Kaspersky Hooking Engine Analysis

In this article we will talk about a few hooking techniques used by antivirus software. For the purpose of this analysis the antivirus chosen will be Kaspersky (http://www.kaspersky.com/it/trials PURE 3.0 Total Security), we will deal with various hooking techniques used both at user and kernel mode. The reference operating system will be Windows 7 Professional 32-bit. The image below shows […]

Quick Volatility overview and R.E. analysis of Win32.Chebri

Introduction In this article we will start from the physical memory dump of a machine suspected of malware compromise, successively with volatility we will establish if the machine is infected and produce evidences from memory artifacts. In the next steps the malicious component will be carved from memory and analyzed with a classical Reverse Engineering […]

Stabuniq Financial Infostealer Trojan Analysis

According to Symantec, Stabuniq is a financial infostealer trojan which has been found on servers belonging to financial institutions, including banking firms and credit unions. The Trojan also compromised home computer users and computers at security firms. Targets sounds interesting, so here at UIC R.E.Academy we decided to take an in depth look to this trojan […]

Shylock via volatility

Shylock is a new Financial Malware, publicly reported for the first time on 7 September 2011. Additional informations on can be checked out from Mila’s blogpost http://contagiodump.blogspot.com/2011/09/sept-21-greedy-shylock-financial.html Tools Volatility MHL Malware Plugins Timeliner,RegistryApi, evtlogs Plugins Essay Memory Acquisition First step is the Memory Acquisition that can be accomplished essentially in two ways, depending essentially by […]

Carberp Reverse Engineering

We are going to talk about Trojan Banker Carberp from a Reverse Engineering point of view. Carberp is a Botnet delivered in the usual ways of Blackmarket selling, designed to be a Trojan Spy and specifically a Banker similar to SpyEye and ZeuS, able to perform Man in the Browser attacks, steal victim credentials, kill […]