Category Archives: Anti-virus

A quick look at the current emotet encoding

I have went thru several samples today of this type of encoding but todays sample will be from ExecuteMalware @executemalware located here and the Twitter reference is here. Here we can see that only 3 of the urls are displayed. … Continue reading

Posted in Malware, Programming, security | Tagged , , | Leave a comment

Chasing malware down the rabbit hole to see where it goes.

Lets start this journey with the blog post by Pondurance  titled “777 RANSOMWARE COMBINES WITH TRICKBOT” located here. There is not a whole lot here but it describes 2 layers of shellcode  and some indicator’s and the first is the … Continue reading

Posted in Malware, PowerShell, security | Tagged , , | Leave a comment

A deeper look inside one of the new Emotet Malware Docs

The sample here comes from a quick search supplied by ANY.RUN @anyrun_app  of #emotet-doc to filter quickly on documents you want to look at. Twitter reference Here and the link to the file we are going to use Here. One … Continue reading

Posted in Malware | Tagged , , , | Leave a comment

Another Look at the Rig Exploit Kit

It has been awhile since I have written up anything on this exploit kit since it had moved to the background more and I have not seen as may samples as I used to. It has gone thru many changes … Continue reading

Posted in Malware | Tagged , , | Leave a comment

Those Pesky Powershell Shellcode’s And How To Understand Them

Shellcode comes in various forms for different operating systems. Some can just be dropped into a hex editor and get the needed understanding what it is doing , some may require looking at the generated assembly code generated by a … Continue reading

Posted in Malware, Networking, PowerShell | Tagged , , | Leave a comment

A deeper look at Equation Editor CVE-2017-11882 with encoded Shellcode

Our sample today comes from My Online Security @dvk01uk from this Twitter thread Here.  The First one I had started to work on comes from this Twitter thread  here from April 26 of 2019. The encoding on the shellcode uses … Continue reading

Posted in Malware, security | Tagged , , , | 1 Comment

A look at Stomped VBA code and the P-Code in a Word Document

This sample comes from a Twitter discussion here and a second part of the thread here on April 22 2019. This discussion was started by “My Online Security @dvk01uk “. Although it appears to have a vba file in it … Continue reading

Posted in Malware | Tagged , , | Leave a comment