Deobfuscation – WindowsTechs.com

NOKKI Malware Sports Mysterious Link to Reaper APT Group

Posted on October 2, 2018 by Tara Seals

The relationship between the malware and the APT group remains somewhat murky. Continue reading NOKKI Malware Sports Mysterious Link to Reaper APT Group→

[SANS ISC] Windows Batch File Deobfuscation

Posted on July 26, 2018 by Xavier

I published the following diary on isc.sans.org: “Windows Batch File Deobfuscation“: Last Thursday, Brad published a diary about a new ongoing campaign delivering the Emotet malware. I found another sample that looked the same. My sample was called ‘Order-42167322776.doc’ (SHA256:4d600ae3bbdc846727c2922485f9f7ec548a3dd031fc206dbb49bd91536a56e3 and looked the same as the one analyzed Brad. The

[The post [SANS ISC] Windows Batch File Deobfuscation has been first published on /dev/random]

Continue reading [SANS ISC] Windows Batch File Deobfuscation→

[SANS ISC] Obfuscating without XOR

Posted on June 22, 2017 by Xavier

I published the following diary on isc.sans.org: “Obfuscating without XOR“. Malicious files are generated and spread over the wild Internet daily (read: “hourly”). The goal of the attackers is to use files that are: not know by signature-based solutions not easy to read for the human eye That’s why many

[The post [SANS ISC] Obfuscating without XOR has been first published on /dev/random]

Continue reading [SANS ISC] Obfuscating without XOR→

[SANS ISC] Analysis of a Maldoc with Multiple Layers of Obfuscation

Posted on April 21, 2017 by Xavier

I published the following diary on isc.sans.org: “Analysis of a Maldoc with Multiple Layers of Obfuscation“. Thanks to our readers, we get often interesting samples to analyze. This time, Frederick sent us a malicious Microsoft Word document called “Invoice_6083.doc” (which was delivered in a zip archive). I had a quick

[The post [SANS ISC] Analysis of a Maldoc with Multiple Layers of Obfuscation has been first published on /dev/random]

Continue reading [SANS ISC] Analysis of a Maldoc with Multiple Layers of Obfuscation→

[SANS ISC] Diverting built-in features for the bad

Posted on March 30, 2017 by Xavier

I published the following diary on isc.sans.org: “Diverting built-in features for the bad“. Sometimes you may find very small pieces of malicious code. Yesterday, I caught this very small Javascript sample with only 2 lines of code… [Read more]

[The post [SANS ISC] Diverting built-in features for the bad has been first published on /dev/random]

Continue reading [SANS ISC] Diverting built-in features for the bad→