Andrew Martin

Watching a recent SANS webcast by Lenny Zeltser peaked my curiosity in flash based malware. I decided to have a closer look at some flash based malware which I had collected to try and gain some more insight into how to analyze it. I’ll cover 3 samples and what I was able to find out [...]

Seems I was running wireshark in the background while writing the past post. Looks like the Wordpress folks are recruiting!
My post:
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: realsecurity.wordpress.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Accept: */*
The reply:
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 04 Sep 2008 01:53:02 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-hacker: If you’re reading this, you should visit [...]

I picked up a copy of a malicious pdf a week or so ago that was trying to infected a workstation. Lets crack it open and see what’s inside.
Virus Total
MD5: bccb814a5bcba72be31cdaf4e8805a7b
Filename: pdf.pdf
Simply running the file command on the pdf returns the following: pdf.pdf: PDF document, version 1.4
Running strings on pdf.pdf returns a few interesting pieces [...]

While perusing some malware for learning purposes I ran across some anti analysis techniques used in Trojan-Downloader.Win32.Agent.abti.
I’m keeping this post a little more brief by posting fewer screenshots.
MD5: 588573DC336B3695E9FDB890EEFD26DB
Virus Total Results

Anubis Results
Threat Expert Results
Sunbelt sandbox results
The Anubis scan yielded great results, but we are focusing mainly on the anti analysis tricks this time. We [...]