Skip to main content

Analyzing Malicious Documents


Comments

Popular posts from this blog

Intro To Malware Analsys

Hi Folks, here I will analyze a malware which is possible packed with nspack. Details are below: SHA256: 5df0b1b07143c880c76d6e82253a20192981c83c3ea68bf86ffede6b17c01da4 File name: 5df0b1b07143c880c76d6e82253a20192981c83c3ea68bf86ffede6b17c01da4 First, we will do static analysis of the file. Using string utility: we see following things. most of the strings are obfuscated or encrypted content. we saw the strings like. nsp0 .nsp1. .nsp2.if  we google it we can know that it is a packer which based on NS packer. VirusTotal Analysis: Upon analysis using virus Total we saw detection 49 out of 55 which is a malicious in nature so we should unpack the malware because without unpacking the malware looks obfuscated and it is not possible to debug the instruction.it looks like below in IDA As we saw above we saw custom sections like ns0 ns1 ns2 and OEP starts with PUSHF PUSHA which is indication of a packer.we can confirm it

Top N Malware Analysis Tools

Hello folks, hope you are in good health in this lockdown. during my day to day work i invest time in reverse engineering, coding and some malware analysis. so thought to share these info which can help. A malware analysis and research are very trivial process for an organization to track down threats, malicious actors whose main intention to turn down organization’s reputation and economy. Also, this applies to government organization where they conduct targeted attacks like APT (Advance Persistent Threat). In general attacks can be combination of vulnerabilities, exploit and malwares . Security companies produces antivirus product, IDS, IPS, sandboxes and EDR products to track down those threats to protects organizations. An antivirus product contains both behavioral and signature-based even a combination of sandbox mechanism, which is given by security researcher to block these attack attempt A Malware researcher generally use both static and dynamic analysis of malware sampl

Buffer Overflow Attack on Windows

Generally Exploiting In windows system is very tough,though you have to overcome various protection and bypass.In some cases you have to use Kernel Mode exploits. And also we will show you the target machine which we will perform attack is XP,otherwise if we will try on win7,win8,win10, then we will have to cross the path where all doors are closed.hope you got my point.First we will discuss some of the protection mechanism here. ASLR DEP SEH SAFESEH SEHOP Control Flow Guard(CFG) Stack Compiler Option(/GS cookie option) EMET Heap Isolation and many more coming............. But before starting our exploit development process we should know some theory which is very necessary.Otherwise we are in the middle of way and we don't know the path to go around. Windows Memory Layout   In an X86 system, when a application starts,a process is created and virtual memory assigned.so the address space ranges from 0x00000000 to 0xFFFFFFFF which is called user-land level of OS.If the address range