A forum for reverse engineering, OS internals and malware analysis 

Search found 33 matches

 Go to advanced search

Re: CVE-2018-5002

 by waffles2.0 ¦  Thu Jun 14, 2018 7:47 am ¦  Forum: Completed Malware Requests ¦  Topic: CVE-2018-5002 ¦  Replies: 3 ¦  Views: 2181

Thanks maddog! It's too bad the C2 server is down now so we can't get the SWF files.

CVE-2018-5002

 by waffles2.0 ¦  Tue Jun 12, 2018 8:46 am ¦  Forum: Completed Malware Requests ¦  Topic: CVE-2018-5002 ¦  Replies: 3 ¦  Views: 2181

In this blog post by Qihoo 360 they document CVE-2018-5002: http://blogs.360.cn/blog/cve-2018-5002-en/ It seems like they are the only people who have reversed it, unfortunately they have decided to hide a section of the MD5s ***salary.xlsx - MD5: ******517277fb0dbb4bbf724245e663 malicious SWF (Shoc...

Re: Process Doppelganging

 by waffles2.0 ¦  Thu May 31, 2018 8:04 am ¦  Forum: User-Mode Development ¦  Topic: Process Doppelganging ¦  Replies: 7 ¦  Views: 17798

Just download from here https://github.com/Spajed/processrefund

then build and execute it as it says in the README.

Re: How to search for a certain malware in Kernelmode.Info

 by waffles2.0 ¦  Fri Feb 16, 2018 11:56 am ¦  Forum: Newbie Questions ¦  Topic: How to search for a certain malware in Kernelmode.Info ¦  Replies: 6 ¦  Views: 22202

Try dropping Hybrid Analysis a PM on Twitter they are active there and should help you out: https://twitter.com/HybridAnalysis

In the mean time see the attachment I added below this post.

Re: How to search for a certain malware in Kernelmode.Info

 by waffles2.0 ¦  Fri Feb 16, 2018 10:23 am ¦  Forum: Newbie Questions ¦  Topic: How to search for a certain malware in Kernelmode.Info ¦  Replies: 6 ¦  Views: 22202

Obviously I have offended you, I apologise. This is in the newbie questions forum so I assumed you were not experienced but I don't see why someone should extensively research who you are before answering a question nor do I understand why who you are even matters ? Try shortening the hash from 9f85...

Re: How to search for a certain malware in Kernelmode.Info

 by waffles2.0 ¦  Fri Feb 16, 2018 8:44 am ¦  Forum: Newbie Questions ¦  Topic: How to search for a certain malware in Kernelmode.Info ¦  Replies: 6 ¦  Views: 22202

Firstly, I can search for the full hash for some reason... Anyway lets assume you are searching for with a small section of the hash. To find that post your search should look like this: *825c2ab57* and not like this: 825c2ab57 . Secondly, before searching you could also do a little bit of research ...

CCleaner

 by waffles2.0 ¦  Wed Sep 20, 2017 7:15 am ¦  Forum: Malware ¦  Topic: CCleaner ¦  Replies: 1 ¦  Views: 7170

http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html https://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users https://www.virustotal.com/#/file/6f7840c77f99049d788155c1351e1560b62b8ad18ad0e9adda8...

Crypen Ransomware

 by waffles2.0 ¦  Tue Aug 29, 2017 8:18 am ¦  Forum: Completed Malware Requests ¦  Topic: Crypen Ransomware ¦  Replies: 1 ¦  Views: 3879

Hey guys I am looking for a sample of Crypen ransomware. SHA1: 09b08e04ee85b26ba5297cf3156653909671da90 Hybrid Analysis (sample not shared): https://www.hybrid-analysis.com/sample/082060e3320870d1d576083e0ee65c06a1104913ae866137f8ca45891c059a76?environmentId=4 Virus Total: https://virustotal.com/#/f...

Re: Dridex v4 - 32 bit

 by waffles2.0 ¦  Tue Aug 22, 2017 7:33 am ¦  Forum: Completed Malware Requests ¦  Topic: Dridex v4 - 32 bit ¦  Replies: 1 ¦  Views: 7979

If you can give us a hash we will have a much better chance of getting you the file you are looking for!

Re: Petya malware

 by waffles2.0 ¦  Thu Jun 29, 2017 11:45 am ¦  Forum: Malware ¦  Topic: Petya malware ¦  Replies: 16 ¦  Views: 43315

The sample provided by the original comment is an older sample, the new one doesn't have the skull and crossbones. Attached is the sample that struck out hitting lots of companies over the past few days. Use the command line to execute: rundll32.exe 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b...