Good day! I've spent a couple hours to update the Big Zeus Family Similarity Rundown, now including almost twice as many samples. Fi...

About a year ago, I published ApiScout , a library that allows the recovery of potentially used Windows API functions from memory dumps. ...

Dear followers of this blog, I wish you a happy new year! About a month ago, I have launched my latest project: Malpedia  ( slides here )....

Here is a short post on what I found out about the "link" between Lazarus and WannaCry. To me, the function referenced looks a lo...

After hacking away for some days in the code chamber, I'm finally satisfied with the outcome and happy to announce the release of my n...

After some abstinence, I thought it might be a good idea to write something again. The perfect occasion came yesterday when I decided to bui...

In the other blog post on Fobber, I have demonstrated how to batch decrypt function code, which left us with IDA recognizing a fair amount ...