1. adelfr2009

    Solved svchost.exe process in syswow64 folder problem consuming CPU

    Hi guys, I need help with this unnamed process svchost in syswow64 folder . it consumes more than 50% of CPU. Sometimes there are 3, only one uses the CPU. When it's running, it closes my browser when I try to find solutions for it. I can close the process, but after a certain time (almost 1h)...
  2. xSploit

    Practical Malware Analysis

    For those interested in Malware Analysis, check out this open courseware by Sam Bowne Class CNIT 126: Practical Malware Analysis (Contains: Lecture Notes · Projects/Labs · Links · Training Materials · Assorted Resources) Practical Workshop (Contains: Projects · Challenges) Note: NO...
  3. Aerdian

    Discuss Question Regarding Malware Samples

    I have more recently gotten into malware analysis (the last 4-5 months) and I had a few questions about finding and downloading malware samples. I download samples to analyze the malware, test AV programs and see how the detection ratios are. Then, I send any samples that are malicious that...
  4. D

    Malware Analysis Dynamic Forking identification [TIPS ONLY]

    Hi all! Dynamic Forking has many names. You can refer to it as 'Process Hollowing' or 'RunPE'. It is a technique which used to be quite prevalent in malicious software but has plummeted down a bit because it isn't very common in threats like Ransomware and those sort of threats are mostly...
  5. D

    Malware Analysis Trojan.Keylogger (keylogger analysis)

    Introduction Keyloggers. A keylogger is a type of malware (malicious software) and is very well known for causing a lot of destruction since they became prevalent in the wild; they can be used to spy on someone generally speaking (steal chat logs) or hack into people's accounts through theft of...
  6. D

    Malware Analysis xRatLocker Ransomware Analysis

    Introduction This thread is to go over some results of my manual analysis for a malware sample which was shared by @Der.Reisende over on the malware hub today. The threat name is xRatLocker (Ransomware) and you can find the original thread link here...
  7. JM Security

    SecureMyBit DHScan (EXE Analyzer) - Beta Released

    Hello to all! SecureMyBit DHScan (SecureMyBit DeepHeuristic Scan) is a very simple to use and fast EXE Analyzer, which can detect suspicious behaviour in analyzed executables via an algorithm that uses specified impairment indicators. You can analyze a single file or an entire folder of...
  8. D

    Malware Analysis Code injection identification [Malware Analysis]

    Some images would not load properly so I attached them to the thread. They should all be in order. Code injection and malware analysis Introduction Code injection is a technique which is applied by many different types of malware (“malicious software”) for different purposes. Of course, the...
  9. S

    Is fakenet really worth it?

    Hello everyone, I have been analyzing malware for quite sometime now, but have always used Wireshark to observe the C2 domains between two VM hosts. However, a while back a co-worker of mine mentioned Fakenet-ng. Has anyone played with this tool? Is it worth it? Thank you for your time. :)
  10. O

    Q&A Avast pop up : URL/ MAL

    I get this message on one website (at the moment) and its my own website. I tried to remove the malware but no results. Would be nice to get some help:) TY!
  11. frogboy

    CrowdStrike launches malware search engine

    CrowdStrike launched CrowdStrike Falcon MalQuery, the first malware search and intelligence component of its CrowdStrike Falcon Search Engine for cybersecurity data. CrowdStrike has built the largest searchable threat database in the cybersecurity industry, ingesting more than 51 billion...
  12. N

    Wifi file warning

    Is this a valid message? Please advise.
  13. Y

    Malware Analysis Need help on analyzing this suspicious .doc file

    Hello, Recently, I received this suspicious document (can be downloaded at mal_doc.zip) -- password: infected (if required) but could not figure out how the embedded shellcode works. Here is so far what I have got: Through debugging, the macro is trying to decode the following encoded...
  14. K

    Q&A VM setup to run and test detection of malware

    Hi Guys, I am looking to create a (hopefully highly customizable) VM to infect with malware so I can test a few malware detection scripts etc. My original plan was to download the ISO myself from the source website (i.e. Get Ubuntu | Download | Ubuntu) and go from there, but I was wondering if...
  15. kumarsinhasingh

    Help me to takedown this Malware Hosting (domain) DNS

    Hello guys i am a big fan of Internet Security related things. I am not professional and Special IT guy. But with all my potential i used to hunt malware and report to Virustotal and sometimes make DNS abuse report to DNS owner to block and terminate hacker from connections. My main goal is to...
  16. Y

    Malware Analysis Need help on this shellcode analysis

    Hello, all I am studying malware analysis and recently came across some kind of very complicated malware. The landing page contains multiple stages of encoded Javascripts that will eventually download the flash file for next stage infection. Moreover, I also found there seem to have some...
  17. Spawn

    Update Metadefender Cloud Client for Windows and Chrome - Free Malware Analysis Tool

    Find out more about Cloud Client for Windows - Free Malware Analysis Tool Find out more about extension for Chrome - Secure Online Downloading A fast, light, and effective security browser extension that scans each in-browser download for malicious code and vulnerabilities. Scan before you...
  18. S

    Potential Malware - CryptoProviderInstaller but signature is invalid FP?

    Hi Everyone, HitmanPro was doing a routine scan, file date is 01/26/17.I have a file that is potentially malicious, has an invalid/no digital signature and is from Intel. It has a 55% malicious rating and I am on the fence about what to do. Anyone's advice would be appreciated! Screenshots...
  19. T

    Malware Analysis Trojan/Win32.Zerber(Cerber)-static technical inspection

    The sample is written in C++, since it is very difficult to gather the original source code, in this analysis I used PEiD to perform an initial inspection of the PE (but above all a string analysis) and Snowman to perform a simple code analysis (but not the real original source code of the...
  20. T

    Q&A Help needed to create Virtual Machine for Malware Analysis

    Hello everyone, I am Tarun, I am new to MalwareTips and I am posting as I require help from you guys in setting up a Virtual Machine for malware analysis, I have a lot of interest in testing malware but I read that VMware's settings need to be modified so as to use it for malware testing or else...