30 April 2013

adric: books icon (c) 2004 adric.net (Default)

I try to take advantage of the malware samples in my inbox every day to practice analysis and learn cool news tools. A previous post covers some of the basics.

This week I got an "eFAX" message with a zip file attachment that was quite suspicious so I dug right into it. It's defintiely a Win32 PE file (exe) inside the zip despite the Adobe-esque PDF icon it's using and although ClamAV didn't find anything VirusTotal confirms that most of the planet thinks it is bad news indeed. Here's the VT and Annubis reports for the binary.

From there I tried to apply some of the techniques I am reading about in Practical Malware Analysis1 an awesome book that walks through the proceedures and tools needed to disect and analyze files. I'm just starting the book and have been reading about the Windows Portable executable format, so PE header analysis, I chose you!

PE Header analysis, I chose you to battle the mysterious eFAX DIGIT 30! )

March 2014

S M T W T F S
      1
2345678
9 101112131415
16171819202122
23242526272829
3031     

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated 18 August 2017 01:02 am
Powered by Dreamwidth Studios