reverse engineering… Potential Anti-analysis with XLM NOW() Function- IcedID Delivery 2 Apr 20213 Apr 2021 TL;DR - XLM sample for IcedID delivery is using the NOW() macro function and non-volatility to possibly make the analysis difficult. While looking for the latest trends on MalwareBazaar yesterday,…
exploit-dev… Backdooring NSIS based installer: A Cautionary Tale 1 Jan 20203 Jan 2020 Understandably, this post does not follow the theme of malware analysis of this blog. However, it would be fair to add some range to the topics here. This post came…
emotet… API address resolution (Emotet) 2 Oct 201923 Dec 2019 Since the Emotet campaign has been back again for the past 2 weeks I got my hands on one of the samples (3e269b0ba5c550cd0636355f2b8da977dac2dc4ad42bcf8b917322006ccf4745) that someone tweeted and started to dissect.…
ransomware… Reversing: Locky Osiris (Part II) 12 Mar 201714 Mar 2017 For this post I would be using IDA Pro and OllyDbg. While jumping back and forth between these tools I will follow the naming convention of IDA Pro more often than OllyDbg.…
ransomware… Reversing: Locky Osiris (Part I) 8 Feb 201710 Feb 2017 I was hoping for this to be my last post about Osiris, but since the DLL (shtefans1.spe) is packed it would not be possible for me to cover reverse engineering in one…
