Click here to download all references as Bib-File.
| 2023-08-28 ⋅ Github (cocomelonc) ⋅ Malware and cryptography 20: encrypt/decrypt payload via Skipjack. Simple C++ example. |
| 2023-08-13 ⋅ Github (cocomelonc) ⋅ Malware and cryptography 1: encrypt/decrypt payload via RC5. Simple C++ example. |
| 2023-07-26 ⋅ cocomelonc ⋅ Malware development trick - part 35: Store payload in alternate data streams. Simple C++ example. Valak POWERSOURCE Gazer PowerDuke |
| 2023-07-16 ⋅ Github (cocomelonc) ⋅ Malware development: persistence - part 22. Windows Setup. Simple C++ example. |
| 2023-07-15 ⋅ MSSP Lab ⋅ Malware source code investigation: BlackLotus - part 1 BlackLotus |
| 2023-07-13 ⋅ MSSP Lab ⋅ Malware analysis report: BlackCat ransomware BlackCat BlackCat |
| 2023-07-07 ⋅ Github (cocomelonc) ⋅ Malware development trick - part 34: Find PID via WTSEnumerateProcesses. Simple C++ example. |
| 2023-06-26 ⋅ Github (cocomelonc) ⋅ Malware AV/VM evasion - part 18: encrypt/decrypt payload via modular multiplication-based block cipher. Simple C++ example. |
| 2023-06-23 ⋅ MSSP Lab ⋅ Malware source code investigation: Paradise Ransomware Paradise |
| 2023-06-19 ⋅ Github (cocomelonc) ⋅ Malware AV/VM evasion - part 17: bypass UAC via fodhelper.exe. Simple C++ example. Glupteba |
| 2023-06-15 ⋅ Github (cocomelonc) ⋅ Malware analysis report: Babuk ransomware Babuk |
| 2023-06-09 ⋅ cocomelonc ⋅ Malware development trick - part 33. Syscalls - part 2. Simple C++ example. |
| 2023-06-07 ⋅ cocomelonc ⋅ Malware development trick - part 32. Syscalls - part 1. Simple C++ example. |
| 2023-06-04 ⋅ Github (cocomelonc) ⋅ Malware development trick - part 31: Run shellcode via SetTimer. Simple C++ example. |
| 2023-06-02 ⋅ MSSP Lab ⋅ Malware analysis report: SNOWYAMBER (+APT29 related malwares) GraphicalNeutrino |
| 2023-05-26 ⋅ cocomelonc ⋅ Malware development trick - part 30: Find PID via NtGetNextProcess. Simple C++ example. |
| 2023-05-19 ⋅ cocomelonc ⋅ Malware source code investigation: AsyncRAT AsyncRAT |
| 2023-05-11 ⋅ cocomelonc ⋅ Malware development trick - part 28: Dump lsass.exe. Simple C++ example. Cobalt Strike APT3 Keylogger |
| 2023-05-08 ⋅ cocomelonc ⋅ Malware analysis report: WinDealer (LuoYu Threat Group) WinDealer |
| 2023-04-27 ⋅ cocomelonc ⋅ Malware development trick - part 27: WinAPI LoadLibrary implementation. Simple C++ example. |