Click here to download all references as Bib-File.•
2023-06-23
⋅
MSSP Lab
⋅
Malware source code investigation: Paradise Ransomware Paradise |
2023-06-19
⋅
Github (cocomelonc)
⋅
Malware AV/VM evasion - part 17: bypass UAC via fodhelper.exe. Simple C++ example. Glupteba |
2023-06-15
⋅
Github (cocomelonc)
⋅
Malware analysis report: Babuk ransomware Babuk |
2023-06-09
⋅
cocomelonc
⋅
Malware development trick - part 33. Syscalls - part 2. Simple C++ example. |
2023-06-07
⋅
cocomelonc
⋅
Malware development trick - part 32. Syscalls - part 1. Simple C++ example. |
2023-06-04
⋅
Github (cocomelonc)
⋅
Malware development trick - part 31: Run shellcode via SetTimer. Simple C++ example. |
2023-06-02
⋅
MSSP Lab
⋅
Malware analysis report: SNOWYAMBER (+APT29 related malwares) GraphicalNeutrino |
2023-05-26
⋅
cocomelonc
⋅
Malware development trick - part 30: Find PID via NtGetNextProcess. Simple C++ example. |
2023-05-19
⋅
cocomelonc
⋅
Malware source code investigation: AsyncRAT AsyncRAT |
2023-05-11
⋅
cocomelonc
⋅
Malware development trick - part 28: Dump lsass.exe. Simple C++ example. Cobalt Strike APT3 Keylogger |
2023-05-08
⋅
cocomelonc
⋅
Malware analysis report: WinDealer (LuoYu Threat Group) WinDealer |
2023-04-27
⋅
cocomelonc
⋅
Malware development trick - part 27: WinAPI LoadLibrary implementation. Simple C++ example. |
2023-04-16
⋅
cocomelonc
⋅
Malware AV/VM evasion - part 15: WinAPI GetProcAddress implementation. Simple C++ example. |
2023-04-08
⋅
cocomelonc
⋅
Malware AV/VM evasion - part 15: WinAPI GetModuleHandle implementation. Simple C++ example. |
2023-03-24
⋅
cocomelonc
⋅
Malware AV/VM evasion - part 14: encrypt/decrypt payload via A5/1. Bypass Kaspersky AV. Simple C++ example. |
2023-03-09
⋅
Github (cocomelonc)
⋅
Malware AV/VM evasion - part 13: encrypt/decrypt payload via Madryga. Simple C++ example. |
2023-02-20
⋅
cocomelonc
⋅
Malware AV/VM evasion - part 12: encrypt payload via TEA. Simple C++ example. |
2023-02-12
⋅
cocomelonc
⋅
Malware AV/VM evasion - part 11: encrypt payload via DES. Simple C++ example. |
2023-02-10
⋅
cocomelonc
⋅
Malware analysis: part 8. Yara rule example for MurmurHash2. MurmurHash2 in Conti ransomware Conti |
2023-02-02
⋅
cocomelonc
⋅
Malware analysis: part 7. Yara rule example for CRC32. CRC32 in REvil ransomware REvil |