VB6's IDispatch implementation reveals full function prototypes for internal forms and classes. Let's learn how to recover and extract them.
We have seen DirtyMoe being spread by various exploit kits such as PurpleFox or via injected installers, for example, as seen for Telegram’s installer. However, one of the DirtyMoe modules also implements worming techniques to spread itself. In this next DirtyMoe series, we will dissect this module...
CoinHelper is a family of AutoIt droppers which provides a massive coinmining campaign. The malware is being spread in a form of a bundle with another software, being it game cheats, cracked software, or even clean installers such as Google Chrome, Microsoft Office, AV products, and many others.
The DirtyMoe is delivered by the PurpleFox exploit kit as the MSI installer package. The MSI installer is a popular way to deploy malware because it supports multiple configurations based on different Windows versions, all within one package.
MyKings is a long-standing and relentless botnet which has been active from at least 2016. Our research has shown that, since 2019, the operators behind MyKings have amassed at least $24 million USD (and likely more) in the Bitcoin, Ethereum, and Dogecoin.
The Windows kernel allows loading drivers signed with revoked certificates. The DirtyMoe driver is also signed with revoked certificates that are moreover widely abused in other malware. Motivated by these facts, this article analyzes the mechanism of how Windows manages certificate revocation...
The DirtyMoe malware is a complex malicious backdoor employing various self-protection and anti-forensics mechanisms. One of the more significant safeguards is a rootkit. The next article of the DirtyMoe series explains rootkit functionality in detail.
Three measures of exploits, one of vulnerable drivers, half a measure of Delphi. Shake it very well until it's ice-cold, then add a large thin slice of VMProtect. Got it?
Reusing binary code from malware is one of my favorite topics. Binary re-engineering and being able to bend compiled code to your will is really just an amazing skill. Allow me to show you the way
Writing a debugger for VB6 P-code has been something I have always wanted to do. Come and let me show you, how far the rabbit hole goes.