Analysis of King Ouroboros Ransomware
King Ouroboros is a family of ransomware that encrypts files and appends the .[id=XXXXXXXXXX][[email protected]].limbo extension and drops ransom note file Read-Me-Now.txt.
Category: Reverse Engineering
Solving Saycure Binary CTF for beginners
This is a quick walk-through for Saycure Beginner CTF challenge (a.exe). There were two samples provided one was windows binary and other UNIX binary.
Analysis of multiplatform Java Jacksbot Backdoor
Jacksbot is a multi-platform backdoor which can run on multiple operating systems as it is a java application. Jacksbot can also be quoted as a RAT (Remote Access Tool) as it has abilities to connect to a command and control server. It has a limited set of commands associated but is enough to make a […]
Analysis of NetWiredRC trojan
NetWiredRC is a trojan used by APT33 group which allows remote unauthorized access and control of an affected computer. An attacker can perform more than 100 different actions on an infected computer using this remote access tool. This article includes analysis of entire command and control structure of the malware. In this specific version of […]
Solving Say Cure CTF capture Madagascar
Here is a video showing how to solve SayCure’s CTF challenge capture madagascar.
MalwareTech’s vm1 : Static Analysis Walkthrough
This is a quick walkthrough for MalwareTech’s Beginner Malware Reversing CTF challenge Virtual Machine 1(vm 1).
MalwareTech’s shellcode 2 : Static Analysis Walkthrough
This is quick walkthrough for MalwareTech’s challange shellcode 2. It is quite similar to shellcode 1 but gets a little deep.
MalwareTech’s shellcode 1 : Static Analysis Walkthrough
This is a quick walkthrough for Shellcode 1, one of the static analysis challanges by MalwareTech.
MalwareTech’s Strings 3 : Static Analysis walkthrough
This is a walkthrough for MalwareTech’s Static Analysis Challange for beginners. The first two challanges strings 1 and strings 2 are pretty simple and don’t require a walkthrough. Strings 3 is also quite easy but it is not so easy for complete beginners without proper tools and understanding.
Manually unpacking executables using OLLYdbg and ImportREC
In this blog post I am going to show you how to manually unpack any packed executables. Malware authors and other commercial software authors pack their executables to make them unreadable and to make it difficult for analyst/reverse engineers to analyse and reverse the application. But anyhow the application will have to unpack itself in […]
Things to consider before starting to Analyse a Malicious Executable Sample for Reversing
There is always something that might go wrong because of a simple mistake while analysing a malicious sample. You should always be careful as it might get you in some serious troubles. In this blog post, I will try to mention all the precautions you should take to remain on the safer side and some […]
Reverse Engineering : For Loops, Switch statements and their representation
In this blog, we will be looking at how the loops are represented in lower assembly language. Here we will take some simple to complex programs in Higher level language like C/C++ and compile them to create an executable. We will then disassemble the executable to analyse how different loops are represented or optimized by […]