DarkComet Analysis – Understanding the Trojan used in Syrian Uprising

On February 17th the CNN published an interesting article, where some Syrian’s regime opponents claimed that the government was using a Trojan to monitor and disrupt the protestor’s network. Apparently the regime has been using a well-known social engineering technique: impersonate a trusted person then attack from the inside. It is not possible to confirm […]

Morto Malware Analysis

Today we’re going to analyze Morto.A a malware which, in this weeks, is spreading in many Internet places. It’s a worm that allows unauthorized access to an infected computer and tries to compromise administrator passwords for Remote Desktop connections, through RDP protocol, on a network. Indeed this threat infecting computers by targeting accounts that have […]

Rootkit Banker Win64.Banker and Win32.Banker Analysis

Rootkit Banker Win64.Banker Reverse Engineering, this is the first rootkit able to steal banking account credentials even on x64 systems. We’ll take a look into the functionalities of this interesting rootkit, focusing mainly on the techniques used to disable UAC, to install the certificate and to steal information from the infected machines. Tools IDA Essay […]

How to Deal with Malware

With this brief tutorial, here at UIC we are going to open a new Reversing Chapter that follows the new challenge promptly emerged in the last years: Malware Reverse Engineering. This field is quite interesting and important for every serious RCE Community mostly because we are now facing an impressive boost of Malicious Executables and […]

Guidelines to MFC Reversing

Software developed with MFC may import MFC80U.dll (MFC80U is the name of the last version of the dll, as I’m writing), it depends on the type of compilation: as a static library or as a shared DLL. I’ll analyze a software which imports the dll and has debug infos, just to make the job easier. […]