Skip to content

Evil Code Analysis

Search
  • Home
  • About
  • Contact

Tag: ransomware

ransomware…

Reversing: Locky Osiris (Part II)

12 Mar 201714 Mar 2017
For this post I would be using IDA Pro and OllyDbg. While jumping back and forth between these tools I will follow the naming convention of IDA Pro more often than OllyDbg.…
ransomware…

Reversing: Locky Osiris (Part I)

8 Feb 201710 Feb 2017
I was hoping for this to be my last post about Osiris, but since the DLL (shtefans1.spe) is packed it would not be possible for me to cover reverse engineering in one…
macros…

Macros: Locky Osiris

28 Jan 20179 Feb 2017
In this post we will go through the macro code for the excel file that was used to bait users into downloading and dropping the malware payload. The macros (ThisWB, Module1) that we…
ransomware…

Static Analysis: Locky Osiris

22 Jan 20179 Feb 2017
This post is a continuation of the previous blog post about recent Locky variant. Now let's use OfficeMalScanner to confirm the existence of bin files. As we can see, there is…
ransomware

Locky Osiris

13 Jan 20179 Feb 2017
There was a recent Locky resurgence with Osiris variant past December. However, it's too late to post this analysis for others to be benefitted by it, it would still be…

Note

The ideas and views expressed in this blog are mine only and not my employer's. The analyses posted in this blog are results of my hobby and in no way work-related.

Archives

  • December 2022
  • January 2022
  • April 2021
  • March 2021
  • January 2020
  • November 2019
  • October 2019
  • March 2017
  • February 2017
  • January 2017
Website Powered by WordPress.com.
  • Follow Following
    • Evil Code Analysis
    • Already have a WordPress.com account? Log in now.
    • Evil Code Analysis
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar