Archives

All posts for the month September, 2012

Examining a piece of malware for strings (sequences of printable characters) can reveal a few clues about what the malware does, or what it is capable of doing. Part three started disassembling the functions to see how closely their behaviour matched the predictions in part two, but sadly ended just as things were getting exciting. In part four, the saga continues. Continue Reading

Examining a piece of malware for strings (sequences of printable characters) can reveal a few clues about what the malware does, or what it is capable of doing. Part two predicted the behaviour of some functions, based on which strings they referenced. Part three will start to disassemble these functions to see how closely the predicted behaviour  matches their actual behaviour. Continue Reading

You’d think that with fifteen years experience working in I.T., and the experience working with computers before that, that I would have learned to save my work often! I figured that I’d be ok, as the WordPress web interface keeps telling me that it has saved a draft copy. That was fine until I somehow wiped out a whole load of content only to then have the WordPress web interface save the remaining text as the draft. Continue Reading

Examining a piece of malware for strings (sequences of printable characters) can reveal a few clues about what the malware does, or what it is capable of doing. Part two demonstrates one way of finding the functions that reference the strings, and uses this information to hazard a guess at what those functions do. Continue Reading

Examining a piece of malware for strings (sequences of printable characters) can reveal a few clues about what the malware does, or what it is capable of doing. Most malware is packed or otherwise obfuscated these days, and this series of articles demonstrates one of the reasons why. Continue Reading