PDF analysis of Nuclear Pack EK and CVE-2010-0188/CVE-2010-2883

On Malwarebytes' blog it's recently been published a description about Nuclear Pack exploit kit, though there isn't a description of the PDF exploit used, so we've decided to proceed with a more … read more.

HiMan EK and CVE-2013-2551

Quick Analysis

Recently during one of my analysis of URLs from urlquery, I came up with a URL ending in: /ie8910.html. The link, after being opened, returns an index with the following code:   As it … read more.

Introduction to ARMv8 64-bit Architecture

Introduction The ARM architecture is a Reduced Instruction Set Computer (RISC) architecture, indeed its originally stood for "Acorn RISC Machine" but now stood for "Advanced RISC Machines". In the … read more.

Eset ChallengeME 2013 Solution

About a month ago I got a link to ESET's ChallengeMe from a friend, yesterday I had some free time to work on that, and finally I solved it. You can get the crackme from the link … read more.

In depth analysis of Caphaw/Shylock from “FirefoxUpdate.exe” campaign – Part 3

We are finally at the end of our Caphaw/Shylock analysis. This time we will deal entirely with the code injected into explorer.exe process, the context will be a little more complex than previous … read more.

In depth analysis of Caphaw/Shylock from “FirefoxUpdate.exe” campaign – Part 2

Welcome to the second part of our analysis of Caphaw/Shylock. In the first chapter we have gone through the dropping and unpacking stages of this malware. In this second part we will go through the … read more.

In depth analysis of Caphaw/Shylock from “FirefoxUpdate.exe” campaign – Part 1

In this essay we will perform an in-depth analysis (from the unpacking to explorer.exe code injection) of the most recent version of Caphaw/Shylock, a banking malware that, at the time of discovery, … read more.

Active CookieBomb, CVE 2013-2465 and Reveton

Quick Analysis

This is the second QuickAnalysis post after the one by evilcry; During my daily urlquery investigation (http://urlquery.net/report.php?id=5098255), I come across a website infected by the CookieBomb … read more.

AndroidOS.Opfake.a malware analysis

While sifting through the Clean-MX malware database I found one suspicious APK with a low detection rate (3/39 on VirusTotal), so I decided it was worth to a look at what seemed to be an OpFake … read more.

Low detection “Flash_update.exe”

Quick Analysis

UIC's [Quick Analysis] blog posts are a fast way to share some information and/or samples which are under our microscope. About "Flash_update.exe" During my daily malware hunting I came across a … read more.