A forum for reverse engineering, OS internals and malware analysis 

Search found 20 matches

 Go to advanced search

Re: Code golfing to trigger false positives?

 by geoffreyvdb ¦  Mon Aug 29, 2016 9:18 am ¦  Forum: Newbie Questions ¦  Topic: Code golfing to trigger false positives? ¦  Replies: 4 ¦  Views: 6867

drop the EICAR string in there :D

WMI persistence in C++

 by geoffreyvdb ¦  Fri Aug 19, 2016 2:12 pm ¦  Forum: User-Mode Development ¦  Topic: WMI persistence in C++ ¦  Replies: 0 ¦  Views: 17857

Hi, I was fiddling around with WMI to see how it all works and I'm having problems achieving WMI persistence in C++. What I'm trying to do is get calc.exe to launch every time the system has booted up. I've found a good explanation about what is needed to achieve this on slide 27 here: https://files...

Dridex/Locky downloader/dropper

 by geoffreyvdb ¦  Fri Aug 12, 2016 7:37 pm ¦  Forum: Completed Malware Requests ¦  Topic: Dridex/Locky downloader/dropper ¦  Replies: 1 ¦  Views: 2805

Hi, I'm looking for the following docm: https://virustotal.com/en/file/1a6859d2 ... /analysis/


Re: Malware collection

 by geoffreyvdb ¦  Thu Aug 11, 2016 9:57 pm ¦  Forum: Malware ¦  Topic: Java/Jacksbot ¦  Replies: 1 ¦  Views: 2567

ikolor wrote:next

https://www.virustotal.com/en/file/80f5 ... 470845487/
Jacksbot multiplatform java backdoor by redpois0n from hackforums (lol)
https://www.intego.com/mac-security-blo ... iscovered/


 by geoffreyvdb ¦  Tue Aug 09, 2016 3:25 pm ¦  Forum: Malware ¦  Topic: Backdoor.Remsec ¦  Replies: 2 ¦  Views: 4438

New APT discovered by Kaspersky Features: Unique footprint: Core implants that have different file names and sizes and are individually built for each target – making it very difficult to detect since the same basic indicators of compromise would have little value for any other target. Running in me...

Bromium malware challenge

 by geoffreyvdb ¦  Wed Jun 01, 2016 8:38 am ¦  Forum: General Discussion ¦  Topic: Bromium malware challenge ¦  Replies: 0 ¦  Views: 6615

https://www.bromium.com/challenge.html If you can bypass bromium endpoint security, you will get £10K which is around 14470 dollars. Does anybody have any experience with the sandboxing technique that they use? They claim to be using CPU-enforced isolation. The target computers would run unpatched v...

Re: Kovter

 by geoffreyvdb ¦  Tue May 31, 2016 10:53 pm ¦  Forum: Malware ¦  Topic: Win32/Kovter ¦  Replies: 39 ¦  Views: 52961

kovter is polymorphic, this could be the reason why you can't find the sample by hash attached is dropper I think, didn't look at it yet but that's what it looks like from this HA report: https://www.hybrid-analysis.com/sample/129e10d5f18cb0ae5b6a61c13128fa6e753efcb80fcfdcf4d5a28c76e1215f0d?environm...


 by geoffreyvdb ¦  Wed May 11, 2016 6:55 pm ¦  Forum: Completed Malware Requests ¦  Topic: PUNCHBUGGY/PUNCHTRACK ¦  Replies: 1 ¦  Views: 3732

Looking for sample of this malware, more info in following blog post:
https://www.fireeye.com/blog/threat-res ... cards.html

Finding samples for these might be hard as they were used in spear phishing campaigns, also no hashes seem to have been shared

Re: Android Malware(All Android malware goes here)

 by geoffreyvdb ¦  Tue May 10, 2016 11:52 am ¦  Forum: Malware ¦  Topic: Android Malware(All Android malware goes here) ¦  Replies: 105 ¦  Views: 192023

Viking horde botnet http://blog.checkpoint.com/2016/05/09/viking-horde-a-new-type-of-android-malware-on-google-play/ 5 of the apks in attach Most popular one has 50k - 100k downloads https://apkscan.nviso.be/report/show/ac16f99ddb36534bebd1034e7e1f599a (analysis failed) https://apkscan.nviso.be/repo...

Re: Backdoor Andromeda (waahoo, alias Gamarue)

 by geoffreyvdb ¦  Mon May 02, 2016 5:30 pm ¦  Forum: Malware ¦  Topic: Backdoor Andromeda (waahoo, alias Gamarue) ¦  Replies: 129 ¦  Views: 194320

forgot sample