• 17 May 2016 mak #analysis #malware #kbot

    Newest addition to a happy family: KBOT

    Article thumbnail

    At the beginning of the May here in Poland we have couple of free days. 3rd May is Constitution Day, and May 1st is Labour Day. Most of us use those days to unwind after winter, but some malware authors apparently didn’t: a few weeks ago, our friends started …

    Read more
  • 09 March 2016 mak

    MadProtect, not that mad

    Article thumbnail

    Some weeks ago we stumbled on a packer that our tools could not break. Surprisingly, this is actually not that common since most of the malware in the wild uses some sort of RunPE technique which is relatively trivial to break using simple memory tracing. MadProtect is not any different …

    Read more
  • 09 September 2015 mak #injection #malware #RE

    A funny little obfuscation technique

    Article thumbnail

    Recently we ran across a quite an interesting sample, which used an interesting obfuscation technique that was beautiful in its simplicity. But before we dive in, let us provide some background for it. One of the easier and most common techniques for automatic unpacking is to hook kernel32!WriteProcessMemory and …

    Read more