In the other blog post on Fobber, I have demonstrated how to batch decrypt function code, which left us with IDA recognizing a fair amount ...

About two weeks ago I came across an interesting sample using an interesting anti-analysis pattern. The anti-analysis technique can be best...

This blog post details how the more recent versions of Andromeda store their C&C URLs and RC4 key and how this information can be brutef...

re: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3505   sha256: 73b0d95541c84965fa42c3e257bb349957b3be626dec9d55efcc6...

From now on I'll use this blog as a platform to publish loose bits of information on different when playing with malware that crosses my...