A forum for reverse engineering, OS internals and malware analysis 

Search found 1618 matches

 Go to advanced search

Re: CVE-2018-20250 (WinRAR UNACEV2.DLL)

 by Xylitol ¦  Mon Apr 01, 2019 1:27 am ¦  Forum: Malware ¦  Topic: CVE-2018-20250 (WinRAR UNACEV2.DLL) ¦  Replies: 6 ¦  Views: 874

March: ---------- MATCH: CVE_2018_20250 : AceArchive UNACEV2_DLL_EXP 2019-03-31: ceeb05b114d99453df04bba0138c597f4a87b446a55baf20d9d5a3f121dc7090 SMASH_Fornite_Logs.rar 027ccb2e3874e05fbaf750b2253c4044100021741abc77f720804de4040fe3a3 sdhong_exe.rar acc5c5092e3f7f7967f1827434e4c738e867e476c9e4ea8afc1...

Re: CVE-2018-20250 (WinRAR UNACEV2.DLL)

 by Xylitol ¦  Tue Mar 19, 2019 4:36 am ¦  Forum: Malware ¦  Topic: CVE-2018-20250 (WinRAR UNACEV2.DLL) ¦  Replies: 6 ¦  Views: 874

so far the rule works good. has been pulled also here https://github.com/Yara-Rules/rules/blob/master/CVE_Rules/CVE-2018-20250.yar ---------- MATCH: CVE_2018_20250 : AceArchive UNACEV2_DLL_EXP FILE >>>>> C:/SBOX/temp/ace/0312885f07b5a028e64c6a2a440a8584c67adf2c0986e99447328c4bede4e102 - wincon.exe -...

Global ATM Malware Wall

 by Xylitol ¦  Mon Mar 18, 2019 4:08 am ¦  Forum: General Discussion ¦  Topic: Global ATM Malware Wall ¦  Replies: 1 ¦  Views: 310

https://i.imgur.com/4RvpKuy.png Hi there, With few guys we made a zoo dedicated to malware targeting ATM platforms, as far as i know nobody has made a similar public project so voila. You will find here malwares that specifically targets ATMs, and reports (notice) about them. Files of interest got ...

https://www.proofpoint.com/us/threat-insight/post/new-version-azorult-stealer-improves-loading-features-spreads-alongside gate v1: https://github.com/futex/Malwares-code/blob/master/Panels/AZORult/V1/gate.php gate v2: https://github.com/futex/Malwares-code/blob/master/Panels/AZORult/V2/gate.php gate...

Re: CVE-2018-20250 Exploits (WinRAR)

 by Xylitol ¦  Fri Mar 15, 2019 2:23 pm ¦  Forum: Completed Malware Requests ¦  Topic: CVE-2018-20250 Exploits (WinRAR) ¦  Replies: 1 ¦  Views: 436

attached everything except 65e6831bf0f3af34e19f25dfaef49823 (16.58 MB) and d7d30c2f26084c6cfe06bc21d7e813b1 who can be found here: viewtopic.php?f=16&t=5479

CVE-2018-20250 (WinRAR UNACEV2.DLL)

 by Xylitol ¦  Fri Mar 15, 2019 2:05 pm ¦  Forum: Malware ¦  Topic: CVE-2018-20250 (WinRAR UNACEV2.DLL) ¦  Replies: 6 ¦  Views: 874

Extracting a 19 Year Old Code Execution from WinRAR - https://research.checkpoint.com/extracting-code-execution-from-winrar/ Attackers Exploiting WinRAR UNACEV2.DLL Vulnerability (CVE-2018-20250) - https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/attackers-exploiting-winrar-unacev2-dll-vu...

Re: tools required for analysis malware and ransomeware

 by Xylitol ¦  Mon Mar 04, 2019 12:43 am ¦  Forum: Tools/Software ¦  Topic: tools required for analysis malware and ransomeware ¦  Replies: 5 ¦  Views: 1405

a list of tools i did: Binary: https://translate.google.fr/translate?sl=fr&tl=en&u=https://wiki.zenk-security.com/doku.php?id=outils_binaire Malware: https://translate.google.fr/translate?sl=fr&tl=en&u=https%3A%2F%2Fwiki.zenk-security.com%2Fdoku.php%3Fid%3Doutils_malware generic list and a bit outda...

Win.Trojan.Derkziel-1

 by Xylitol ¦  Mon Mar 04, 2019 12:27 am ¦  Forum: Malware ¦  Topic: Win.Trojan.Derkziel-1 ¦  Replies: 0 ¦  Views: 374

Back in 2015 we've seen Derkziel Stealer, this one haven't made a lot of noise on media (even here, no one cared to did a thread) only the guys of mlw.re cared to write a bit as they had nothing better to do. Derkziel Software - https://blog.huntingmalware.com/notes/derkziel So here we are. Derkziel...

Re: B0r0nt0K ransomware

 by Xylitol ¦  Sat Mar 02, 2019 6:34 pm ¦  Forum: Malware Requests ¦  Topic: B0r0nt0K ransomware ¦  Replies: 3 ¦  Views: 607

all i see is an isolated incident, one article/forum post, no IoC and tons of article reposts based on first source, thanks to usual security clowns and sellers of magic powder.

Image

Trojan:Win32/Chopper.A (China Chopper)

 by Xylitol ¦  Thu Feb 28, 2019 1:20 pm ¦  Forum: Malware ¦  Topic: Trojan:Win32/Chopper.A (China Chopper) ¦  Replies: 0 ¦  Views: 375

2012 threat, small ASP webshell from China. a bit of lecture: mitre: China Chopper: https://attack.mitre.org/software/S0020/ (2012) China Chopper Webshell - the 4KB that Owns your Web Server: https://informationonsecurity.blogspot.com/2012/11/china-chopper-webshell.html (2013) Breaking Down the Chin...

  • 1
  • 2
  • 3
  • 4
  • 5
  • 162