A forum for reverse engineering, OS internals and malware analysis 

Search found 233 matches

 Go to advanced search

Re: ShadowHammer

 by R136a1 ¦  Fri Mar 29, 2019 6:03 pm ¦  Forum: Malware ¦  Topic: ShadowHammer ¦  Replies: 7 ¦  Views: 795

Two more analyses: https://www.countercept.com/blog/analysis-shadowhammer-asus-attack-first-stage-payload/ https://skylightcyber.com/2019/03/28/unleash-the-hash-shadowhammer-mac-list/ Nothing new though, except for the almost complete list of targeted MAC addresses: https://github.com/skylightcyber/...

Re: ShadowHammer

 by R136a1 ¦  Wed Mar 27, 2019 2:37 pm ¦  Forum: Malware ¦  Topic: ShadowHammer ¦  Replies: 7 ¦  Views: 795

360 security did some cracking or hash calculations:

md5s.jpg
Source: https://twitter.com/360TIC/status/1110797967621914625

Re: ShadowHammer

 by R136a1 ¦  Wed Mar 27, 2019 1:29 pm ¦  Forum: Malware ¦  Topic: ShadowHammer ¦  Replies: 7 ¦  Views: 795

Yeah, would be interesting to know. Also, earlier samples are patched in a different way, more primitive. 6aedfef62e7a8ab7b8ab3ff57708a55afa1a2a6765f86d581bc99c738a68fc74 The difference to the previous sample is that not the call of ___crtCorExitProcess in ___crtExitProcess was patched, but instead ...

Re: ShadowHammer

 by R136a1 ¦  Wed Mar 27, 2019 12:40 pm ¦  Forum: Malware ¦  Topic: ShadowHammer ¦  Replies: 7 ¦  Views: 795

Nice analysis! Want to add some additional details. 9a72f971944fcb7a143017bc5c6c2db913bbb59f923110198ebd5a78809ea5fc (from Kaspersky blog post) The attacker patched the original call to ___crtCorExitProcess inside ___crtExitProcess with a call to some injected code at the end of the .text section: O...

New Forum Theme

 by R136a1 ¦  Sat Mar 23, 2019 5:43 pm ¦  Forum: Announcements ¦  Topic: New Forum Theme ¦  Replies: 0 ¦  Views: 194

Hi folks, the last point on the list of board modernizations was a new and more modern theme. I have chosen a dark theme and think it looks much better than the default phpBB theme. Apologies for any inconvenience. Edit: Switched to a light color theme as some people didn't like the dark one. Edit2:...

Re: Some code doesn't works with SYSTEM priv.

 by R136a1 ¦  Sat Mar 23, 2019 4:22 pm ¦  Forum: Newbie Questions ¦  Topic: Some code doesn't works with SYSTEM priv. ¦  Replies: 4 ¦  Views: 250

Can you please elaborate a bit more? Which progam? You have the source code? etc.

Forum restructuring

 by R136a1 ¦  Sat Mar 09, 2019 1:04 pm ¦  Forum: Announcements ¦  Topic: Forum restructuring ¦  Replies: 0 ¦  Views: 242

Hi, as you can see, I reorganized the forums a bit to remove the previous unorganized flat structure. Now, you can see the board structure from the beginning and not only after visited a forum. As all the other recent changes, this was also long overdue. Apologies for any inconvenience. Regards, R13...

Enabled HTTPS to forum

 by R136a1 ¦  Mon Mar 04, 2019 9:11 pm ¦  Forum: Announcements ¦  Topic: Enabled HTTPS to forum ¦  Replies: 0 ¦  Views: 228

Hi, as you can see, I finally enabled encrypted HTTPS for the forum which was long overdue. As a consequence, you have to login again as all sessions were deleted and a new cookie has to be created. It took a little longer to install the TLS/SSL certificate (Let's Encrypt) than expected, but at the ...

Forum Maintenance

 by R136a1 ¦  Mon Mar 04, 2019 12:41 pm ¦  Forum: Announcements ¦  Topic: Forum Maintenance ¦  Replies: 0 ¦  Views: 179

Hi,

as some may have noticed we did a forum maintenance yesterday (20:15:00, 3rd of March 2019, +1 UTC). It took a little longer than expected, however at the end everything was successful. Apologies for any inconvenience.

Regards,
R136a1

Chainshot

 by R136a1 ¦  Thu Sep 06, 2018 8:17 pm ¦  Forum: Malware ¦  Topic: Chainshot ¦  Replies: 0 ¦  Views: 1983
  • 1
  • 2
  • 3
  • 4
  • 5
  • 24