H3llo, d34r fr13nd
In this chapter of our analysis, we will look at the sample in question by using a combination of a debugger (OllyDbg) and a disassembler (IDA Pro). Specifically, I will show you how Stration prepares itself for an API call.
H3llo, d34r fr13nd
In this chapter of our analysis, we will look at the sample in question by using a combination of a debugger (OllyDbg) and a disassembler (IDA Pro). Specifically, I will show you how Stration prepares itself for an API call.
H3ll0 ReLearEx-Nation,
in the second part of my hooking series, I want to show how to hook the Interrupt Descriptor Table (IDT). The IDT is an array that is able to contain at most 256 descriptors. Each of them is 8 byte in size.
Read more
H3llo ReLearEx-Nation,
A few days ago, I had the idea to write a short series of hooking techniques. In this post, I will demonstrate how the Import Address Table of a running PE module can be hooked successfully.
Read more
Hello,
In this blog post, I want to write about the basic dynamic analysis to gain insight into the activities performed by the Stration.
Hello 🐱💻
At the end of my last post, I unpacked the malware sample using the -d switch provided by UPX. Now, I will demonstrate other ways to unpack it. To do this, I will use OllyDbg.
Hello,
In this blog post I will talk about the Worm ‘Stration’ (aka ‘Warezov’ or just ‘Strat’). It is a worm which has its first appearance between the end of 2006 and beginning of 2007 – so, nearly ten years ago. The sample I use has the following SHA256 value: f671318c0dee143118188a670cef72bbac08d898e47815f1ea54da88bc3bd3c6
When you start with the analysis of a malicious file, one rule is to try to obtain a general overview before putting it under the microscope and looking at every little detail of the sample. Thus, I plan to divide the whole analysis into smaller chunks. In this part, I want to apply basis static analysis techniques to gain some small but important properties of the sample before I dive into a more deeper analysis.