Andrew Martin

Watching a recent SANS webcast by Lenny Zeltser peaked my curiosity in flash based malware. I decided to have a closer look at some flash based malware which I had collected to try and gain some more insight into how to analyze it. I’ll cover 3 samples and what I was able to find out [...]

Seems I was running wireshark in the background while writing the past post. Looks like the WordPress folks are recruiting! My post: POST /wp-admin/admin-ajax.php HTTP/1.1 Host: realsecurity.wordpress.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 Accept: */* The reply: HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Sep 2008 01:53:02 GMT Content-Type: [...]

I picked up a copy of a malicious pdf a week or so ago that was trying to infected a workstation. Lets crack it open and see what’s inside. Virus Total MD5: bccb814a5bcba72be31cdaf4e8805a7b Filename: pdf.pdf Simply running the file command on the pdf returns the following: pdf.pdf: PDF document, version 1.4 Running strings on pdf.pdf [...]

While perusing some malware for learning purposes I ran across some anti analysis techniques used in Trojan-Downloader.Win32.Agent.abti. I’m keeping this post a little more brief by posting fewer screenshots. MD5: 588573DC336B3695E9FDB890EEFD26DB Virus Total Results Anubis Results Threat Expert Results Sunbelt sandbox results The Anubis scan yielded great results, but we are focusing mainly on the [...]