Author Archives: pcsxcetrasupport3
More adventures with shell code and the Shikata Ga Nai Encoder
The other day I was given a sample vbscript file by Paul Melson @pmelson so I could take a look at the odd shell code in it. Here is the original script. This starts out as a normal script running … Continue reading
A quick look at the current emotet encoding
I have went thru several samples today of this type of encoding but todays sample will be from ExecuteMalware @executemalware located here and the Twitter reference is here. Here we can see that only 3 of the urls are displayed. … Continue reading
Chasing malware down the rabbit hole to see where it goes.
Lets start this journey with the blog post by Pondurance titled “777 RANSOMWARE COMBINES WITH TRICKBOT” located here. There is not a whole lot here but it describes 2 layers of shellcode and some indicator’s and the first is the … Continue reading
A deeper look inside one of the new Emotet Malware Docs
The sample here comes from a quick search supplied by ANY.RUN @anyrun_app of #emotet-doc to filter quickly on documents you want to look at. Twitter reference Here and the link to the file we are going to use Here. One … Continue reading
Another Look at the Rig Exploit Kit
It has been awhile since I have written up anything on this exploit kit since it had moved to the background more and I have not seen as may samples as I used to. It has gone thru many changes … Continue reading
Those Pesky Powershell Shellcode’s And How To Understand Them
Shellcode comes in various forms for different operating systems. Some can just be dropped into a hex editor and get the needed understanding what it is doing , some may require looking at the generated assembly code generated by a … Continue reading
A deeper look at Equation Editor CVE-2017-11882 with encoded Shellcode
Our sample today comes from My Online Security @dvk01uk from this Twitter thread Here. The First one I had started to work on comes from this Twitter thread here from April 26 of 2019. The encoding on the shellcode uses … Continue reading
A look at Stomped VBA code and the P-Code in a Word Document
This sample comes from a Twitter discussion here and a second part of the thread here on April 22 2019. This discussion was started by “My Online Security @dvk01uk “. Although it appears to have a vba file in it … Continue reading
A look at a bmp file with embedded shellcode
The sample today is from PaulM @melsonp While watching his BSIDES Augusta talk from 2018 Here, at that the end he shows a picture file that gets downloaded from a layered PowerShell script. He was kind enough to send me … Continue reading
A deeper look into a wild VBA Macro
This Sample comes from Brad Duncan @malware_traffic from his SANS ICS Diary located Here and the Files on His blog Here. For this session I will be using “2019-01-23-example-of-attached-Word-doc-1-of-7” word document. I ended up looking at this from different directions … Continue reading
PC's Xcetra Support 