Eset ChallengeME 2013 Solution

About a month ago I got a link to ESET's ChallengeMe from a friend, yesterday I had some free time to work on that, and finally I solved it. You can get the crackme from the link … read more.

In depth analysis of Caphaw/Shylock from “FirefoxUpdate.exe” campaign – Part 3

We are finally at the end of our Caphaw/Shylock analysis. This time we will deal entirely with the code injected into explorer.exe process, the context will be a little more complex than previous … read more.

In depth analysis of Caphaw/Shylock from “FirefoxUpdate.exe” campaign – Part 2

Welcome to the second part of our analysis of Caphaw/Shylock. In the first chapter we have gone through the dropping and unpacking stages of this malware. In this second part we will go through the … read more.

In depth analysis of Caphaw/Shylock from “FirefoxUpdate.exe” campaign – Part 1

In this essay we will perform an in-depth analysis (from the unpacking to explorer.exe code injection) of the most recent version of Caphaw/Shylock, a banking malware that, at the time of discovery, … read more.

Active CookieBomb, CVE 2013-2465 and Reveton

Quick Analysis

This is the second QuickAnalysis post after the one by evilcry; During my daily urlquery investigation (, I come across a website infected by the CookieBomb … read more.

AndroidOS.Opfake.a malware analysis

While sifting through the Clean-MX malware database I found one suspicious APK with a low detection rate (3/39 on VirusTotal), so I decided it was worth to a look at what seemed to be an OpFake … read more.

Low detection “Flash_update.exe”

Quick Analysis

UIC's [Quick Analysis] blog posts are a fast way to share some information and/or samples which are under our microscope. About "Flash_update.exe" During my daily malware hunting I came across a … read more.

Quick Volatility overview and R.E. analysis of Win32.Chebri

Introduction In this article we will start from the physical memory dump of a machine suspected of malware compromise, successively with volatility we will establish if the machine is infected and … read more.

Android Fake Вrowser Update Analysis

Recently our colleague N3mes1s found a fake browser updater (password, as usual is: infected) for Android, so I decided to take a look at it. Before we begin I suggest you to download … read more.

McRat Malware Analysis – Part1

In this issue we are going to analyze McRat, a user's data and passwords stealer. This malware is interesting since it makes use of some anti-debugging techniques and several encryption/obfuscation … read more.