Malware Analysis

by Anurag


VirusTotal:  SHA256 – 9ff1c8e6d80ebf5626714362cbc55a53ba17038e841773d24fdc018891adb52e Tools used for analysis: Ollydbg, WireShark, PEExplorer, I started debugging using Ollydbg. The first warning I received is “Module ‘AutoRUN_’ has entry point outside the code (as specified in the PE header). Maybe this file is self-extracting or self-modifying. Please keep it in mind when setting breakpoints!” The executable file extracts HelpMe.exe file and …

Continue reading


VirusTtoal — SHA-256 — 7c3e2a38dcacc3246409151ecdf283814611a8f9d98ed0e5996fb2615adc2cc2 I pulled the request for malware sample from Malshare for analysis and renamed the file with .exe extension. Tools I used: Ollydbg, WireShark, PEExplorer, I downloaded malware sample, opened in PE explorer, and found resource information Before I start debugginh, I extracted the malware executable file using 7-zip. There were …

Continue reading


I had emailed a recruiter last year for a job opportunity. He reverted back year later with attachment and it was encrypted and provided password. Unzipped and looked for the properties of word document. I analysed file using Oletools  and the result showed it as a suspicious file. I found value (“1jwe7d7n1544”) in the Macro code …

Continue reading