-
Recent Posts
Recent Comments
Archives
- May 2022
- April 2022
- December 2021
- November 2021
- July 2021
- May 2021
- March 2021
- August 2020
- July 2020
- March 2020
- February 2020
- January 2020
- October 2019
- September 2019
- July 2019
- May 2019
- April 2019
- March 2019
- January 2019
- November 2018
- October 2018
- August 2018
- July 2018
- May 2018
- April 2018
- December 2017
- November 2017
- October 2017
- August 2017
- April 2017
- February 2017
- November 2016
- September 2016
- August 2016
- July 2016
- June 2016
- April 2016
- March 2016
- February 2016
- January 2016
- November 2015
- April 2014
- December 2013
- September 2013
- July 2013
- June 2013
- April 2013
- December 2012
- August 2012
- July 2012
- June 2012
- May 2012
- March 2012
- February 2012
- December 2011
- November 2011
- October 2011
- August 2011
- December 2009
Categories
Meta
Tag Archives: VBScript
More on Yara And Building Rules
I’ve been learning how to build and modify yara rules lately but my biggest pain was getting the formattting correct. In a recent Twitter thread Here James @James_inthe_box posted where asyncrat was using pastebin to host their encoded rat. My … Continue reading
Posted in Malware, Programming, VBScript
Tagged Malware Analysis, ThreatHunting, VBScript, Yara
2 Comments
Ursa Loader and the many rabbit holes
On August 4th 2020 JAMESWT @JAMESWT_MHT posted on Twitter here about malware spam hitting Italy using ursa loader. I mainly look at the obfuscation and this vbscipt looked rather interesting. Little did I know what I was in for. So … Continue reading
Another Look at the Rig Exploit Kit
It has been awhile since I have written up anything on this exploit kit since it had moved to the background more and I have not seen as may samples as I used to. It has gone thru many changes … Continue reading
Posted in Malware
Tagged JavaScript, Malware Analysis, VBScript
Comments Off on Another Look at the Rig Exploit Kit
A look at a Word document macro using Invoke-DOSfuscation
The sample from this one comes from Packet Wire @packet_Wire. Twitter thread here After getting the location of the Word document and downloading it. The file name was “Auditor-of-State-Notification-of-EFT-Deposit” with hash values of. Sha1: 4C7C8B1897CA22E4E477C361DAF676D471A4F4AFSha256: EBDA287F6B33A0C7A689E1D8FDE7ABC708C9DFBCA2759A56CD055868B2CC0911MD5: 35756ECC87405E42F62DEEEEF18FD43A Let’s dive into … Continue reading
Posted in Malware, PowerShell, VBScript
Tagged Malware Analysis, PowerShell, VBScript
Comments Off on A look at a Word document macro using Invoke-DOSfuscation
Peeling away the layers of a word document macro
The sample used in this one was first brought to my attention from the blog post by @HerbieZimmerman and the blog post is here. https://www.herbiez.com/?p=1028 and the link to the doc file is here https://www.hybrid-analysis.com/sample/0de3f4380b642e59d0cde5570ed13bfc727000b94a034ce10e1f87bfac3fac79?environmentId=100 This one peaked my interest … Continue reading
Posted in Malware, PowerShell, security, VBScript
Tagged Malware Analysis, PowerShell, VBScript
Comments Off on Peeling away the layers of a word document macro
Get the Security Descriptor of a Windows Service With WMI
Reason for Project: A while back I wrote a little utility to temporarily turn off the Microsoft Security Essentials Anti-Virus / Anti-Malware service. In January of 2013 I discovered that my application no longer worked due to an Access denied … Continue reading
Posted in CodeProject
Tagged VB.Net, VBScript, WMI
Comments Off on Get the Security Descriptor of a Windows Service With WMI
Converting VB Script To VB.Net
My Last Post Titled “Event 10 Mystery Solved” (found here.), Left me with a Question about the binary version of the SID, A returned value of CreatorSID: 1,5,0,0,0,0,0,5,21,0,0,0,190,118,173,34,87,198,105,19,239,226,7,24,244,1,0,0 I started searching the net to see if anyone has posted a … Continue reading
Posted in CodeProject, Programming Tools, System Tools, VB.net, VBScript
Tagged SID, VB, VB.Net, VBScript
Comments Off on Converting VB Script To VB.Net