About a month ago I got a link to ESET's ChallengeMe from a friend, yesterday I had some free time to work on that, and finally I solved it. You can get the crackme from the link … read more.
We are finally at the end of our Caphaw/Shylock analysis. This time we will deal entirely with the code injected into explorer.exe process, the context will be a little more complex than previous … read more.
Welcome to the second part of our analysis of Caphaw/Shylock. In the first chapter we have gone through the dropping and unpacking stages of this malware. In this second part we will go through the … read more.
In this essay we will perform an in-depth analysis (from the unpacking to explorer.exe code injection) of the most recent version of Caphaw/Shylock, a banking malware that, at the time of discovery, … read more.
While sifting through the Clean-MX malware database I found one suspicious APK with a low detection rate (3/39 on VirusTotal), so I decided it was worth to a look at what seemed to be an OpFake … read more.
UIC's [Quick Analysis] blog posts are a fast way to share some information and/or samples which are under our microscope. About "Flash_update.exe" During my daily malware hunting I came across a … read more.
Introduction In this article we will start from the physical memory dump of a machine suspected of malware compromise, successively with volatility we will establish if the machine is infected and … read more.
Recently our colleague N3mes1s found a fake browser updater (password, as usual is: infected) for Android, so I decided to take a look at it. Before we begin I suggest you to download … read more.