After my initial excitement died down, I sat down and took a look at the ~I32SUN.exe file and was saddened to find it looked just like CMD.exe. Hoping for something modified or different, I threw both files into BinDiff, but was saddened to see a ...
Read more →Hashes and malware go together. When you get a new piece of malware the first thing you should do is create a hash and search for any information available on it. In some cases you may turn up nothing at all, but other times you may end up with a ...
Read more →While taking a break from malicious PDFs, I decided it would be a good idea to start breaking down some of these well-known exploit kits. I have seen a couple good write ups on how the kits are spreading and becoming successful, but not too much i...
Read more →Back when I was looking at averages of information collected across random/malicious documents, I noted that filesize seemed to be a helper in narrowing down whether or not a file could be suspicious (see malicious filter). Ever since I began coll...
Read more →Last night I pulled down a PDF off the network, ran it through my PDF X-RAY (unreleased - still waiting on the conference feedback) tool and was happy to see another new entry that could be added to the collection. The PDF itself came from a known...
Read more →I was taking a look at a case today where the potentially malicious site had a bunch of JS that looked a little weird. As I was going through my files I notices thar jQuery was being used on the site and it got me thinking. You tend to see jQuery ...
Read more →