A forum for reverse engineering, OS internals and malware analysis 

Search found 4325 matches

 Go to advanced search

Re: [IDAPython] VirtualAlloc of ctypes returns 0

 by EP_X0FF ¦  Mon May 20, 2019 4:49 pm ¦  Forum: Newbie Questions ¦  Topic: [IDAPython] VirtualAlloc of ctypes returns 0 ¦  Replies: 1 ¦  Views: 46

If VirtualAlloc params is what you supplied then it is invalid call due to Protect flag you set to 0. If you want to execute something it should be at least PAGE_EXECUTE_READWRITE assuming you will do Read/Write to that region next.

Re: Office 97-2003 macro viruses

 by EP_X0FF ¦  Mon May 20, 2019 1:55 am ¦  Forum: Completed Malware Requests ¦  Topic: Office 97-2003 macro viruses ¦  Replies: 3 ¦  Views: 96

Re: Check if process is UWP application.

 by EP_X0FF ¦  Sun May 19, 2019 2:23 pm ¦  Forum: User-Mode Development ¦  Topic: Check if process is UWP application. ¦  Replies: 1 ¦  Views: 171

Make a powershell script that runs C#, no?

Re: GoldenEye Ransomware XLS Dropper

 by EP_X0FF ¦  Sun May 19, 2019 2:21 am ¦  Forum: Completed Malware Requests ¦  Topic: GoldenEye Ransomware XLS Dropper ¦  Replies: 3 ¦  Views: 136

You have 0 contribution to this place. All your topics are requests.

I already mentioned here viewtopic.php?f=22&t=5419&p=32496#p32496
You seems do not understand. Ok, banned for 6 month.

Re: Megumin trojan

 by EP_X0FF ¦  Mon May 06, 2019 3:02 pm ¦  Forum: Malware ¦  Topic: Megumin trojan ¦  Replies: 3 ¦  Views: 287

Such a trash lol. Unpacked in attach.

Code: Select all
C:\Users\Administrator\Desktop\MeguminV2\Release\MeguminV2.pdb

Re: Megumin trojan

 by EP_X0FF ¦  Mon May 06, 2019 2:36 pm ¦  Forum: Malware ¦  Topic: Megumin trojan ¦  Replies: 3 ¦  Views: 287

Found d15e1bc9096810fb4c954e5487d5a54f8c743cfd36ed0639a0b4cb044e04339f. In attach.

Megumin trojan

 by EP_X0FF ¦  Mon May 06, 2019 2:34 pm ¦  Forum: Malware ¦  Topic: Megumin trojan ¦  Replies: 3 ¦  Views: 287

Can we have this one? Just for fun and collection. https://darkwebs.ws/threads/54287/ https://fumik0.com/2019/05/03/lets-nuke-megumin-trojan/ d15e1bc9096810fb4c954e5487d5a54f8c743cfd36ed0639a0b4cb044e04339f e6c447c826ae810dec6059c797aa04474dd27f84e37e61b650158449b5229469 c70120ee9dd25640049fa2d08a76...

Re: Warzone RAT

 by EP_X0FF ¦  Fri May 03, 2019 7:24 am ¦  Forum: Malware ¦  Topic: Warzone RAT ¦  Replies: 1 ¦  Views: 339

They share this pile of garbage code with Ransomware Ave Maria -> viewtopic.php?f=16&t=5451 :clown:

Re: Why Microsoft don't block elevation runas?

 by EP_X0FF ¦  Mon Apr 29, 2019 3:06 am ¦  Forum: General Discussion ¦  Topic: Why Microsoft don't block elevation runas? ¦  Replies: 3 ¦  Views: 229

Malware calls this functuin in a loop, and reaches admin privileges. The user can not cancel it, because malware call it in an infinite (or very big) loop. You can always press ctrl+alt+del and logoff thus terminating any elevation requestors. What is the point of integrating, if each application c...

Small update.

Added ability to extract GAPA (Generic Application Level Protocol Analyzer) modules from NIS (Network Inspection System) VDM containers.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 433