Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
[Britec09] Fight Back Against Ransomware (McAfee Ransomware Interceptor Review)
Message
<blockquote data-quote="DardiM" data-source="post: 563759" data-attributes="member: 52613"><p>An example here <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p>[SPOILER="part 3-2)"]</p><p><strong>3-2) Constant objects :</strong></p><p><strong></strong></p><p>'=-=-=-=-= CONSTO =-=-=-=</p><p style="margin-left: 20px"><span style="color: rgb(0, 0, 179)">dcom_data = .....</span></p> <p style="margin-left: 20px"><span style="color: rgb(0, 0, 179)">loader_data = .....</span></p> <p style="margin-left: 20px"><span style="color: rgb(0, 0, 179)">dim file_data(10)</span></p> <p style="margin-left: 20px"><span style="color: rgb(0, 0, 179)">file_data (0) = ....</span></p> <p style="margin-left: 20px"><span style="color: rgb(0, 0, 179)">file_data (1) = ....</span></p> <p style="margin-left: 20px"><span style="color: rgb(0, 0, 179)">...</span></p> <p style="margin-left: 20px"><span style="color: rgb(0, 0, 179)">file_data (9) = ....</span></p> <p style="margin-left: 20px"><span style="color: rgb(0, 0, 179)"></span></p> <p style="margin-left: 20px"><span style="color: rgb(0, 0, 179)">file_size = 35328</span></p><p></p><p>Several Base64 encoded (very long) Strings are used.</p><p></p><p><u>We will see later that :</u></p><p></p><p style="margin-left: 20px"><strong>dcom_data </strong>=> dll content (used to allow API calls)</p> <p style="margin-left: 20px"><strong>loader_data </strong>=> encoded loader data used</p> <p style="margin-left: 20px"><strong>file_data </strong>=> array of encoded strings : malware parts</p> <p style="margin-left: 20px"></p><p style="margin-left: 20px"><strong>loader_data </strong>and <strong>file_data </strong>will be decoded and used for injection <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" /></p> </p><p>[/SPOILER]</p><p><a href="https://malwaretips.com/threads/payment_slip-vbs-a-script-with-api-calls-file-less-payload-injection-updated.64722/" target="_blank">https://malwaretips.com/threads/payment_slip-vbs-a-script-with-api-calls-file-less-payload-injection-updated.64722/</a></p></blockquote><p></p>
[QUOTE="DardiM, post: 563759, member: 52613"] An example here :) [SPOILER="part 3-2)"] [B]3-2) Constant objects : [/B] '=-=-=-=-= CONSTO =-=-=-= [INDENT][COLOR=rgb(0, 0, 179)]dcom_data = ..... loader_data = ..... dim file_data(10) file_data (0) = .... file_data (1) = .... ... file_data (9) = .... file_size = 35328[/COLOR][/INDENT] Several Base64 encoded (very long) Strings are used. [U]We will see later that :[/U] [INDENT][B]dcom_data [/B]=> dll content (used to allow API calls) [B]loader_data [/B]=> encoded loader data used [B]file_data [/B]=> array of encoded strings : malware parts [INDENT][B]loader_data [/B]and [B]file_data [/B]will be decoded and used for injection :D[/INDENT][/INDENT] [/SPOILER] [URL]https://malwaretips.com/threads/payment_slip-vbs-a-script-with-api-calls-file-less-payload-injection-updated.64722/[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top