• Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg
  • Delicious

Anti-Malware Laboratory

Yet Another Malware Blog

About

An informal blog from your friendly neighborhood software security humans.

Blog Archive

  • ▼  2015 (5)
    • ▼  October (1)
      • Another Macro Script Technique in Executing Malware
    • ►  August (2)
    • ►  May (1)
    • ►  March (1)
  • ►  2014 (8)
    • ►  October (1)
    • ►  July (1)
    • ►  June (1)
    • ►  May (4)
    • ►  April (1)
  • ►  2013 (12)
    • ►  December (3)
    • ►  November (5)
    • ►  August (2)
    • ►  March (2)
  • ►  2012 (35)
    • ►  April (4)
    • ►  March (12)
    • ►  February (17)
    • ►  January (2)

Categories

adobe (1) android (10) android february (1) baksmali (1) Black Hole (2) crimepack (1) disassembler (1) exploit (3) Exploits (4) Fakeav Winrar sfx (1) Fishbowl (1) flash (1) gift certificates (1) Google Authenticator (1) google play (1) hcp (1) java (1) Malware (5) mdac (1) Mobile (24) NSA Mobility Program (1) obfuscated script (1) pdf (1) Reversing (2) rhino (1) skype (1) smali (1) spam (1) test (1) Unpacking (1) vouchers (1) vulnerability (3)

Popular Posts

  • Bank of America spam: An Analysis
    An email claiming to be from Bank of America lures users to open an attachment that shows how to open secure emails from the bank. The mess...
  • [BE CAUTIOUS] Dragon Ball Z: Resurrection of F MALWARE and SCAM
    Be wary of downloading movies in torrent sites.  Executables can also be executed with a file size as huge as a gigabyte...
  • Unpacking MFC Compiled CryptoWall Malware
    Unpacking MFC Compiled CryptoWall Malware Introduction First and foremost, this article does not intend to analyze what CryptoWall malw...

Visitors to this blog

Friday, October 9, 2015

Another Macro Script Technique in Executing Malware

Posted on Friday, October 09, 2015 by bernadette | No comments
Recently I came across with a macro malware that uses a technique quite new to me. If macro is enabled, macro script does the following: Save the Doc file as RTF file, 300.rtf and 301.rtf Open the 300.rtf file with an embedded PE file Then execute the PE file Lets start analyzing the file and see how it successfully used the above trick. Upon inspecting the file in Hiew...
Read More

Wednesday, August 12, 2015

New Crypto 3.0 sample

Posted on Wednesday, August 12, 2015 by Unknown | 1 comment
August 11, 2015, one of our systems managed to get a new sample belonging to the family of Cryptowall 3 (Crowti). Using ThreatSecure Networks' behavioral determination, we were able to confirm the "maliciousness" of this sample as it exhibited the following notable behaviors "Runs an exe in the system folder" "Creates a hidden file" "Known malicious behavior, Crowti related" "Opens...
Read More

Friday, August 7, 2015

Uncovering a new MFC downloader

Posted on Friday, August 07, 2015 by Unknown | No comments
Last July 23, 2015, ThreatTrack's new product, ThreatSecure Network (TSN), uncovered a new sample that was not detected by any major antivirus vendors. Using TSN's unique behavioral determination engine, we were able to tag that a particular sample going through one of our appliances was possibly malicious. Our engine determined that it performed anomalous behaviors...
Read More

Wednesday, May 20, 2015

[BE CAUTIOUS] Dragon Ball Z: Resurrection of F MALWARE and SCAM

Posted on Wednesday, May 20, 2015 by Red Horse | 4 comments
Be wary of downloading movies in torrent sites.  Executables can also be executed with a file size as huge as a gigabyte.   A recent Dragon Ball Z movie from Japan was released entitled Dragon Ball Z: Resurrection 'F'  has been making rounds as of this writing.  References at: http://en.wikipedia.org/wiki/Dragon_Ball_Z:_Resurrection_%27F%27 Searching...
Read More

Monday, March 30, 2015

Unpacking MFC Compiled CryptoWall Malware

Posted on Monday, March 30, 2015 by Unknown | 5 comments
Unpacking MFC Compiled CryptoWall Malware Introduction First and foremost, this article does not intend to analyze what CryptoWall malwares are (since many malware researchers did that already) but instead this analysis is focused on unpacking MFC compiled cryptowall. You can also download this MFC tutorial by Externalist on this site https://tuts4you.com/download.php?view.2509...
Read More

Thursday, October 23, 2014

Upatre: .ENC File Extension

Posted on Thursday, October 23, 2014 by bernadette | No comments
Cybercriminals uses different techniques to pass through different kinds of network intrusion defenses the users have in their system to avoid malwares. This time criminals have found a new way to deceive users and be able steal important information by encrypting the file and making it unexecutable with a file extension of either “.ENC” or “.EXE”. These files are known to...
Read More
Older Posts Home
Subscribe to: Posts (Atom)
volute-glacial
volute-glacial
 volute-glacial
volute-glacial
Copyright © 2025 Anti-Malware Laboratory | Powered by Blogger
Design by Fabthemes | Blogger Template by NewBloggerThemes.com