A forum for reverse engineering, OS internals and malware analysis 

Search found 13 matches

 Go to advanced search

Re: Win32/Furtim

 by Snakebyte ¦  Wed Jul 13, 2016 9:10 am ¦  Forum: Malware ¦  Topic: Win32/Furtim ¦  Replies: 22 ¦  Views: 52628

Didn't know this forum is part of the "darkweb":
https://motherboard.vice.com/read/resea ... -web-forum

Re: Tools from the ZeroAccess author

 by Snakebyte ¦  Sat Feb 20, 2016 8:29 pm ¦  Forum: Malware ¦  Topic: Tools from the ZeroAccess author ¦  Replies: 7 ¦  Views: 22770

Amazing work!

Re: Ransom.BAT.Vaultcrypt (alias Xibow)

 by Snakebyte ¦  Wed Jan 13, 2016 8:22 pm ¦  Forum: Malware ¦  Topic: Ransom.BAT.Vaultcrypt (alias Xibow) ¦  Replies: 2 ¦  Views: 6714

found a sample today.
pass: infected

Re: Moker APT

 by Snakebyte ¦  Thu Oct 08, 2015 11:31 am ¦  Forum: Malware ¦  Topic: Moker APT ¦  Replies: 9 ¦  Views: 11010

Carbanak (aka Anunak) is back?

 by Snakebyte ¦  Sun Sep 06, 2015 6:39 pm ¦  Forum: Malware ¦  Topic: Carbanak ¦  Replies: 12 ¦  Views: 26053

https://www.csis.dk/en/csis/blog/4710/

Doe's anyone have the sample from this case or any newer versions than the ones posted by GROUP-IB or kaspersky ?

Thanks

Win32/Spy.Shiz.NCP (Shifu)

 by Snakebyte ¦  Tue Sep 01, 2015 5:59 am ¦  Forum: Malware ¦  Topic: Win32/Spy.Shiz.NCP (Shifu) ¦  Replies: 9 ¦  Views: 26840

"A brand-new advanced banking Trojan discovered in the wild has been named “Shifu”"
source: https://securityintelligence.com/shifu- ... nese-banks

pass: infected

Re: Cheshire Cat | Windows NT dusty malware?

 by Snakebyte ¦  Thu Aug 13, 2015 8:10 am ¦  Forum: Malware ¦  Topic: Cheshire Cat | Windows NT dusty malware? ¦  Replies: 7 ¦  Views: 6590

Did Kaspersky do a writeup on this?

Cheshire Cat | Windows NT dusty malware?

 by Snakebyte ¦  Sun Aug 09, 2015 1:45 am ¦  Forum: Malware ¦  Topic: Cheshire Cat | Windows NT dusty malware? ¦  Replies: 7 ¦  Views: 6590

Windows NT samples from defon talk today:
https://www.defcon.org/html/defcon-23/d ... quis-Boire

Standard password

Re: Trojan-Ransom.Win32.Toxic.a

 by Snakebyte ¦  Thu May 28, 2015 2:20 pm ¦  Forum: Malware ¦  Topic: Trojan-Ransom.Win32.Toxic.a ¦  Replies: 2 ¦  Views: 4614

"Out of the gate, the standard of antimalware evasion is fairly high, meaning the malware’s targets would need additional controls in place (HIPS, whitelisting, sandboxing) to catch or prevent this."

Am I missing something? where is the fairly high part? UPX?

Re: Articles

 by Snakebyte ¦  Sat May 16, 2015 7:36 pm ¦  Forum: Reverse Engineering and Debugging ¦  Topic: Articles ¦  Replies: 33 ¦  Views: 114026

x86 Disassembly: Exploring the relationship between C, x86 Assembly, and Machine Code:
http://upload.wikimedia.org/wikipedia/c ... sembly.pdf