We are finally at the end of our Caphaw/Shylock analysis. This time we will deal entirely with the code injected into explorer.exe process, the context will be a little more complex than previous episodes because we will work within a multithreaded environment. The injected code will identify an active domain (DGA based) in order to download other executables (binary update for … read more.
Welcome to the second part of our analysis of Caphaw/Shylock. In the first chapter we have gone through the dropping and unpacking stages of this malware. In this second part we will go through the remaining HSE:: Step(s) - in particular we will see how the previously gathered information will be used, the network interactions between the bot and the Command and Control Server … read more.
In this essay we will perform an in-depth analysis (from the unpacking to explorer.exe code injection) of the most recent version of Caphaw/Shylock, a banking malware that, at the time of discovery, was ranked as FUD (Fully UnDetected) by VirusTotal. The article will cover the following topics: Analysis of the packer and related unpacking. Reverse engineering and … read more.
While sifting through the Clean-MX malware database I found one suspicious APK with a low detection rate (3/39 on VirusTotal), so I decided it was worth to a look at what seemed to be an OpFake variant. Clean-MX Link: http://support.clean-mx.de/clean-mx/viruses.php?id=14835516 VT Link: … read more.
UIC's [Quick Analysis] blog posts are a fast way to share some information and/or samples which are under our microscope. About "Flash_update.exe" During my daily malware hunting I came across a … read more.
Introduction In this article we will start from the physical memory dump of a machine suspected of malware compromise, successively with volatility we will establish if the machine is infected and … read more.
Recently our colleague N3mes1s found a fake browser updater (password, as usual is: infected) for Android, so I decided to take a look at it. Before we begin I suggest you to download … read more.
In this issue we are going to analyze McRat, a user's data and passwords stealer. This malware is interesting since it makes use of some anti-debugging techniques and several encryption/obfuscation … read more.
In this article we will analyze the exploit released by Kacper Szczesniak for CVE -2013-1763. In simple terms this exploit takes advantage of a vulnerability at kernel-level of the array … read more.