A forum for reverse engineering, OS internals and malware analysis 

Search found 249 matches

 Go to advanced search

Re: [2017-11-05]ARK for Windows X64: WIN64AST(Page10#96)

 by R136a1 ¦  Tue Jun 11, 2019 9:26 am ¦  Forum: Tools/Software ¦  Topic: [2017-11-05]ARK for Windows X64: WIN64AST(Page10#96) ¦  Replies: 99 ¦  Views: 351043

As already became clear, development of this tool stopped in November 2017 with WIN64AST 1.19 (Support WIN10-16299) being the last version. Quote from m5home: Announcement: WIN64AST will NOT be updated anymore. I don't want to follow tempo of Microsoft to do an endless job forever. It wastes my time...

Phorpiex extortion mailer module

 by R136a1 ¦  Thu May 30, 2019 11:42 am ¦  Forum: Malware ¦  Topic: Phorpiex extortion mailer module ¦  Replies: 0 ¦  Views: 277

Hi, brief analysis of an extortion mailer module spread via Phorpiex botnet. Background is this tweet: https://twitter.com/P3pperP0tts/status/1133897358402564096 Initial sample: https://www.virustotal.com/#/file/9e76dfc23658b0add86da8b7bc9b078a3c89bd88dc5782104a5fad1fc7c33248/ Initial sample is an o...

Re: [IDAPython] VirtualAlloc of ctypes returns 0

 by R136a1 ¦  Thu May 30, 2019 8:04 am ¦  Forum: Newbie Questions ¦  Topic: [IDAPython] VirtualAlloc of ctypes returns 0 ¦  Replies: 11 ¦  Views: 598

That's a good question. I would contact Hex-Rays and report to them. They seem to fix IDA Python bugs regularly by looking at IDA Pro version history.

Re: [IDAPython] VirtualAlloc of ctypes returns 0

 by R136a1 ¦  Sun May 26, 2019 10:58 am ¦  Forum: Newbie Questions ¦  Topic: [IDAPython] VirtualAlloc of ctypes returns 0 ¦  Replies: 11 ¦  Views: 598

You're on Windows 10, right? I have tested your set up on Windows 7 and Windows 10 and can confirm. On Windows 7, all of the above examples work. On Windows 10, only the last example works. I have also tested latest IDA Pro (7.2) on Windows 10 and it suffers from the sam issue. I guess the bug is in...

Re: [IDAPython] VirtualAlloc of ctypes returns 0

 by R136a1 ¦  Sat May 25, 2019 10:28 am ¦  Forum: Newbie Questions ¦  Topic: [IDAPython] VirtualAlloc of ctypes returns 0 ¦  Replies: 11 ¦  Views: 598

If you want to check if you have the same issue, just execute the following lines on IDA's Python command line (assuming you have IDAPython) : import ctypes lpAddress = 0 size = 0x100 flAllocationType = 0x1000 flProtect = 0x40 mem = ctypes.windll.kernel32.VirtualAlloc(lpAddress, size, flAllocationT...

Re: WannaOof Ransomware Sample

 by R136a1 ¦  Tue May 07, 2019 1:49 pm ¦  Forum: Completed Malware Requests ¦  Topic: WannaOof Ransomware Sample ¦  Replies: 1 ¦  Views: 339

Attached.

Re: Pirpi / Bemstour / Filensfer (Buckeye)

 by R136a1 ¦  Tue May 07, 2019 1:32 pm ¦  Forum: Malware ¦  Topic: Pirpi / Bemstour / Filensfer (Buckeye) ¦  Replies: 1 ¦  Views: 400

The blog author also found a possible version of the C# implementation of Filesnfer: 6972ba198ed0d30de9f66be5777ecdba2d657078f138325ee6db225c20b29e6e Source code: using System; using System.Net.Sockets; using System.Net; using System.Net.Security; using System.Threading; using System.Security.Crypto...

Pirpi / Bemstour / Filensfer (Buckeye)

 by R136a1 ¦  Tue May 07, 2019 1:31 pm ¦  Forum: Malware ¦  Topic: Pirpi / Bemstour / Filensfer (Buckeye) ¦  Replies: 1 ¦  Views: 400

Article from Symantec: https://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit Samples available in VT (attached): 6b1f8b303956c04e24448b1eec8634bd3fb2784c8a2d12ecf8588424b36d3cbc (Filensfer C++ native) 3dbe8700ecd27b3dc39643b95b187ccfd44318fc88c5e6ee6acf3a07cdaf377e (Fil...

Re: Urgently Need samples.

 by R136a1 ¦  Sat May 04, 2019 10:17 am ¦  Forum: Completed Malware Requests ¦  Topic: Urgently Need samples. ¦  Replies: 3 ¦  Views: 265

@iamismael
While you probably had good intentions, still a bit disrespectful, no?

Re: Urgently Need samples.

 by R136a1 ¦  Fri May 03, 2019 8:21 pm ¦  Forum: Completed Malware Requests ¦  Topic: Urgently Need samples. ¦  Replies: 3 ¦  Views: 265

First post sample requests are normally not allowed and go to trashbin. What's the reason you need them urgently?

  • 1
  • 2
  • 3
  • 4
  • 5
  • 25