A forum for reverse engineering, OS internals and malware analysis 

Search found 197 matches

 Go to advanced search

Re: Source of Malware

 by gjf ¦  Thu Jan 26, 2012 11:56 am ¦  Forum: Malware ¦  Topic: Source of Malware ¦  Replies: 141 ¦  Views: 223035

https://alliance.mwcollect.org/public/join_requirements is not available because of outdated certificate ;) In other hand I agree with EP_X0FF: when trying to open any link to "Packed Malware_Binary" for instance, here , the above mentioned "apologies" appears. In such conditions this source is use...

Re: Malware analysis - Buster Sandbox Analyzer

 by gjf ¦  Mon Dec 12, 2011 9:05 pm ¦  Forum: Tools/Software ¦  Topic: Malware analysis - Buster Sandbox Analyzer ¦  Replies: 314 ¦  Views: 251520

Hm. Strange. I have observed "No options - please enter them using Options button" (or something like that) few times when I used Exeinfo option enabled in BSA. I thought it is linked with registry settings.
Will investigate it in future.

Re: Malware analysis - Buster Sandbox Analyzer

 by gjf ¦  Mon Dec 12, 2011 8:10 pm ¦  Forum: Tools/Software ¦  Topic: Malware analysis - Buster Sandbox Analyzer ¦  Replies: 314 ¦  Views: 251520

What about registry issue? I've thought about simple backup of registry key and bringing it back from start to start, but it can cause problems if Учуштащ alreday installed on the machine. In other hand - the subkey will change from version to version (HKEY_CURRENT_USER\Software\ExEi-pe\Exeinfo PE -...

Re: Malware analysis - Buster Sandbox Analyzer

 by gjf ¦  Mon Dec 12, 2011 1:01 pm ¦  Forum: Tools/Software ¦  Topic: Malware analysis - Buster Sandbox Analyzer ¦  Replies: 314 ¦  Views: 251520

A few remarks concerning the last version and included Exeinfo.
First of all - it's not the last version (last is 0.0.3.0).
Second - with such tool BSA becomes non-portable: Exeinfo stores it's settings at HKEY_CURRENT_USER\Software\ExEi-pe. So it is necessary to virtualize it in BSA.

Re: W32.Duqu

 by gjf ¦  Mon Dec 12, 2011 10:04 am ¦  Forum: Malware ¦  Topic: W32.Duqu ¦  Replies: 55 ¦  Views: 56613

The Mystery of Duqu: Part Five IMHO Kaspersky Lab is played out with this case: Gostev stopped publishing his "interesting" investigations and some other expert starts his own: The driver is registered in the HKLM\System\CurrentControlSet\Services\ registry path. The exact name of the registry key ...

Re: W32.Duqu

 by gjf ¦  Mon Nov 14, 2011 2:21 pm ¦  Forum: Malware ¦  Topic: W32.Duqu ¦  Replies: 55 ¦  Views: 56613

Re: W32.Duqu

 by gjf ¦  Mon Nov 14, 2011 11:11 am ¦  Forum: Malware ¦  Topic: W32.Duqu ¦  Replies: 55 ¦  Views: 56613

Re: W32.Duqu

 by gjf ¦  Thu Nov 03, 2011 12:14 pm ¦  Forum: Malware ¦  Topic: W32.Duqu ¦  Replies: 55 ¦  Views: 56613

The Mystery of Duqu:
Part 1
Part 2
Part 3

Re: Trojan.MBRlock

 by gjf ¦  Mon Jul 11, 2011 11:09 am ¦  Forum: Malware ¦  Topic: Trojan.MBRlock ¦  Replies: 94 ¦  Views: 86695

Ok, But i test MSE on detection/remove Mayachok.2 and not detect it with last update. Actually, I making quick scan. What is Mayachok.2? If it is Rootkit.CiDox it could be caused by non-standard mechanism of infection. IPL is not MBR and it is a problem now for not only Microsoft. BTW it can be cur...

Re: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)

 by gjf ¦  Wed Jun 29, 2011 9:15 am ¦  Forum: Malware ¦  Topic: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik) ¦  Replies: 595 ¦  Views: 641961
  • 1
  • 2
  • 3
  • 4
  • 5
  • 20