Exploits and Exploit kits play a major role in the spread of malware. Learn how they work and how to protect yourself from such threats.
Ransomware became the threats of the web. Learn how they work, their effects, and how to protect yourself from such malware.
Yara has become a pretty popular standard in the Anti-malware industry to write signatures for malware detections. Many Anti-malware vendors, sandboxes vendors, HIPS vendors, CERTs or IT administrators are using rules to either detect malware based on the file, or to analyze network packets and trigger an alert when something malicious occurs.
Yara is a signature syntax and scanning engine, it’s available with a library or a bunch of scripts. We, at Adlice Software, are specialized in making Yara easy and convenient to use. We are offering a desktop application to write, organize and test your rules into a local database, or in text files.Details
Get an anti-malware removal report with a very simple cuckoo sandbox customization. Learn how Cuckoo works and how to add custom modules.
Adlice PEViewer is a tool used by many researchers at Antivirus companies or CERT worldwide in order to perform malware static analysis.
Malicious software sometimes try to hide their goals in order to evade detection and static analysis. By doing so, they leave indicators, metadatas and suspicious modifications behind.
Adlice PEViewer searches, finds and lists these artifacts to help researchers making up their mind on a suspicious file. The tool uses robust PE parser as well as analysis engine and heuristics detections to build these indicators. PEViewer also relies on 3rd party scanners like VirusTotal for which it displays the results. All of this together allows the tool to build severity scores.Details
RunPE: How to hide code behind a legit process – RunPE is a trick used by some malware to hide code into a legit process. Learn how to detect.
PUPs (for potentially unwanted programs) are harmless by design, most of the time. Here we will study a case where such program behaves like a rootkit.
Internet Explorer extensions (BHO) are a very stealth way to inject code in a web browser. Learn how it works to better prevent further infections.