Unpacking NanoCore Sample Using AutoIT

May 5, 2019

In this article I want to take a look at a Nanocore sample that I found on HybridAnalysis that is using a compiled AutoIT script as a packing technique. This article will go over how to detect if a sample is using AutoIT and how to analyze it. The hash for this sample is ad9f99ad687a8ae71a40fd589b028ef6194e35c7....

Reverse Engineering, Malware Analysis, Malware, Unpacking, Scripting, Automation, DotNET, DnSpy, AutoIT

Linux Malware Analysis—Why Homebrew Encryption is Bad

Feb. 2, 2018

Linux is one of my favorite operating systems, but you seldom see malware for it, so I was pretty interested when Linux Malware was caught by my honeypot. This article will be my analysis of the sample, particularly the decryption function that was used throughout it. It’s a good example of why using your own encryption algorithm isn’t very secure....

Reverse Engineering, Radare2, Malware Analysis, Malware, Linux

Snojan Analysis

Jan. 11, 2018

So this is my analysis on the snojan malware. My goal for my articles is to write about different malware samples that I collect in my honeypot. I hate finding a sample and looking up analyses on it only to find that nobody has taken the time to really look at it, so this is my remedy for that....

Reverse Engineering, Radare2, Malware Analysis, Malware

Page 1 of 1