A quick showcase of unpacking a Locky ransomware sample. Sidenote: My fear of accidental execution is that it will encrypt the OllyDbg files which I still need to show the unpacking. Of course this is a VM. Do not ever get the idea to try this on your main system. X) OllyDbg: http://www.ollydbg.de/ HxD: https://mh-nexus.de/en/hxd/ Locky: https://www.hybrid-analysis.com/sample/49a48d4ff1b7973e55d5838f20107620ed808851231256bb94c85f6c80b8ebfc?environmentId=100
Here I demonstrate to you three (and a half!) ways to unpack malware. Malware is often packed for the purpose of AntiVirus and Analysis evasion, therefore it is
Bypassing malware analysis sandboxes is easy, let’s discuss how they are doing it and why it works Have you ever received a piece of malware and wanted to know
Locky is a sneaky piece of ransomware that downloads itself through a .js file and avoids analysis by not revealing its payload in sandboxed environments. As us
http://malwareup.org A week or so ago someone asked me if I could show how to avoid infecting yourself when testing malware in a virtual machine, so instead of
http://malwareup.org For a more in depth analysis: http://www.bleepingcomputer.com/news/security/the-locky-ransomware-encrypts-local-files-and-unmapped-network-
Please check out my Udemy courses! Coupon code applied to the following links.... https://www.udemy.com/hands-on-penetration-testing-labs-30/?couponCode=NINE99
Better understanding on what strings do even through some anti-debug, anti-analysis malware due to the portability of some functions.
This video shows that some packed files can be unpacked using only a hexeditor (HxD) and a scripting language (Python 2.7). HxD: https://mh-nexus.de/en/hxd/ Py
This video demonstrates the weakness in the UPX exe packer/protector that allows it to be easily unpacked within seconds by an experienced reverser. Please not
Previous video, Basic PE Structure: https://www.youtube.com/watch?v=l6GjU8fm8sM Follow me on Twitter: https://twitter.com/struppigel
Macro extraction and deobfuscation using oletools and MS Excel. Follow me on Twitter: https://twitter.com/struppigel oletools: https://www.decalage.info/python
Welcome to the first TekTip episode from TekDefense.com. In this episode we talk about and demo basic dynamic malware analysis. Tools we leveraged here includ
Quick and dirty Locky infection. Infection through Winword macro.
Bypass copy protection software using Ollydbg in order to use the product without extending the trial duration. Educational purpose only.
1. How did you get into malware analysis? 0:16 2. What disassembler do you recommend for a newbie? 4:09 x64dbg: https://x64dbg.com
Beginner tutorial about unpacking Portable Executable files. For trying this yourself, any UPX packed file will do the job. Get UPX from here: http://upx.source
Here I show you 5 of my favourite tools to use for behavioural analysis. They are: 1. Process Hacker (http://processhacker.sourceforge.net/) 2. Process Monitor
We analyse two ransomware families that made it into the news this week, one .NET assembly that executes a PowerShell script and one Portable Executable that wa
We take a look into the malware Gatak which uses WriteProcessMemory and CreateRemoteThread to inject code into rundll32.exe. Many thanks to @_jsoo_ for providin
Setup and configuration of Cuckoo framework on Linux, to automate the malaware analysis process. You need to install the following as prerequisites. 1. Install