A Blog about malware and file formats

All articles for category: emulation
Reversing a NSIS dropper using quick and dirty shellcode emulation
Reversing a NSIS dropper using quick and dirty shellcode emulation

We will statically unpack and emulate a malicious NSIS installer running multiple shellcodes, up to the final Lokibot password stealer and its configuration.

Read more →

Exploit, steganography and Delphi: unpacking DBatLoader
Exploit, steganography and Delphi: unpacking DBatLoader

We will unroll a maldoc spam exploiting CVE-2018-0798 leading to a multi-staged Delphi dropper abusing steganography and cloud services to conceal its payload

Read more →