Home

Hello world! It’s July and this is another blog post on malware analysis. I came up with the idea to write this blog because I feel that beginners in the malware analysis field should understand this topic thoroughly as it is commonly used by modern malware. The reasons malware authors implement this technique are fairly simple. To avoid st...

Malware commonly uses hashing algorithms for various purposes, such as creating hashes, API hashing, obfuscating malicious code, and verifying the integrity of data. Some of the most commonly used hashing algorithms in malware include MD5, SHA-1, SHA-256, CRC32, and custom algorithms. In this blog, we will examine a few hashing algorithms from ...

General What to look for in Maldoc analysis? URLs to download second payload such as fileless commands or executable Commands such as Powershell, Javascript, wscript, etc Filenames such as what it is downloaded and where it been downloaded Embedded file signatures such as PE header with MZ magic bytes Encoded file or commands Lab’...

Linux Forensic in a nutshell: Validate compromised Interviewing client/user/administrator (what, why, how, when, where, who?) Live response commands / Run triage scripts Collect evidence Live response triage script collection Disk image Memory dump Investigation and analysis ...

During a Windows Forensics engagement, I occasionally find myself forgetting essential tasks or unintentionally skipping analyzing importants artifacts. Therefore, this checklist (along with cheatsheet) could help myself (or readers) and ensure that I adhere to a systematic workflow when conducting Windows Forensics. Typical Forensic investigat...

In this post, we will be discussing a disturbing new trend in malicious Android apps that have been targeting users in Malaysia. These apps, which have been disguised as legitimate services such as Cleaning service, have been found to contain SMS stealer and banking credential phishing capabilities, putting the sensitive information of their vic...

Generally, the attacker will use the below techniques in leveraging Microsoft Office features and vulnerabilities: Exploits Macros Remote template injection and many more… In this post, we will learn various techniques on how to make malicious documents that can execute our malicious code. Of course, to make it simple we will just run ...

Introduction When doing an analysis or investigation on a malware, what is the important things to solve or to answer in analysing the malware? This checklist may help us to determine what is the goal when we’re doing a malware analysis on a malware, so it can avoid us from reversing/analysing part of the malicious code that does not important ...