A forum for reverse engineering, OS internals and malware analysis 

Search found 269 matches

 Go to advanced search

Looking for itkvar.sys

 by kmd ¦  Sat Jan 12, 2019 6:35 am ¦  Forum: Completed Malware Requests ¦  Topic: Looking for itkvar.sys ¦  Replies: 1 ¦  Views: 545

Intel NUC update driver from Intel Integrator Toolkit Application(?)

SHA1
9508b501fd8453732decf2d3061598a5d4c3c648

Thanks!

Looking for presumably NATO supplied APT

 by kmd ¦  Thu Dec 06, 2018 4:12 am ¦  Forum: Completed Malware Requests ¦  Topic: Looking for presumably NATO supplied APT ¦  Replies: 1 ¦  Views: 846

only MD5:

92b1c50c3ddf8289e85cbb7f8eead077
1cbc626abbe10a4fae6abf0f405c35e2
2abb76d71fb1b43173589f56e461011b

Thanks!

Re: DSEFix - Defeating x64 Driver Signature Enforcement

 by kmd ¦  Mon Oct 03, 2016 9:27 am ¦  Forum: Tools/Software ¦  Topic: DSEFix - Defeating x64 Driver Signature Enforcement ¦  Replies: 39 ¦  Views: 184850

Hello, are you goinh to use doing capcom.sys for similar loader?

Taggant vs malware

 by kmd ¦  Sun Jun 19, 2016 12:26 pm ¦  Forum: Malware ¦  Topic: Taggant vs malware ¦  Replies: 1 ¦  Views: 3947

Hey,
http://standards.ieee.org/develop/indco ... aggant.pdf is it worth anything Vs. malware? Opinions?

Re: VBoxAntiVMDetectHardened mitigation X64 only (27/01/16)

 by kmd ¦  Thu Feb 11, 2016 5:55 am ¦  Forum: Tools/Software ¦  Topic: VBoxAntiVMDetectHardened mitigation X64 only ¦  Replies: 249 ¦  Views: 1747209

is there any patch for 5.0.14 available? thanks!

Re: ZeroAccess (alias MaxPlus, Sirefef)

 by kmd ¦  Wed Jan 20, 2016 9:55 am ¦  Forum: Malware ¦  Topic: ZeroAccess (alias MaxPlus, Sirefef) ¦  Replies: 557 ¦  Views: 570677

hi, why number of bots online so small?

Re: UACMe - Defeating Windows User Account Control

 by kmd ¦  Fri Jun 19, 2015 2:32 pm ¦  Forum: Tools/Software ¦  Topic: UACMe - Defeating Windows User Account Control ¦  Replies: 136 ¦  Views: 440604

In addition 10147 broke ISecurityEditor->SetSecurity method. It now returns E_INVALID_ARG. It could be method parameters change or internal reworking. This mean methods related to Simda are dead. Dead for a while (if it possible to recover new definition of interface) or completely (if this change ...

Re: UACMe - Defeating Windows User Account Control

 by kmd ¦  Tue Mar 31, 2015 3:05 pm ¦  Forum: Tools/Software ¦  Topic: UACMe - Defeating Windows User Account Control ¦  Replies: 136 ¦  Views: 440604

have you figured out why gootkit method doesnt work on win10?

Re: Necurs - another x64 rootkit

 by kmd ¦  Wed Jan 28, 2015 5:29 pm ¦  Forum: Malware ¦  Topic: Necurs - another x64 rootkit ¦  Replies: 70 ¦  Views: 96740

me again 8-) i'm plan to test this rootkit on x64 windows, should i take latest win version or try on smth like windows 7?

Re: warthunder and windbg

 by kmd ¦  Wed Jan 28, 2015 5:27 pm ¦  Forum: Reverse Engineering and Debugging ¦  Topic: warthunder and windbg ¦  Replies: 2 ¦  Views: 7104

yeah they have this check in all exe-s, maybe sort of shared framework, anyway simple patch of NtQuerySystemInformation did the job.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 27