Tag: Virus

Password stealer Trojan – Malware Analysis


Hi Visitor, I got this sample of malware shared on VirusBay. Sample below: SHA256: 630efa1e2dc642799b867363bb36d1953884480ac29942a1ab20243a8a9620ad Signature: Microsoft Visual C# v7.0/ Basic .Net and its a Windows forms application. Upon execution, this file drops below two files at location C:\Users\<UserProfile>\AppData\Local\Temp\ Dropped files: C:\Users\<UserProfile>\AppData\Local\Temp\FB_2C02.tmp.exe C:\Users\<UserProfile>\AppData\Local\Temp\cc3a68ce1dad95ce662e1c51568e3a.exe (Application Server) Upon execution of this file, it take a screenshot of… Read More Password stealer Trojan – Malware Analysis

Anurag3 Comments

Trojan- JS downloader


I have downloaded JS trojan downloader from VirusSign  to analyze behavior of this malware. It was a zip file INC_0987155124US_Apr_19_2019.zip and after extracting it, I got .js file. On opening JS file in notepad, i saw base64 obfuscated string. After obfuscation JS script, I found, this file has multiple sources/ URL’s to download  SHA256- d6798b62cef08c4f61a30dfa346faf5aa29f9d03e4599ebe5ae910a193087b86… Read More Trojan- JS downloader

AnuragLeave a comment

Emotet malware analysis


VirusTotal sample – c9bdfb2d6ac9e493bc391b2f64b48d8d5cde10645ea921951b23112e6d73545c File Type: Microsoft Word Document Document Property: I have used Oletools to analyse word document properties and analyse content. This word document has VBA macros. After parsing word document using olevba, this tells, file has suspicious hex string and Base64 strings. And file has below macros, LUDoB_BX.cls fkkkCAk.bas ZAAcAA.bas And macros… Read More Emotet malware analysis

Anurag4 Comments

HelpMe.exe malware


VirusTotal:  SHA256 – 9ff1c8e6d80ebf5626714362cbc55a53ba17038e841773d24fdc018891adb52e Tools used for analysis: Ollydbg, WireShark, PEExplorer, I started debugging using Ollydbg. The first warning I received is “Module ‘AutoRUN_’ has entry point outside the code (as specified in the PE header). Maybe this file is self-extracting or self-modifying. Please keep it in mind when setting breakpoints!” The executable file extracts HelpMe.exe file and… Read More HelpMe.exe malware

AnuragLeave a comment