Search found 7 matches

by Cch123
Tue Sep 29, 2015 12:28 pm
Forum: Completed Malware Requests
Topic: sample request for Goyledr.A & Banload.BEC
Replies: 2
Views: 4062

Re: sample request for Goyledr.A & Banload.BEC

Hi,

Goyledr.A sample (md5=1f74b625a14ac3f63e35b0facaa75c70) in attachment.
by Cch123
Mon May 04, 2015 1:24 pm
Forum: Malware
Topic: Trojan Werdlod
Replies: 2
Views: 2628

Re: Trojan Werdlod

dejl13 wrote:Does this only affect Japanese/Chinese sites?
It is a spam email campaign targeted at Japan; it does not drop from sites.
by Cch123
Sun May 03, 2015 3:11 pm
Forum: Malware
Topic: Trojan Werdlod
Replies: 2
Views: 2628

Trojan Werdlod

Hello, I have attached the sample mentioned in Trendmicro's blogpost. It uses the same technique as the malware in Operation Emmental. Hope the community finds this sample useful :) More info: http://blog.trendmicro.com/trendlabs-security-intelligence/troj_werdlod-new-banking-trojan-targets-japan/ h...
by Cch123
Wed Apr 15, 2015 10:53 am
Forum: Newbie Questions
Topic: Writing a Backdoor in kernel?
Replies: 3
Views: 5888

Re: Writing a Backdoor in kernel?

Hi, This is not a malware writing forum. I don't think you are simply writing a POC because your question seems as though you are not clear yourself what you want to do. If you are indeed trying to write a POC in order to understand more about the windows kernel, you can spend some time browsing thr...
by Cch123
Sun May 18, 2014 3:39 am
Forum: Newbie Questions
Topic: How does AV's fix file infections?
Replies: 2
Views: 3793

Re: How does AV's fix file infections?

Adding on to what EP_X0FF said, there are other methods to fix these infections. Some antivirus monitor and record the actions of programs running on the computer. When the program is identified as malicious, the antivirus undos all the actions and modifications that the program made, based on what ...
by Cch123
Fri Nov 29, 2013 1:35 am
Forum: Reverse Engineering and Debugging
Topic: diffing binaries without IDA
Replies: 5
Views: 24670

Re: diffing binaries without IDA

Given that your purpose is vulnerability research, I can give you some recommendations. Normally for vulnerability researchers, we use TurboDiff (IDA plugin), DarunGrim or Bindiff. Turbodiff and Darun grim are free solutions, but Bindiff is utilized more widely.
by Cch123
Mon Nov 25, 2013 11:54 am
Forum: General Discussion
Topic: Managing malware collection
Replies: 1
Views: 3368

Managing malware collection

Hi everyone, I would like to find out how are others managing their malware collections. For me, I only collect some of the more interesting samples, such as apt exploits or notable malware like Flame,Duqu,Hikit etc. in folders with the corresponding name of the malware. Usually, I would put the cor...