Malware Analysis Reverse Engineering

GuLoader’s Unique Approach to Obfuscation: Understanding Stack Manipulation

For those that often enjoy reverse engineering shellcode, or obfuscated malware in general, you may have come across an interesting “malware” family named GuLoader – malware in quotations as it has in the past been linked to a company selling a software packer named CloudEyE (see: Checkpoint Research), though it does appear most of it’s […]

Malware Analysis Reverse Engineering

Developing YARA Rules Based on Byte Patterns: ROMCOM

YARA is an important tool for any aspiring threat intel analyst or reverse engineer, whether for detecting code reuse among different families, identifying samples utilising a certain technique, or even tracking the development of recently discovered malware.  While using simple string patterns for rules can be an efficient method for quickly building detections, it is […]

Malware Analysis Reverse Engineering

Unpacking Malicious DLLs – IcedID

So recently I’ve been reverse engineering the newest version of IcedID (the version hiding encrypted payloads and other data inside PNGs), and I came across a post by Malware-Traffic-Analysis about IcedID being downloaded by malspam typically responsible for downloading ISFB. This particular infection chain was interesting, as the Word Document drops a script file to […]