Author Archives: pcsxcetrasupport3

About pcsxcetrasupport3

My part time Business, I mainly do system building and system repair. Over the last several years I have been building system utility's in vb script , HTA applications and VB.Net to be able to better find the information I need to better understand the systems problems in order to get the systems repaired and back to my customers quicker.

More adventures with shell code and the Shikata Ga Nai Encoder

The other day I was given a sample vbscript file by Paul Melson  @pmelson  so I could take a look at the odd shell code in it. Here is the original script. This starts out as a normal script running … Continue reading

Posted in Malware, PowerShell, Programming, security | Tagged , , | Comments Off on More adventures with shell code and the Shikata Ga Nai Encoder

A quick look at the current emotet encoding

I have went thru several samples today of this type of encoding but todays sample will be from ExecuteMalware @executemalware located here and the Twitter reference is here. Here we can see that only 3 of the urls are displayed. … Continue reading

Posted in Malware, Programming, security | Tagged , , | Comments Off on A quick look at the current emotet encoding

Chasing malware down the rabbit hole to see where it goes.

Lets start this journey with the blog post by Pondurance  titled “777 RANSOMWARE COMBINES WITH TRICKBOT” located here. There is not a whole lot here but it describes 2 layers of shellcode  and some indicator’s and the first is the … Continue reading

Posted in Malware, PowerShell, security | Tagged , , | Comments Off on Chasing malware down the rabbit hole to see where it goes.

A deeper look inside one of the new Emotet Malware Docs

The sample here comes from a quick search supplied by ANY.RUN @anyrun_app  of #emotet-doc to filter quickly on documents you want to look at. Twitter reference Here and the link to the file we are going to use Here. One … Continue reading

Posted in Malware | Tagged , , , | Comments Off on A deeper look inside one of the new Emotet Malware Docs

Another Look at the Rig Exploit Kit

It has been awhile since I have written up anything on this exploit kit since it had moved to the background more and I have not seen as may samples as I used to. It has gone thru many changes … Continue reading

Posted in Malware | Tagged , , | Comments Off on Another Look at the Rig Exploit Kit

Those Pesky Powershell Shellcode’s And How To Understand Them

Shellcode comes in various forms for different operating systems. Some can just be dropped into a hex editor and get the needed understanding what it is doing , some may require looking at the generated assembly code generated by a … Continue reading

Posted in Malware, Networking, PowerShell | Tagged , , | 1 Comment

A deeper look at Equation Editor CVE-2017-11882 with encoded Shellcode

Our sample today comes from My Online Security @dvk01uk from this Twitter thread Here.  The First one I had started to work on comes from this Twitter thread  here from April 26 of 2019. The encoding on the shellcode uses … Continue reading

Posted in Malware, security | Tagged , , , | 1 Comment

A look at Stomped VBA code and the P-Code in a Word Document

This sample comes from a Twitter discussion here and a second part of the thread here on April 22 2019. This discussion was started by “My Online Security @dvk01uk “. Although it appears to have a vba file in it … Continue reading

Posted in Malware | Tagged , , | Comments Off on A look at Stomped VBA code and the P-Code in a Word Document

A look at a bmp file with embedded shellcode

The sample today is from PaulM @melsonp While watching his BSIDES Augusta talk from 2018  Here,  at that the end he shows a picture file that gets downloaded from a layered PowerShell script. He was kind enough to send me … Continue reading

Posted in Malware, PowerShell, security | Tagged , , | Comments Off on A look at a bmp file with embedded shellcode

A deeper look into a wild VBA Macro

This Sample comes from Brad Duncan @malware_traffic from his SANS ICS Diary located Here and the Files on His blog Here. For this session I will be using “2019-01-23-example-of-attached-Word-doc-1-of-7” word document. I ended up looking at this from different directions … Continue reading

Posted in Malware, Programming, VBScript | Tagged , | Comments Off on A deeper look into a wild VBA Macro