Tag Archives: VBScript

More on Yara And Building Rules

Posted on May 10, 2021 by pcsxcetrasupport3

I’ve been learning how to build and modify yara rules lately but my biggest pain was getting the formattting correct. In a recent Twitter thread Here James @James_inthe_box  posted where asyncrat was using pastebin  to host their encoded rat. My … Continue reading

Posted in Malware, Programming, VBScript | Tagged , , , | 2 Comments

Ursa Loader and the many rabbit holes

Posted on August 10, 2020 by pcsxcetrasupport3

On August 4th 2020 JAMESWT @JAMESWT_MHT posted on Twitter here about malware spam hitting Italy using ursa loader. I mainly look at the obfuscation and this vbscipt looked rather interesting. Little did I know what I was in for. So … Continue reading

Posted in Malware, security | Tagged , , , | 3 Comments

Another Look at the Rig Exploit Kit

Posted on September 15, 2019 by pcsxcetrasupport3

It has been awhile since I have written up anything on this exploit kit since it had moved to the background more and I have not seen as may samples as I used to. It has gone thru many changes … Continue reading

Posted in Malware | Tagged , , | Comments Off on Another Look at the Rig Exploit Kit

A look at a Word document macro using Invoke-DOSfuscation

Posted on July 28, 2018 by pcsxcetrasupport3

The sample from this one comes from  Packet Wire @packet_Wire. Twitter thread here  After getting the location of the Word document and downloading it. The file name was “Auditor-of-State-Notification-of-EFT-Deposit” with hash values of. Sha1: 4C7C8B1897CA22E4E477C361DAF676D471A4F4AFSha256: EBDA287F6B33A0C7A689E1D8FDE7ABC708C9DFBCA2759A56CD055868B2CC0911MD5: 35756ECC87405E42F62DEEEEF18FD43A Let’s dive into … Continue reading

Posted in Malware, PowerShell, VBScript | Tagged , , | Comments Off on A look at a Word document macro using Invoke-DOSfuscation

Peeling away the layers of a word document macro

Posted on November 18, 2017 by pcsxcetrasupport3

The sample used in this one was first brought to my attention from the blog post by @HerbieZimmerman  and the blog post is here. https://www.herbiez.com/?p=1028 and the link to the doc file is here https://www.hybrid-analysis.com/sample/0de3f4380b642e59d0cde5570ed13bfc727000b94a034ce10e1f87bfac3fac79?environmentId=100 This one peaked my interest … Continue reading

Posted in Malware, PowerShell, security, VBScript | Tagged , , | Comments Off on Peeling away the layers of a word document macro

Get the Security Descriptor of a Windows Service With WMI

Posted on June 5, 2013 by pcsxcetrasupport3

Reason for Project: A while back I wrote a little utility to temporarily turn off the Microsoft Security Essentials Anti-Virus / Anti-Malware service. In January of 2013 I discovered that my application no longer worked due to an Access denied … Continue reading

Posted in CodeProject | Tagged , , | Comments Off on Get the Security Descriptor of a Windows Service With WMI

Converting VB Script To VB.Net

Posted on November 12, 2011 by pcsxcetrasupport3

My Last Post Titled “Event 10 Mystery Solved” (found here.), Left me with a Question about the binary version of the SID, A returned value of  CreatorSID: 1,5,0,0,0,0,0,5,21,0,0,0,190,118,173,34,87,198,105,19,239,226,7,24,244,1,0,0 I started searching the net to see if anyone has posted a … Continue reading

Posted in CodeProject, Programming Tools, System Tools, VB.net, VBScript | Tagged , , , | Comments Off on Converting VB Script To VB.Net