Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Analyzing SCR file
Message
<blockquote data-quote="Fumerol_X" data-source="post: 1054814" data-attributes="member: 96010"><p>First of all guys I'm amazed about the help provided and your knowledge !</p><p></p><p>I'm currently working as a sysadmin sharing my time with cybersecurity tasks, spending my free time on hacking forums, trying to learn as much as I can (offensive and defensive). I'm planning to work as a SOC Analyst for 2024. But malware analysis is definitely a field I want to dive into in my free time. </p><p></p><p>Ow, and by the way I'm french so I'll probably have few questions about some words I didn't get. And pardon my English </p><p></p><p>[USER=93976]@Sandbox Breaker[/USER]@ :</p><p>- "File shows no GUI which further indacated their MO to stay hidden" > what "MO" stands for ? </p><p>- "Unique Code" > that means that the malware is new / not already known ? </p><p></p><p>Thanks for the tools shared ! I added some I didn't have yet (especially Xcitium, Intelix, Hatching)</p><p></p><p>- "Sophos ML Broken by this sample. Reputation is known but high TTD (Time to detect)." What do you mean by "Reputation is known but </p><p>high TTD" ? </p><p></p><p>How did you submitted the file to "Microsoft Threat Expert" ? Is it through the Microsoft Defender portal related to Microsoft 365 ? </p><p>I'm familiar with Microsoft 365, got the MS-500 and the interface makes me think of it.</p><p></p><p>- "Ok so here is Microsoft Deep Analysis(SAND BOX). Still waiting on their Human Analyst." > You mean that when a file is submitted and is not </p><p>known by the tool, there is a human analysis after that ? </p><p></p><p>- "Xcitium Broken but waiting on their Human Analysts also." > What do you mean by "Broken" ? I saw you used it before for Sophos ML, </p><p>does that mean "Xcitium doesn't work" ? </p><p></p><p></p><p>[USER=86910]@struppigel[/USER]@ :</p><p></p><p>"DnSpy does not work here because it cannot open .NETCore App singlefiles. You can open it with ILSpy, though." > Got it ! I'm adding this tool to my list <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /> </p><p></p><p>"The more interesting part will be the downloaded file. The levelcomputer.zip is 192 MB in size, so VT is not fond of it. I am gonna check if I can remove some bloat to share the file." </p><p>As far as I know VT can accept file up to 700Mb, what do you mean that it will not be fond of it ? </p><p>What do you mean by "Removing some bloat" ? I only know the term "Bloatware", however I know a method that consists of adding useless data to a payload in order to make it bigger and less trivial to analyze it, is it what you are talking about ? </p><p></p><p>[USER=101350]@Xeno1234[/USER]@ : </p><p></p><p>- "Original file is also UDS, so I guess it wasn’t detected by Scanner at all." > What do you mean by "UDS" ? I know FUD that makes a malware not recognizable</p><p></p><p>- "We do truely love System Watcher." > What is "System Watcher" ?</p></blockquote><p></p>
[QUOTE="Fumerol_X, post: 1054814, member: 96010"] First of all guys I'm amazed about the help provided and your knowledge ! I'm currently working as a sysadmin sharing my time with cybersecurity tasks, spending my free time on hacking forums, trying to learn as much as I can (offensive and defensive). I'm planning to work as a SOC Analyst for 2024. But malware analysis is definitely a field I want to dive into in my free time. Ow, and by the way I'm french so I'll probably have few questions about some words I didn't get. And pardon my English [USER=93976]@Sandbox Breaker[/USER]@ : - "File shows no GUI which further indacated their MO to stay hidden" > what "MO" stands for ? - "Unique Code" > that means that the malware is new / not already known ? Thanks for the tools shared ! I added some I didn't have yet (especially Xcitium, Intelix, Hatching) - "Sophos ML Broken by this sample. Reputation is known but high TTD (Time to detect)." What do you mean by "Reputation is known but high TTD" ? How did you submitted the file to "Microsoft Threat Expert" ? Is it through the Microsoft Defender portal related to Microsoft 365 ? I'm familiar with Microsoft 365, got the MS-500 and the interface makes me think of it. - "Ok so here is Microsoft Deep Analysis(SAND BOX). Still waiting on their Human Analyst." > You mean that when a file is submitted and is not known by the tool, there is a human analysis after that ? - "Xcitium Broken but waiting on their Human Analysts also." > What do you mean by "Broken" ? I saw you used it before for Sophos ML, does that mean "Xcitium doesn't work" ? [USER=86910]@struppigel[/USER]@ : "DnSpy does not work here because it cannot open .NETCore App singlefiles. You can open it with ILSpy, though." > Got it ! I'm adding this tool to my list :) "The more interesting part will be the downloaded file. The levelcomputer.zip is 192 MB in size, so VT is not fond of it. I am gonna check if I can remove some bloat to share the file." As far as I know VT can accept file up to 700Mb, what do you mean that it will not be fond of it ? What do you mean by "Removing some bloat" ? I only know the term "Bloatware", however I know a method that consists of adding useless data to a payload in order to make it bigger and less trivial to analyze it, is it what you are talking about ? [USER=101350]@Xeno1234[/USER]@ : - "Original file is also UDS, so I guess it wasn’t detected by Scanner at all." > What do you mean by "UDS" ? I know FUD that makes a malware not recognizable - "We do truely love System Watcher." > What is "System Watcher" ? [/QUOTE]
Insert quotes…
Verification
Post reply
Top
