Quantcast
Channel: Malware Analysis – Malware Musings
Browsing latest articles
Browse All 16 View Live
Image may be NSFW.
Clik here to view.

Increase in MySQL Attacks: Dynamic Analysis — Continuing on

:0
:0
January 15, 2013, 4:11 pm

Seeing an increase in MySQL attacks hitting your network and interested in knowing more about them? This post finishes the dynamic analysis and, for those who wish I’d hurry up and get to the point,...

View Article
Search
Image may be NSFW.
Clik here to view.

Automated Unpacking: A Behaviour Based Approach

:0
:0
February 26, 2013, 12:37 am

Certain memory conditions have to be met before malware can unpack code and run it — the memory has to be writeable to unpack code to it, and executable to be able to execute it. The question is, can...

View Article
Image may be NSFW.
Clik here to view.

Capturing the cna12 MySQL Attacks with Dionaea

:0
:0
May 7, 2013, 8:19 pm

To analyse the cna12 MySQL attacks, I had to install MySQL Express Server as the attacks were prematurely exiting when connecting to Dionaea. Extracting the binary files from the libpcap files was...

View Article
Image may be NSFW.
Clik here to view.

Beyond Automated Unpacking: Extracting Decrypted/Decompressed Memory Blocks

:0
:0
September 16, 2014, 12:31 am

It’s been about a year and a half since I wrote about a behavioural approach to automated unpacking, and I figured it was time to add some more functionality to unpack.py. This time, I’m going to look...

View Article
Image may be NSFW.
Clik here to view.

My Malware Analysis Setup

:0
:0
January 31, 2016, 12:21 am

I was just in the middle of doing a post on analysing a malware sample and I thought that I should start it off by documenting my setup. It then occurred to me that doing so was making my post somewhat...

View Article
Image may be NSFW.
Clik here to view.

An Exercise in Deobfuscating MS Word Macros Using Linux

:0
:0
February 21, 2016, 2:21 am

… and without touching Perl I might add. So, someone has just handed you a collection of Microsoft Word documents that they believe are malicious and you’re keen to investigate them to see if you can...

View Article
Image may be NSFW.
Clik here to view.

Analysing CryptoLocker with unpack.py: Initial Analysis (part 1)

:0
:0
March 7, 2016, 1:31 pm

My automated unpacking script (which really needs a sensible name!) is a few years old now, so I was interested to see how it would go with some malware that was developed after it was. That is, I...

View Article
Image may be NSFW.
Clik here to view.

Analysing CryptoLocker with unpack.py: The unpacked payload (part 2)

:0
:0
March 29, 2016, 2:16 pm

This is the second part in a series of posts showing how we can use my unpack.py script to find quite a bit of useful information about a CryptoLocker variant. This post will analyse the unpacked...

View Article
Search
Image may be NSFW.
Clik here to view.

Analysing CryptoLocker with unpack.py: Network Communications (part 3)

:0
:0
May 13, 2016, 4:59 am

Previous posts in this series have demonstrated how unpack.py, when used on a CryptoLocker variant, extracts the malicious PE file injected in to explorer.exe, and how it can also be used to analyse...

View Article
Image may be NSFW.
Clik here to view.

A Thousand Monkeys Writing a JavaScript Malware Downloader: De-obfuscating...

:0
:0
January 18, 2017, 1:00 pm

There’s a theory that a thousand monkeys typing away at a thousand typewriters will eventually reproduce the works of Shakespeare. I got home one day to find a JavaScript downloader semi-randomly...

View Article
Browsing latest articles
Browse All 16 View Live
More Pages to Explore .....
Search

Latest Images

Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

April 14, 2024, 8:14 am
Have you seen Michael Wines? Burien man has been missing since Saturday,...

Have you seen Michael Wines? Burien man has been missing since Saturday,...

April 12, 2024, 3:59 pm
Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

April 11, 2024, 5:27 pm
19 Reader-Favourite March Purchases — From Steals To Splurges

19 Reader-Favourite March Purchases — From Steals To Splurges

April 11, 2024, 5:07 am
Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

April 9, 2024, 4:00 pm
People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm
First Pictures of the Eclipse ! ! !

First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm
People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm
Highlights - Bringing young people to the forefront of EU policy making -...

Highlights - Bringing young people to the forefront of EU policy making -...

April 8, 2024, 8:41 am
People's Blog • Germany Bans the Number 44

People's Blog • Germany Bans the Number 44

April 8, 2024, 2:19 am