It’s quite common for malware to take code from the Windows API and use it for a malicious purpose. For example,…
Tag: malware analysis
How to Unpack a Self-Injecting Citadel Trojan
The Citadel Trojan is nothing new, but I found one recently obtained from our collection systems and had a fun time…
A Look at Malware with Virtual Machine Detection
It’s not uncommon for the malware of today to include some type of built-in virtual machine detection. Virtual Machines (VMs) are…
Revealed: POS Malware Used in Target Attack
Security journalist Brian Krebs revealed details yesterday surrounding the malware sample used in the Target cyber-attacks, which originally took place November 27…
badBIOS: Jumping the Gap
Is it possible there exists malware capable of infecting the deepest parts of a computer? That knows exactly when you’re looking…
Using YARA to attribute malware
If you’ve performed malware research, you’ve likely observed samples that are very similar in functionality, yet have different hashes, file sizes,…
Cryptolocker ransomware: what you need to know
Update 06/02/2014: Today the US Department of Justice (DOJ) announced an effort to disrupt the Gameover Zeus Botnet. In addition to this…
ZeroAccess uses Self-Debugging
Debuggers—a tool traditionally used to find errors (called “bugs”) in code—are also used by security experts. In the field of malware…
My Memory Isn’t What It Used to Be: Part 1
When analyzing malware, what you see on disk is oftentimes not an accurate representation of what’s actually happening in memory. Today’s…
Anonymizing Traffic for your VM And Capturing Traffic
Security Level: High / Hardcore Purpose: To hide who you are while performing research through your browser AND protecting your host…