malware analysis – Page 5 – WindowsTechs.com

To OOB, or Not to OOB?: Why Out-of-Band Communications are Essential for Incident Response

Posted on December 29, 2022 by Roza Maille

tl;dr Communications are critical during an incident. If you cannot coordinate, collaborate, and inform actions and information about an incident, the incident response will eventually fail. Normally, this isn’t an issue, as organizations have resources like Microsoft 365 email, SharePoint, Slack, and Teams to use to communicate with each other. However, what happens when those…

The post To OOB, or Not to OOB?: Why Out-of-Band Communications are Essential for Incident Response appeared first on TrustedSec.

Continue reading To OOB, or Not to OOB?: Why Out-of-Band Communications are Essential for Incident Response→

Regsvr32.exe – is the DLL launched instantly after registration?

Posted on December 15, 2022 by Tedeusz

Malware often abuses regsvr32.exe to launch malicious DLLs but in the regsvr32 MS documentation I haven’t found any information about launching registered DLLs. What is the trigger to launch the DLL after registration – it’s caused by DLL’… Continue reading Regsvr32.exe – is the DLL launched instantly after registration?→

How to check if a Firefox add-on is malicious?

Posted on December 11, 2022 by J. Doe

How to check if a Firefox add-on is malicious ?
I’m interested about this one currently : https://addons.mozilla.org/en-US/firefox/addon/istilldontcareaboutcookies/
It got a Github repo

Continue reading How to check if a Firefox add-on is malicious?→

Found several potentially malicious PHP files but not sure what they are doing? [duplicate]

Posted on December 2, 2022 by John T

A friend found several suspicious PHP files on his server when we was upgrading his Wordpress install. They are all in the public_html folder and the filenames are the name of his domain with seemingly random digits next it.
I’ve "bea… Continue reading Found several potentially malicious PHP files but not sure what they are doing? [duplicate]→

I tried to analyse a pcap file on wireshark it had malware on it and the content was encoded how can I decode? [closed]

Posted on October 23, 2022 by Sreelakshmi M

I tried tools like decode as, file > Export object> Http,none of them gave me the answer how can I decode it.

Continue reading I tried to analyse a pcap file on wireshark it had malware on it and the content was encoded how can I decode? [closed]→

How do I go about analysing VirusTotal and Hatching Triage’s memdumps?

Posted on October 17, 2022 by CBot

I normally use volatility to analyse memory dumps, however, in this case it doesn’t seem to be working. I get a "Symbol table not found" kind of error, even though I have downloaded and extracted all symbols tables and volatility… Continue reading How do I go about analysing VirusTotal and Hatching Triage’s memdumps?→

Malware application in Android [closed]

Posted on October 5, 2022 by Gregor

Is there some website that give us the possibility to download malware APK in order to study it? I’m interested to study the abuse of android.permission.RECORD_AUDIO in Android 8.

Continue reading Malware application in Android [closed]→

Can I trust companies that test antimalware software? [closed]

Posted on September 12, 2022 by Kristal

Do they lie? I mean companies something like AV-TEST, AV-Comparatives, Virus Bulleting, ERG Effitas, etc.

Continue reading Can I trust companies that test antimalware software? [closed]→

Raspberry Robin and Dridex: Two Birds of a Feather

Posted on September 1, 2022 by Kevin Henson

IBM Security Managed Detection and Response (MDR) observations coupled with IBM Security X-Force malware research sheds additional light on the mysterious objectives of the operators behind the Raspberry Robin worm. Based on a comparative analysis between a downloaded Raspberry Robin DLL and a Dridex malware loader, the results show that they are similar in structure […]

The post Raspberry Robin and Dridex: Two Birds of a Feather appeared first on Security Intelligence.

Continue reading Raspberry Robin and Dridex: Two Birds of a Feather→

Can ransomware impact SSD drives?

Posted on August 23, 2022 by user5623335

I was watching this DefCon talking about Solid State Drives (SSDs) destroying forensic and data recovery jobs. It was interesting to note, that the speaker did acknowledge that it is unknown how long deleted files will remain recoverable f… Continue reading Can ransomware impact SSD drives?→