Search found 4231 matches

by EP_X0FF
Tue Jul 17, 2018 3:39 pm
Forum: Completed Malware Requests
Topic: need help finding these
Replies: 3
Views: 4703

Re: need help finding these

Dead thread. Closed.
If you still need these samples/have additional info - feel free to contact mods - we will gracefully reopen this thread and move it back.
by EP_X0FF
Tue Jul 17, 2018 3:37 pm
Forum: Completed Malware Requests
Topic: Zberp sample
Replies: 1
Views: 3046

Re: Zberp sample

Dead thread with no response. Closed.
If you still need this sample/have additional info - feel free to contact mods - we will gracefully reopen this thread and move it back.
by EP_X0FF
Fri Jul 13, 2018 4:52 pm
Forum: Kernel-Mode Development
Topic: Detecting Test Mode
Replies: 7
Views: 287

Re: Detecting Test Mode

All other ways are stupid.
by EP_X0FF
Thu Jul 12, 2018 7:11 pm
Forum: Kernel-Mode Development
Topic: Detecting Test Mode
Replies: 7
Views: 287

Re: Detecting Test Mode

well, i am basically developing a driver of sort, which acts like my personal anti virus and such. Was wanting to move onto process protecting, where i can use my anti virus to protect a program. So far i am using ObRegisterCallback for both threads and process handles. Stripping their permissions....
by EP_X0FF
Thu Jul 05, 2018 6:05 am
Forum: User-Mode Development
Topic: Process Doppelganging
Replies: 7
Views: 8935

Re: Process Doppelganging

That's interesting find, thanks for sharing.
by EP_X0FF
Wed Jul 04, 2018 5:07 am
Forum: User-Mode Development
Topic: Process Doppelganging
Replies: 7
Views: 8935

Re: Process Doppelganging

nothing to fix here Well, it seems Microsoft sort of fixed the issue (or attempted to do so at least). The Windows Defender filter driver (wdfilter.sys) blocks creation of processes with file objects being in transaction. I experienced this behavior on WIndows 10 (older versions of Windows seem "un...
by EP_X0FF
Fri Jun 22, 2018 9:32 am
Forum: Newbie Questions
Topic: Can i request unpacked malwares?
Replies: 5
Views: 820

Re: Can i request unpacked malwares?

21d20301ed7cefab2acce9afe56dd63db594aeb98c7e596152e2a399835e0c24 Completely deobfuscated in attach. MEMORY.rar It starts, write self-deletion bat file, executes it and crash itself with fake runtime error dialog. Why it doesn't give you anything else is because it is incredible old and everything re...
by EP_X0FF
Fri Jun 22, 2018 3:33 am
Forum: Newbie Questions
Topic: Can i request unpacked malwares?
Replies: 5
Views: 820

Re: Can i request unpacked malwares?

Post your malware you want to unpack in password protected archive. Maybe someone will help you. However if they are protected by commercial software (VMProtect, Themida) etc - nobody want waste their time.
by EP_X0FF
Fri Jun 08, 2018 6:53 pm
Forum: Kernel-Mode Development
Topic: Is possible remove a file protected by a file system filter driver?
Replies: 13
Views: 5281

Re: Is possible remove a file protected by a file system filter driver?

You want me to close all your topics?

One more time -> RTFM.
by EP_X0FF
Fri Jun 01, 2018 5:24 pm
Forum: Newbie Questions
Topic: It is normal when i have unsigned driver loaded in my Kernel?
Replies: 9
Views: 1812

Re: It is normal when i have unsigned driver loaded in my Kernel?

Do you understand that everything (or 99.9%) of what this tool is capable to detect doesn't work on Windows 10 by design and 100% of TDSSKiller detected bootkits doesn't work with GPT? Why this BSOD generator doesn't work in normal mode is a question to the Kaspersky TDSSKiller support not here.