Tag: malware-analysis

• Recmos Rat Basic Analysis Using BinaryRefinery

  As part of my malware analysis learning journey, I came across this interesting analysis by @Cryptoware at https://www.youtube.com/watch?v=YPQuru6RISo&ab_channel=CryptoW%40re. The analyst uses the regular expression based, find-and-replace feature of SublimeText, to de-obfuscate a RemcosRat Malware Sample (Windows BAT file variant). The BAT file has 2 components – a part obfuscated in Arabic text and another base…

  raghavan

  March 18, 2025

  binary files, cybersecurity, magic number, malware-analysis, Uncategorized

  binaryrefinery, malware-analysis, python, recmosrat

• Finding the PE Magic header using Windbg

  I have been learning Windbg lately and try to apply what I have learnt via simple experiments on Window files. Here is how I was able to extract the magic header – MZ of an EXE image. After opening the binary into Windbg, First, lets get the image base address using lm (load modules). The…

  raghavan

  September 26, 2024

  binary files, magic number, malware-analysis, Uncategorized

  malware-analysis, PE-files, python, windbg

• TryHackMe Basic Malware RE -Strings::Challenge 3

  Introduction This series of posts provides a writeup of the tools and methods I used to crack the Malware RE samples listed in the following THM Room – https://tryhackme.com/r/room/basicmalwarere. In this writeup, we look at the 3rd challenge (Strings3). I am a malware RE newbie and these methods are by no means the best way…

  raghavan

  September 23, 2024

  binary files, malware-analysis, tryhackme, Uncategorized

  malware-analysis, python, re-ctf, tryhackme

• TryHackMe Basic Malware RE -Strings::Challenge 2

  Introduction This series of posts provides a writeup of the tools and methods I used to crack the Malware RE samples listed in the following THM Room – https://tryhackme.com/r/room/basicmalwarere. In this writeup, we look at the 2nd challenge (Strings2). I am a malware RE newbie and these methods are by no means the best way…

  raghavan

  September 22, 2024

  binary files, malware-analysis, tryhackme, Uncategorized

  malware-analysis, python, re-ctf, tryhackme

• TryHackMe Basic Malware RE -Strings::Challenge 1

  Introduction This series of posts provides a walkthru of the tools and methods I used to crack the Malware RE samples listed in the following THM Room – https://tryhackme.com/r/room/basicmalwarere. I am a malware RE newbie and these methods are by no means the best way to crack the samples and find the flag. Comments and…

  raghavan

  September 21, 2024

  binary files, malware-analysis, tryhackme, Uncategorized

  malware-analysis, python, re-ctf, tryhackme

• Preliminary Analysis of the WannaCry Malware Dropper

  Table Of Contents Executive Summary The following are hashes of the main dropper executable. md5sum db349b97c37d22f5ea1d1841e3c89eb4 sha256sum 24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c WannaCry is a ransomware cryptoworm which has the ability to encrypt files on an infected host and propagate through a network by itself. It attacked computers worldwide in 2017 until its march was stopped by a researcher…

  raghavan

  September 10, 2024

  cybersecurity, malware-analysis

  malware-analysis, pmat, reverse-engineering, wannacry, writeup

• Sysinternals Talk

  A fascinating talk on the Sysinternals tool by it’s creator

  raghavan

  April 27, 2023

  Articles, cybersecurity, ethical hacking

  link, malware-analysis, sysinternals