Filter by:

AtomBombing Evasion and Detection

A new code injection technique is effective in bypassing most analysis and detection methods. Code injection has been a favorite technique of malware authors for many years. Injecting malicious code into an otherwise-benign process is an effective way of masking malware from anti-virus and sandbox detection. It is used to bypass end-host firewalls and to evade sandbox monitoring. […]

READ MORE

Goldeneye Ransomware Uses COM to Execute Malicious JavaScript

There is a new ransomware going wild in Germany called Goldeneye, which is a variant of Petya. It’s targeting German-speaking users via email by attaching an application (Bewerbung) in Excel format (xls). At the time we started analyzing the Goldeneye malware, VirusTotal scored 9/54, but the score varied for different attachments, some were as low […]

READ MORE

Hancitor Uses Microsoft Word to Deliver Malware

There have been several variants of the Hancitor malware family seen in the wild over the past several months. Recently, Carbon Black, a VMRay integration partner, provided an in-depth analysis of a specific strain of the Hancitor Malware family that uses a Microsoft calendar identifier to deliver malware to unsuspecting users. We did a full analysis in […]

READ MORE

Website designed and developed by Raincastle Communications, Inc.