Malware Analysis
Creator of Debloat, certReport, and https://t.co/w4rAuuB7O0
Want to chat? Join the Debloat discord: https://t.co/ZcWIqa6ZA9squiblydoo.blogJoined November 2020
The code-signing certificates were reported for revocation and added to the Cert Central database for tracking.
Thank you for your report. https://t.co/MJUztMUXRX
Seems a continuation of (the real) TamperedChef, leveraging hidden characters and encoding.
The certificate "CROWN SKY LLC" was reported to issuer and added to CertCentral, were we notice they continue the same certificate behaviors as before.
Seems a continuation of (the real) TamperedChef, leveraging hidden characters and encoding.
The certificate "CROWN SKY LLC" was reported to issuer and added to CertCentral, were we notice they continue the same certificate behaviors as before. https://t.co/zeThq0SqAt
"FUD" from VirusTotal.
Signed, 112 MB file.
Lets analyze.
File is SingleFile .NET; I see this with Malcat:
Debug and Exports indicate it is SingleFile (green arrows in image)
Also, Malcat carved 270 PE out of the overlay (blue arrow), indicative of SingleFile .NET
1/8
"FUD" from VirusTotal.
Signed, 112 MB file.
Lets analyze.
File is SingleFile .NET; I see this with Malcat:
Debug and Exports indicate it is SingleFile (green arrows in image)
Also, Malcat carved 270 PE out of the overlay (blue arrow), indicative of SingleFile .NET
1/8 https://t.co/eJWmxvYtZD
File is a SingleFile executable; I unpack these using my SingleFileSolution app built using ASMResolver.
It dumps all the files into a folder for manual review.
github.com/Squiblydoo/Dot…
In this case, you end up with a small .NET app which contains the main functionality.
File is a SingleFile executable; I unpack these using my SingleFileSolution app built using ASMResolver.
It dumps all the files into a folder for manual review.
github.com/Squiblydoo/Dot…
In this case, you end up with a small .NET app which contains the main functionality. https://t.co/D0TDeWjumB
New PDFSkills: signed "Impresan Solutions OÜ"
FakePDF editor offers weak password manager, still references old code-signing certs in metadata.
f1773b399bbcfb8656c9ae9dd8f7a79c281ab04c4127e8cb8376400f45dd22be
*My previous post should say SecureAnnex
New PDFSkills: signed "Impresan Solutions OÜ"
FakePDF editor offers weak password manager, still references old code-signing certs in metadata.
f1773b399bbcfb8656c9ae9dd8f7a79c281ab04c4127e8cb8376400f45dd22be
*My previous post should say SecureAnnex https://t.co/hxQh9Ysmpz
13K Followers 309 FollowingThreat Researcher, Blue Team, DFIR, Malware Analysis, and Reverse Engineering.
“⚔️What do we say to God of malware, Not today⚔️”
18K Followers 801 FollowingThreat Intelligence Analyst |
See my Linktree for other socials |
In case I post false intel, contact me!
Support me: https://t.co/5WgDqr0K8p
🇪🇺🇩🇪🇺🇦🌈
55K Followers 3K FollowingDirector of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
278 Followers 539 FollowingTired old network VPN/Proxy engineer. Prone to misspelling and leaving words out of my Tweets
Indian guy pretending to be White. Or am I?
Not worth a follow
548 Followers 809 FollowingResearcher at Talos. No infosec drama, no opinions, no politics, Tech and Tools only. Author of Dyn. Data Resolver (Winner of Hex-Rays Plugin Contest 2020).
18K Followers 801 FollowingThreat Intelligence Analyst |
See my Linktree for other socials |
In case I post false intel, contact me!
Support me: https://t.co/5WgDqr0K8p
🇪🇺🇩🇪🇺🇦🌈
55K Followers 3K FollowingDirector of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
10K Followers 470 FollowingThreat Researcher at Check Point @_CPResearch_ #DFIR #Reversing - All opinions expressed here are mine only.
https://t.co/iWvwWF1AnN
241K Followers 202 FollowingBreaking cybersecurity and technology news, guides, and tutorials that help you get the most from your computer. DMs are open, so send us those tips!
286K Followers 72 FollowingPart of @CISAgov, we respond to major incidents, analyze threats, and exchange critical cybersecurity information with partners around the world.
71K Followers 1K FollowingWIRED writer, author of SANDWORM and now TRACERS IN THE DARK: The Global Hunt for the Crime Lords of Cryptocurrency. Andy.01 on Signal. [email protected]
2K Followers 91 FollowingWith "Focused Technical Training for All Levels", JHT has 4 types of hands-on, affordable options by All-Star experts like @_JohnHammond, et al. https://t.co/lyeW4QnALE
631K Followers 210 FollowingCzar for life of all Russians. Master Strategist. Tea connoisseur. Window installer. Author. YouTuber. Wanted in 123 countries. Parody, apparently.
4K Followers 147 FollowingA #SOCplatform boosted by #AI and #threatintelligence, combining #SIEM, #SOAR, #Automation in a single solution. Used by End-users, MSSP and APIs
2K Followers 96 FollowingDeveloper - Reverse Engineer - CTF player - Scrub.
🔧 I develop #AsmResolver, ✍️ blog at https://t.co/2WDyyrf4Rc, and sometimes 👾 hack with @Shellphish
17K Followers 1K FollowingLoves Jesus, loves others | Husband, father of 4, security solutions architect, love to learn and teach | Microsoft MVP | @TribeOfHackers | 🦋@nathanmcnulty.com
2K Followers 442 FollowingSenior Intelligence Analyst @RedCanary! Former DFIR @Mandiant, former @NetworkDefense intern. Psychology nerd. When I am not computering, I go outside and play!
60K Followers 1K FollowingSecurity information portal, testing and certification body.
Organisers of the annual Virus Bulletin conference. @[email protected]