Code obfuscation is one of the cornerstones of malware. The harder code is to analyze the longer attackers can fly below the radar and hide the full capabilities of their creations. Code obfuscation techniques are very old and take many many forms from source code modifications, opcode...
One of the goals of malware authors is to keep their creation undetected by antivirus software. One possible solution for this are crypters. A crypter encrypts a program, so it looks like meaningless data and it creates an envelope for this encrypted program also called a stub. This stub looks like...
Forum Advertisement MassLogger is an information stealer, first sold in hacking forums around April 2020. The malware author claims it to be the “most powerful logger and recovery tool” which costs $99 USD worth of Bitcoin for a lifetime license. MassLogger is highly configurable and gives its...
For some time now, we’ve been monitoring a new strain of malicious programs that we are referring to as "Meh". It all started when we came across large amounts of files with randomly generated strings at their beginning, followed by a compiled AutoIt script… and what a ride it has been since.
WiryJMPer is a seemingly ordinary dropper with unusual obfuscation. It uses two benign binaries with superfluous jumps and dead branches sandwiched between the binaries to hide its virtual machine, protecting its Netwire payload.