RogueKiller 9 on the tracks! 1

RogueKiller 9 on the tracks!   We are currently developing the version 9 of RogueKiller, by rewriting everything (engine) from scratch. It will take several months yet, but will be a great and exciting new thing!   What will change?   Almost everything, except the UI. Basically, we are building what will be called the […]

ZA2

Adobe reader installe McAfee

PUP Removal 8

PUP Removal   How to remove PUP     What is a PUP?   A PUP (for Potentially Unwanted Program) is a usually a program you didn’t install by yourself, or you did install by error. It often comes in bundled installers, where several additional programs are installed when you originally wanted to install only […]


Facebook scams: A look behind the scene

Facebook scams: A look behind the scene   Facebook ‘Shocking’ videos, why you shouldn’t click on them. A look behind the scene   You’ve probably all seen such catchy title, with often the same patterns “Wow! You won’t believe what this XXXX guy/woman does”, and a catchy video thumbnail as well. We all want to […]

2014-02-17 13_43_03-Video

apifilter1

APIMonitor is handy!

APIMonitor is handy!   Presentation of a forensic tool, APIMonitor (Rohitab)   [INFO] This is a blog post moved from original location   Here’s a little analysis showing up how to combine classic tools such as Ollydbg with high level tools like APIMonitor. This helps to have a quick overview on the program / malware […]


Chronicles of a PE Infector

Chronicles of a PE Infector   Coding and Analysis of a PE infector PoC   [INFO] This is a blog post moved from original location   Recently while roaming on forums I came across a basic tutorial on “how to make a PE infector”. It was explaining how to modify a PE (.exe or .dll) […]

Capture

Capture2

DiffView – Test on ZeroAccess

DiffView – Test on ZeroAccess   Analysis of ZeroAccess trojan with DiffView   [INFO] This is a blog post moved from original location   DiffView is a tool able to display the modifications made by a program on the system. You can see which files are modified, which are created. You can also see which […]


Win32.Symmi naked – Decryption 3

Win32.Symmi naked – Decryption   Analysis of Win32.Symmi : Find the key and decrypt the files   [INFO] This is a blog post moved from original location Recently on Malekal.com forum, I came across a challenge. Some people got infected by a brand new ransomware having the particularity to encrypt documents (based on extension, .jpg, […]

List of compromised files

Capture

PE smallest executable

PE smallest executable   PE structure: Make the smallest executable   [INFO] This is a blog post moved from original location   Recently I faced a problem in my devs. I needed an executable that does nothing, but the smallest as possible (to include it in a shellcode). Here’s the C++ code:   #include windows.h […]