Open Analysis Live! We use x64dbg to unpack a new Emotet / Geodo malware (Stage 1). This was a subscriber request asking us to determine how this was packed. Packed sample: Sha256: c41cbad1ee87b9156c389962608cf25570ca176903b299cb3415f3fc3a23ebbe https://malshare.com/sample.php?action=detail&hash=90c2c10001134ab2a1cc87ec4382b197 x64dbg: https://x64dbg.com/#start PE-bear: https://hshrzd.wordpress.com/pe-bear/ PyIATRebuild: https://github.com/OALabs/PyIATRebuild Unpacked (stage 1): c3f43896913c17f91c0d95924ac426e89928b8eef93da7dc107a7a0891c7a860 https://malshare.com/sample.php?action=detail&hash=01e0cf87ee2e22ff40e648aa82409ce4 Feedback, questions, and suggestions are always welcome : ) Sergei https://twitter.com/herrcore Sean https://twitter.com/seanmw As always check out our tools, tutorials, and more content over at http://www.openanalysis.net
Open Analysis Live! We use IDA Pro and x64dbg to unpack a recently packed Gootkit malware (stage1). This was a subscriber request asking us to determine how thi
How to crack Bigasoft Total Video Converter and remove the trial limitations using x64dbg http://morituri.co.nf/
OLEVBA - https://github.com/decalage2/oletools/wiki/olevba 1:58 - Extract Macro with olevba 2:40 - ExifTool to examine Document Metadata (Comments used in Macr
Here I demonstrate to you how to analyse a Zero Day (now patched!) in Word which exploits an EPS vulnerability referenced in CVE-2017-0262 / CVE-2015-2545. Thi
Open Analysis Live! In this tutorial we show how to unpack a Themida 2.x 64bit PE file.... kind of : ) Instead of attacking the Themida protection directly we w
In diesem Video erkläre ich, was der Banking-Trojaner Emotet ist, was dieser mit Phishing zu tun hat und worauf es zu achten gilt, damit man nicht zum Opfer ein
Your precious 0-day? That meticulously crafted exploit? The perfect foothold? At some point, they'll be captured, dissected, and put on display. Reverse enginee
http://go.att.com/f1e34f60 Originally recorded November 13, 2018 AT&T ThreatTraq welcomes your e-mail questions and feedback at email@example.com
Open Analysis Live teams up with MalwareAnalysisForHedgehogs to unpack Princess Locker ransomware. We show how to use x64dbg and hooks on VirtualAlloc to dump t
Today we are looking at an extension of a great lesson by Stephen Chapman on bypassing process scanners that look for CE signatures in the process and slam us d
Here I showcase how you can use an awesome tool from Kahu Security called CMD Watcher; which watches for where cmd.exe is invoked, suspends the process, extract
Open Analysis Live! We unpack TrickBot and extract it's configuration file using x64dbg and a Python script from the KevinTheHermit project. Expand for more...
Unpacking and deobfuscation of .NET malware protected by Confuser v.1.9, Babel .NET, RPX and a custom dropper with Base64. The final payload is njRAT 0.7d aka B
Open Analysis Live! We use IDA Pro and x64dbg to take a second look at Gootkit and determine how it uses files name checks to evade analysis. Expand for more...
The Emotet banking trojan is one nasty threat. Part Trojan, part network worm that steals banking information, contact address books and performs DDOS attacks.
Here I demonstrate to you three (and a half!) ways to unpack malware. Malware is often packed for the purpose of AntiVirus and Analysis evasion, therefore it is
This video is for educational purposes only! This video shows you how to reverse engineer a simple executable provided by Lena151. In this video we make use o
Attend Free Online Virtual Hacker Conference: www.kringlecon.com Presented by: Chris Davis Learn information security skills: www.sans.org In this talk we disc
Open Analysis Live! In this tutorial we unpack a new version of GlobeImposter ransomeware using the X32bg / X64dbg debugger. Original packed sample: https://m