Category: magic number

• Recmos Rat Basic Analysis Using BinaryRefinery

  As part of my malware analysis learning journey, I came across this interesting analysis by @Cryptoware at https://www.youtube.com/watch?v=YPQuru6RISo&ab_channel=CryptoW%40re. The analyst uses the regular expression based, find-and-replace feature of SublimeText, to de-obfuscate a RemcosRat Malware Sample (Windows BAT file variant). The BAT file has 2 components – a part obfuscated in Arabic text and another base…

  raghavan

  March 18, 2025

  binary files, cybersecurity, magic number, malware-analysis, Uncategorized

  binaryrefinery, malware-analysis, python, recmosrat

• Finding the PE Magic header using Windbg

  I have been learning Windbg lately and try to apply what I have learnt via simple experiments on Window files. Here is how I was able to extract the magic header – MZ of an EXE image. After opening the binary into Windbg, First, lets get the image base address using lm (load modules). The…

  raghavan

  September 26, 2024

  binary files, magic number, malware-analysis, Uncategorized

  malware-analysis, PE-files, python, windbg