualbox port fowarding 2 adpaters
by opc0d3- 0 replies
- 4.5k views
Hello! I'm trying to make a lab to analyze malware grant to it internet connection, but with certain rules. I was thinking to make 2 vms, windows lab to do analysis and the middle server linux remnux. I thought to isolate my windows from host network creating a internal network between remnux and windows. On remnux i would port fowarding (when i grant it) from internal network adpater to nat adapter, so the windows couldn't see my host. My goal it's to avoid infected machine contacting my host, and on remnux i would set up iptables to block any request but http from windows directly to remote, blocking any lan interaction. Can anyone help me think in way to…
