Microsoft Shortcut (LNK) trojan malware

I have downloaded this Microsoft shortcut malicious sample from Virustotal for analysis After downloading, I renamed as sample.lnk. (Microsoft shortcut extension .LNK) When I opened properties tab of this file, found below properties which clearly shows its now shortcut of any application but a PowerShell script which executed on opening. Target Type: Application Target: PowerShell… Read More Microsoft Shortcut (LNK) trojan malware

March 27, 2019 AnuragLeave a comment

Emotet malware analysis

VirusTotal sample – c9bdfb2d6ac9e493bc391b2f64b48d8d5cde10645ea921951b23112e6d73545c File Type: Microsoft Word Document Document Property: I have used Oletools to analyse word document properties and analyse content. This word document has VBA macros. After parsing word document using olevba, this tells, file has suspicious hex string and Base64 strings. And file has below macros, LUDoB_BX.cls fkkkCAk.bas ZAAcAA.bas And macros… Read More Emotet malware analysis

March 16, 2019July 9, 2020 Anurag4 Comments

HelpMe.exe malware

VirusTotal: SHA256 – 9ff1c8e6d80ebf5626714362cbc55a53ba17038e841773d24fdc018891adb52e Tools used for analysis: Ollydbg, WireShark, PEExplorer, I started debugging using Ollydbg. The first warning I received is “Module ‘AutoRUN_’ has entry point outside the code (as specified in the PE header). Maybe this file is self-extracting or self-modifying. Please keep it in mind when setting breakpoints!” The executable file extracts HelpMe.exe file and… Read More HelpMe.exe malware

March 6, 2019July 9, 2020 AnuragLeave a comment

Malware Analysis

by Anurag

Month: March 2019

Microsoft Shortcut (LNK) trojan malware

Emotet malware analysis

HelpMe.exe malware