Click here to download all references as Bib-File.
2023-05-26 ⋅ cocomelonc ⋅ Malware development trick - part 30: Find PID via NtGetNextProcess. Simple C++ example. |
2023-05-19 ⋅ cocomelonc ⋅ Malware source code investigation: AsyncRAT AsyncRAT |
2023-05-11 ⋅ cocomelonc ⋅ Malware development trick - part 28: Dump lsass.exe. Simple C++ example. Cobalt Strike APT3 Keylogger |
2023-05-08 ⋅ cocomelonc ⋅ Malware analysis report: WinDealer (LuoYu Threat Group) WinDealer |
2023-04-27 ⋅ cocomelonc ⋅ Malware development trick - part 27: WinAPI LoadLibrary implementation. Simple C++ example. |
2023-04-16 ⋅ cocomelonc ⋅ Malware AV/VM evasion - part 15: WinAPI GetProcAddress implementation. Simple C++ example. |
2023-04-08 ⋅ cocomelonc ⋅ Malware AV/VM evasion - part 15: WinAPI GetModuleHandle implementation. Simple C++ example. |
2023-03-24 ⋅ cocomelonc ⋅ Malware AV/VM evasion - part 14: encrypt/decrypt payload via A5/1. Bypass Kaspersky AV. Simple C++ example. |
2023-03-09 ⋅ Github (cocomelonc) ⋅ Malware AV/VM evasion - part 13: encrypt/decrypt payload via Madryga. Simple C++ example. |
2023-02-20 ⋅ cocomelonc ⋅ Malware AV/VM evasion - part 12: encrypt payload via TEA. Simple C++ example. |
2023-02-12 ⋅ cocomelonc ⋅ Malware AV/VM evasion - part 11: encrypt payload via DES. Simple C++ example. |
2023-02-10 ⋅ cocomelonc ⋅ Malware analysis: part 8. Yara rule example for MurmurHash2. MurmurHash2 in Conti ransomware Conti |
2023-02-02 ⋅ cocomelonc ⋅ Malware analysis: part 7. Yara rule example for CRC32. CRC32 in REvil ransomware REvil |
2023-01-20 ⋅ cocomelonc ⋅ Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example. |
2023-01-04 ⋅ Malware development tricks: part 26. Mutex. C++ example. AsyncRAT Conti HelloKitty |
2022-12-21 ⋅ cocomelonc ⋅ Malware development tricks: part 25. EnumerateLoadedModules. Simple C++ example. |
2022-12-09 ⋅ cocomelonc ⋅ Malware development: persistence - part 20. UserInitMprLogonScript (Logon Script). Simple C++ example. Attor Zebrocy |
2022-11-27 ⋅ cocomelonc ⋅ Malware development tricks: part 24. ListPlanting. Simple C++ example. InvisiMole |
2022-11-16 ⋅ cocomelonc ⋅ Malware development: persistence - part 19. Disk Cleanup Utility. Simple C++ example. |
2022-11-05 ⋅ cocomelonc ⋅ Malware analysis: part 6. Shannon entropy. Simple python script. |