Skip to content
MalwareAnalysis.co

MalwareAnalysis.co

Central Hub for Malware Analysis Resources

  • Our Courses
  • Research Publications
  • Resources
    • Tools
      • Windows
      • macOS
      • Linux
      • Android
    • Malware Samples
    • Cheat Sheets
    • Sandboxes
    • Threat Intelligence
    • Labs & CTFs
    • Books
  • Community
    • Twitters to Follow
    • Forums and Blogs
  • About Us
  • Contact Us

Research Publications

Antivirus Bypass Techniques

Hunting Process Injection by Windows API Calls

YouTube Channel

Ardamax Keylogger Part 3 – Malware for Fun

Ardamax Keylogger Part 2 (Dropper) – Malware for Fun

Ardamax Keylogger Part 1 (Overview) – Malware for Fun

DarkSide Ransomware Reverse Engineering

Malware Analysis – Unpacking ASPack Manually

Malware Analysis – Unpacking PECompact Manually

Malware Analysis – Unpacking UPX Manually

Malware Analysis – Mirai Botnet Huawei Exploit

Ursnif Banking Trojan Malware Analysis

Malware Analysis – Unpacking ZIP Packed Malware without Infecting your System

Security Research – YouTube

Windows Defender Antivirus Bypass PoC

Malware Analysis Workshop – Dissecting the WannaCry Ransomware

Blogs

Vitallia Trojan Returns to the Castle – MalwareAnalysis.co

Intel® Audio Driver Unquoted Service Path Vulnerability

Can Document Files Be Trusted?

MSI TrueColor Unquoted Service Path Vulnerability

Corona-virus-Map Malware Analysis

Dissecting Ardamax Keylogger

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • Click to share on Telegram (Opens in new window)

Twitter Feed

MalFuzzerUriel Kosayev@MalFuzzer·
20 May

Amazing how people running publicizing stuff they don’t verify or not sure about. A researcher is the one who always checks and verifies stuff, even and first himself.

Grzegorz Tworek@0gtweet

The SeManageVolumePrivilege _IS_NOT_ required to create a snapshot with vssadmin. Why people still spread such disinformation, instead of checking it? Verification takes seconds, while recordings of webinars containing false "knowledge" will stay with us for years.

Reply on Twitter 1527574925141233665Retweet on Twitter 15275749251412336651Like on Twitter 15275749251412336657Twitter 1527574925141233665
MalFuzzerUriel Kosayev@MalFuzzer·
19 May

Small PoC video, Shabbat shalom 😎
https://youtu.be/H9Dx5d3vuIQ

Reply on Twitter 1527422402195505152Retweet on Twitter 1527422402195505152Like on Twitter 15274224021955051522Twitter 1527422402195505152
Retweet on TwitterUriel Kosayev Retweeted
BallisKitBallisKit@BallisKit·
18 May

#ShellcodePack tip: Generate a malicious XLL and display a decoy message after the shellcode is triggered with the next options (also includes AV bypass):

-G hello.xll -t CMD --msgbox="Error, invalid office version!" --bypass

Reply on Twitter 1526967213260947458Retweet on Twitter 152696721326094745837Like on Twitter 152696721326094745895Twitter 1526967213260947458
Retweet on TwitterUriel Kosayev Retweeted
0gtweetGrzegorz Tworek@0gtweet·
18 May

Simple user-level persistence with grpconv.exe:
1. create %userprofile%\setup.ini
2. launch "grpconv.exe -o"
3. profit
Of course, grpconv.exe is provided with Windows 10, because you may need to convert Windows 3.x .grp files some day. 🙃

Reply on Twitter 1526833181831200770Retweet on Twitter 1526833181831200770202Like on Twitter 1526833181831200770684Twitter 1526833181831200770
MalFuzzerUriel Kosayev@MalFuzzer·
17 May

When your friend or student of yours finally finds a job where he is rewarded and feels good, it makes my day!

Reply on Twitter 1526470489748787200Retweet on Twitter 1526470489748787200Like on Twitter 152647048974878720013Twitter 1526470489748787200
  • Our Courses
  • Research Publications
  • Resources
    • Tools
      • Windows
      • macOS
      • Linux
      • Android
    • Malware Samples
    • Cheat Sheets
    • Sandboxes
    • Threat Intelligence
    • Labs & CTFs
    • Books
  • Community
    • Twitters to Follow
    • Forums and Blogs
  • About Us
  • Contact Us
MalwareAnalysis.co Proudly powered by WordPress