After my initial excitement died down, I sat down and took a look at the ~I32SUN.exe file and was saddened to find it looked just like CMD.exe. Hoping for something modified or different, I threw both files into BinDiff, but was saddened to see a ...
Read more →I have been keeping a private collection of malicious PDFs (not for long - ;) ) stored in my MongoDB repository. The collection started off with 30 and progressed as I pulled PDFs off the Internet and the local network. I now have a couple thousan...
Read more →In my last post I mentioned that I wanted to put together an API for my malpdfobj tool, so sharing could be easier. The good news is that I have the RESTful API functioning complete with interactive API documentation, python interfaces and the abi...
Read more →One of the most important elements to a malicious PDF is the content and payload within it. Up until this point the PDF malware object my tool outputted just contained various details about the structure, hashings and scanning data which was great...
Read more →I finally got a chance to sit down and work on the format for a malicious sample that would then get inserted into MongoDB. I am not certain if this is exactly how the final format will be represented, but it does work for now in storing a lot of ...
Read more →Breaking out of my normal postings for a moment, I wanted to ask some of the companies who have been visiting this blog to establish a line of contact with me. I can't be certain those from these companies are actually reading what I write, but if...
Read more →