After hacking away for some days in the code chamber, I'm finally satisfied with the outcome and happy to announce the release of my n...

After some abstinence, I thought it might be a good idea to write something again. The perfect occasion came yesterday when I decided to bui...

In the other blog post on Fobber, I have demonstrated how to batch decrypt function code, which left us with IDA recognizing a fair amount ...

About two weeks ago I came across an interesting sample using an interesting anti-analysis pattern. The anti-analysis technique can be best...

This blog post details how the more recent versions of Andromeda store their C&C URLs and RC4 key and how this information can be brutef...

re: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3505   sha256: 73b0d95541c84965fa42c3e257bb349957b3be626dec9d55efcc6...

From now on I'll use this blog as a platform to publish loose bits of information on different when playing with malware that crosses my...