(Not) All She Wrote (Part 1): Rigged PDFs

Hello paranoids  You know that moment when you get an email with an attached document and a promise of good fortune once you open it? Great, the following set of posts is for you. Lately i have been trying to learn how to speed up analysis of malicious documents (e.g. PDFs, Office, RTFs). Due to … Continue reading (Not) All She Wrote (Part 1): Rigged PDFs

Advertisements

63 Problems But Malware Ain’t One: 882aef202a56008ad20a61c8960eb830

Hello paranoids  As promised i am back to reverse stuff. This time, and following the previous sequence of posts, i have decided to pick an Android malware for analysis. Without further ado, let us begin. Malware Characteristics MD5: 882aef202a56008ad20a61c8960eb830 Family name: Ginmaster (GingerMaster) Obfuscation/Packing: Yes/No  GingerMaster was the first Android malware using GingerBreak exploit, an exploit that affects GingerBread … Continue reading 63 Problems But Malware Ain’t One: 882aef202a56008ad20a61c8960eb830

63 Problems But Malware Ain’t One: 8ca23d7bdf520c3e7ac538c1ceb7b555

Hello paranoids Recovered from my previous post? No? Great! My overall objectives for the previous post were to: Show you how to unpack a malware Unpacking constructions (e.g. anti-debugging, shellcode, dynamic resolution of dependencies) On this post, i intend to: Go over some network/host tracks left by the malware Malware supported commands and features The … Continue reading 63 Problems But Malware Ain’t One: 8ca23d7bdf520c3e7ac538c1ceb7b555

Unpacker for Hire: 8ca23d7bdf520c3e7ac538c1ceb7b555

Hello paranoids As i referred on my previous post, i have started a Reverse Engineering/Malware Analysis journey. One of the topics i find most interesting about malware is packing. A packer is an algorithm that manipulates a simple binary and adds one or more of the following features (this is not an exhaustive list): cryptors and/or compressors: e.g. … Continue reading Unpacker for Hire: 8ca23d7bdf520c3e7ac538c1ceb7b555