Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

Malware Analysis Reverse Engineering

GuLoader’s Unique Approach to Obfuscation: Understanding Stack Manipulation

For those that often enjoy reverse engineering shellcode, or obfuscated malware in general, you may have come across an interesting “malware” family named GuLoader – malware in quotations as it has in the past been linked to a company selling a software packer named CloudEyE (see: Checkpoint Research), though it does appear most of it’s […]

Malware Analysis Reverse Engineering

Developing YARA Rules Based on Byte Patterns: ROMCOM

YARA is an important tool for any aspiring threat intel analyst or reverse engineer, whether for detecting code reuse among different families, identifying samples utilising a certain technique, or even tracking the development of recently discovered malware.  While using simple string patterns for rules can be an efficient method for quickly building detections, it is […]

Malware Analysis

Quack Quack: Analysing Qakbot’s Browser Hooking Module – Part 1

Qakbot is one of the most notorious malware families currently operating, and dates back to around 2007. It is primarily focused around stealing banking information and user credentials, however with the huge jump in ransomware popularity among threat actors, Qakbot has been seen to drop Egregor and the ProLock ransomware. As it is primarily operated […]

Malware Analysis Reverse Engineering

Unpacking Malicious DLLs – IcedID

So recently I’ve been reverse engineering the newest version of IcedID (the version hiding encrypted payloads and other data inside PNGs), and I came across a post by Malware-Traffic-Analysis about IcedID being downloaded by malspam typically responsible for downloading ISFB. This particular infection chain was interesting, as the Word Document drops a script file to […]