Search found 4293 matches

by EP_X0FF
Sun Jan 06, 2019 4:55 pm
Forum: Malware
Topic: Adware/InstallCube
Replies: 5
Views: 3073

Re: Malware collection

It is trojan muldrop called InstallCube.

Generic gescription from "authors" hxxps://installcube.com/acp/en/page/item?pageType=how_it_works.

Posts moved.
by EP_X0FF
Sun Jan 06, 2019 6:49 am
Forum: Newbie Questions
Topic: Anyway to find this file?
Replies: 1
Views: 994

Re: Anyway to find this file?

I'm afraid this is not what you are looking for. It contain clearly suspicious indicators like this one: STOR HawkEye_Keylogger_Stealer_Records_tFr7YTRfV3 7.24.2017 9:55:18 AM.txt All malware requests must be done in Malware Requests subforum. You can request samples only when you shared something u...
by EP_X0FF
Sun Dec 30, 2018 10:29 am
Forum: Tools/Software
Topic: Making ReactOS Great Again*, Part 1
Replies: 9
Views: 8813

Re: Making ReactOS Great Again*, Part 1

@Brock, Yeah this thing is full of ridiculuos bugs and fun, as well as it community throwing money to the monitor for nothing. We are happy to present another gift to ReactOS. https://github.com/hfiref0x/BSODScreen This time it is BSOD Screensaver, which is very relevant for this Operation System. T...
by EP_X0FF
Thu Dec 20, 2018 9:05 am
Forum: Tools/Software
Topic: Making ReactOS Great Again*, Part 1
Replies: 9
Views: 8813

Re: Making ReactOS Great Again*, Part 1

For a note: ReactOS devs have made several fixes to the above bugs. Just a few but it is better than nothing and perhaps other will be addressed too improving stability of this OS. Regarding to that idiot from Germany with IP 79.247.162.58 who tried to spam here - this thread is premoderated. Any ki...
by EP_X0FF
Wed Dec 19, 2018 3:33 am
Forum: User-Mode Development
Topic: Avoid undocumented API calls (RtlImageNtHeader)?
Replies: 2
Views: 1121

Re: Avoid undocumented API calls (RtlImageNtHeader)?

It is trivial. if ((((PIMAGE_DOS_HEADER)Base)->e_magic == IMAGE_DOS_SIGNATURE) && (((ULONG)((PIMAGE_DOS_HEADER)Base)->e_lfanew) < MAX_DOS_HEADER)) { NtHeaders = (PIMAGE_NT_HEADERS)((PCHAR)Base + ((PIMAGE_DOS_HEADER)Base)->e_lfanew); if (NtHeaders->Signature != IMAGE_NT_SIGNATURE) { NtHeaders = NULL;...
by EP_X0FF
Tue Dec 18, 2018 8:56 am
Forum: Tools/Software
Topic: Making ReactOS Great Again*, Part 1
Replies: 9
Views: 8813

Re: Making ReactOS Great Again*, Part 1

Bonus to Part 1. ReactOS PR (or one of the reasons why it so terrible) There is an official twitter -> http://twitter.com/reactos/ Sometimes it post bullshit and bizarre pictures. Sometimes just real news related to project and project announcements. I will teach you how to became a ReactOS evangel...
by EP_X0FF
Mon Dec 17, 2018 1:11 pm
Forum: Tools/Software
Topic: Making ReactOS Great Again*, Part 1
Replies: 9
Views: 8813

Making ReactOS Great Again*, Part 1

Making ReactOS Great Again*, Part 1 Imagine running your favorite Windows applications and drivers in an open-source environment you can trust . That's ReactOS. There is no Windows code in ReactOS. There never was. There was never such an accusation in the first place. (c) ReactOS frontpage and rea...
by EP_X0FF
Mon Dec 03, 2018 8:32 am
Forum: Reverse Engineering and Debugging
Topic: Enumerating kernel notification callback routines, x64
Replies: 0
Views: 1106

Enumerating kernel notification callback routines, x64

This document covers kernel notification callback routines up to 19H1, released as part of WinObjEx64 v1.7 https://github.com/hfiref0x/WinObjEx64/blob/master/Docs/Callbacks.pdf Notification callbacks mentioned ObRegisterCallbacks CmRegisterCallbacks CmRegisterCallbacksEx PsSetCreateProcessNotifyRout...
by EP_X0FF
Fri Nov 02, 2018 4:41 pm
Forum: Reverse Engineering and Debugging
Topic: NtUserCreateActivationObject BSOD
Replies: 0
Views: 1170

NtUserCreateActivationObject BSOD

New Windows 10 19H1 (18272) feature - new BSOD, insufficient input parameters checking in NtUserCreateActivationObject. BSOD in NtUserCreateActivationObject -> CActivationObject::Create -> CActivationObject::addToHashTable (mov rax, [rcx+rdx*8]) https://gist.github.com/hfiref0x/23a2331588e7765664f50...