1. JM Safe

    Malware analysis Project57 ransomware analysis

    Ok guys, despite now it seems this ransomware is detected by more AVs on VirusTotal report the sample seems difficult to detect in the test against Bitdefender (posted by @Der.Reisende) here: Video - Bitdefender Antivirus Free [v1.0.14.76] vs Project57 ransomware Project57 seems to no have...
  2. adelfr2009

    Solved svchost.exe process in syswow64 folder problem consuming CPU

    Hi guys, I need help with this unnamed process svchost in syswow64 folder . it consumes more than 50% of CPU. Sometimes there are 3, only one uses the CPU. When it's running, it closes my browser when I try to find solutions for it. I can close the process, but after a certain time (almost 1h)...
  3. xSploit

    Practical Malware Analysis

    For those interested in Malware Analysis, check out this open courseware by Sam Bowne Class CNIT 126: Practical Malware Analysis (Contains: Lecture Notes · Projects/Labs · Links · Training Materials · Assorted Resources) Practical Workshop (Contains: Projects · Challenges) Note: NO...
  4. Aerdian

    Discuss Question Regarding Malware Samples

    I have more recently gotten into malware analysis (the last 4-5 months) and I had a few questions about finding and downloading malware samples. I download samples to analyze the malware, test AV programs and see how the detection ratios are. Then, I send any samples that are malicious that...
  5. JM Safe

    SecureMyBit DHScan (EXE Analyzer) - Beta Released

    Hello to all! SecureMyBit DHScan (SecureMyBit DeepHeuristic Scan) is a very simple to use and fast EXE Analyzer, which can detect suspicious behaviour in analyzed executables via an algorithm that uses specified impairment indicators. You can analyze a single file or an entire folder of...
  6. S

    Is fakenet really worth it?

    Hello everyone, I have been analyzing malware for quite sometime now, but have always used Wireshark to observe the C2 domains between two VM hosts. However, a while back a co-worker of mine mentioned Fakenet-ng. Has anyone played with this tool? Is it worth it? Thank you for your time. :)
  7. O

    Q&A Avast pop up : URL/ MAL

    I get this message on one website (at the moment) and its my own website. I tried to remove the malware but no results. Would be nice to get some help:) TY!
  8. frogboy

    CrowdStrike launches malware search engine

    CrowdStrike launched CrowdStrike Falcon MalQuery, the first malware search and intelligence component of its CrowdStrike Falcon Search Engine for cybersecurity data. CrowdStrike has built the largest searchable threat database in the cybersecurity industry, ingesting more than 51 billion...
  9. N

    Wifi file warning

    Is this a valid message? Please advise.
  10. Y

    Malware analysis Need help on analyzing this suspicious .doc file

    Hello, Recently, I received this suspicious document (can be downloaded at mal_doc.zip) -- password: infected (if required) but could not figure out how the embedded shellcode works. Here is so far what I have got: Through debugging, the macro is trying to decode the following encoded...
  11. K

    Q&A VM setup to run and test detection of malware

    Hi Guys, I am looking to create a (hopefully highly customizable) VM to infect with malware so I can test a few malware detection scripts etc. My original plan was to download the ISO myself from the source website (i.e. Get Ubuntu | Download | Ubuntu) and go from there, but I was wondering if...
  12. kumarsinhasingh

    Help me to takedown this Malware Hosting (domain) DNS

    Hello guys i am a big fan of Internet Security related things. I am not professional and Special IT guy. But with all my potential i used to hunt malware and report to Virustotal and sometimes make DNS abuse report to DNS owner to block and terminate hacker from connections. My main goal is to...
  13. Y

    Malware analysis Need help on this shellcode analysis

    Hello, all I am studying malware analysis and recently came across some kind of very complicated malware. The landing page contains multiple stages of encoded Javascripts that will eventually download the flash file for next stage infection. Moreover, I also found there seem to have some...
  14. Spawn

    Update Metadefender Cloud Client for Windows and Chrome - Free Malware Analysis Tool

    Find out more about Cloud Client for Windows - Free Malware Analysis Tool Find out more about extension for Chrome - Secure Online Downloading A fast, light, and effective security browser extension that scans each in-browser download for malicious code and vulnerabilities. Scan before you...
  15. S

    Potential Malware - CryptoProviderInstaller but signature is invalid FP?

    Hi Everyone, HitmanPro was doing a routine scan, file date is 01/26/17.I have a file that is potentially malicious, has an invalid/no digital signature and is from Intel. It has a 55% malicious rating and I am on the fence about what to do. Anyone's advice would be appreciated! Screenshots...
  16. T

    Malware analysis Trojan/Win32.Zerber(Cerber)-static technical inspection

    The sample is written in C++, since it is very difficult to gather the original source code, in this analysis I used PEiD to perform an initial inspection of the PE (but above all a string analysis) and Snowman to perform a simple code analysis (but not the real original source code of the...
  17. T

    Q&A Help needed to create Virtual Machine for Malware Analysis

    Hello everyone, I am Tarun, I am new to MalwareTips and I am posting as I require help from you guys in setting up a Virtual Machine for malware analysis, I have a lot of interest in testing malware but I read that VMware's settings need to be modified so as to use it for malware testing or else...
  18. SKG2016

    Question: About Malware Sample Testing

    Hi everyone I am new to malwaretips. I am setting up a virtual machine and a dedicated LAN network with VPN for malware testing. I wonder if the malware sample provided in the forum would auto-run itself since I need to batch rename them in my virtual machine and I don't want it to be infect...
  19. jacksparrow12

    Q&A Security for Android Device

    Hi, Please Help me with the current issue : Does Security is essential for Android Devices ? Does Android Devices gets easily attacked by viruses or malwares ? How to sole the above issues if infected ? Thanks
  20. T

    Malware analysis Backdoor.MSIL.NanoBot - Static Technical Analysis

    SHA256: 1bd52146e7240e771d1b7f8f9f8e30f51f28f0b6968ff71bd9b2b2829ba7b6be File name: 1bd52146e7240e771d1b7f8f9f8e30f51f28f0b6968ff71bd9b2b2829ba7b6be.exe File Size: 298496 bytes File Type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly...