• Posts Tagged ‘malware’

    Quick Update on ~I32SUN.EXE

    by  • May 26, 2012 • Uncategorized

    After my initial excitement died down, I sat down and took a look at the ~I32SUN.exe file and was saddened to find it looked just like CMD.exe. Hoping for something modified or different, I threw both files into BinDiff, but was saddened to see a ...

    Read more →

    Demystifying zfkeymonitor.exe

    by  • February 2, 2012 • Uncategorized

    Update: Upon further analysis of this and other files that appeared releated, this dropper appears to be a modified version of zxshell. Thanks to Binjo for the translation help and Nick Bloor for assisting with testing and analyzing zfkeymonitor.e...

    Read more →

    Smart Hash Google Gadget

    by  • January 2, 2012 • Uncategorized

    Hashes and malware go together. When you get a new piece of malware the first thing you should do is create a hash and search for any information available on it. In some cases you may turn up nothing at all, but other times you may end up with a ...

    Read more →

    Googling Malware Makes Sense

    by  • December 22, 2011 • Uncategorized

    A couple weeks ago I submitted a sitemap containing thousands of PDF X-RAY report URLs to Google Webmaster tools. The thought behind this was that Google would index the decoded, decrypted PDF content of malicious files, so that I could search on ...

    Read more →

    Kim Jong-il PDF Malware

    by  • December 20, 2011 • Uncategorized

    Update: See also http://blog.trendmicro.com/kim-jong-il-malicious-spam-found/comment-page-1/#c... This is just meant to be a quick post and not a full analysis. After checking PDF X-RAY this morning I came across a file that contained a good amoun...

    Read more →

    Toying With MS11-050

    by  • June 28, 2011 • Uncategorized

    Update 06/29/2011 - 3:46PM I have modified a local copy of the exploit file I have to run safetly (no shellcode) and still get a crash. Initially I suspected that the final aspects of the JavaScript did not play too much in the role of the crash. ...

    Read more →