Category: Reverse Engineering

Category: Reverse Engineering

Getting a PlugX builder

PlugX has been a well-known RAT for the last 5 years, and we have written many blog posts about it. However, there has never been known released builders for this RAT, except the one from Ahnlab which allows the building of very old samples (2011), and another which was discussed in our previous post. Using

Following Process Hollowing in OllyDbg

Overview Process Hollowing is a common technique used by modern malware to create a process which appears legitimate when viewed in tools such as Task Manager, but whose code has in fact been replaced with malicious content. This post will outline the API calls used in Process Hollowing and will explain how to follow the

BadRabbit Orion Malware Report

This malware report aims at giving a technical analysis of the BadRabbit ransomware using the Orion Malware analysis platform. It gives a technical interpretation of the Orion Malware report and focuses on discussing the similarities and distinctions between BadRabbit and NotPetya’s design and behaviour. What’s the Difference Between Bad Rabbit and NotPetya? BadRabbit is made

The OXID Resolver [Part 2] – Accessing a Remote Object inside DCOM

In the previous OXID Resolver Part 1 article [1], a way to remotely enumerate the network interfaces on a recent Windows OS machine has been described. This method does not require the knowledge of user credentials and relies on the ServerAlive2() RPC method. The latter is held by the IOXIDResolver interface. This article is dedicated

Back to top