Andrew Martin

As a follow up to my previous post, here is the next video depicting the second portion of the attack. For URLs, Virustotal results, etc refer back to Part 1. All analysis is conducted with Malzilla. To give you some additional insight into the attack, I am also able to share the contents of a [...]

A reader was gracious enough to share some information with me on the events surrounding the compromise of a website of his. The site was compromised via stolen FTP credentials which has been a technique employed by major Internet threats such as Gumblar and Nine-ball recently. This will be a two part post. Lets take [...]

While investigating an attack, I came across a piece of javascript that was quite unusual. Most javascript obfuscated malware uses custom “packers” if you will to mangle the actual code that performs the attack. This code must become “unpacked” at some point to be interpreted by the web browser. Simply looking for document.write or eval [...]

Watching a recent SANS webcast by Lenny Zeltser peaked my curiosity in flash based malware. I decided to have a closer look at some flash based malware which I had collected to try and gain some more insight into how to analyze it. I’ll cover 3 samples and what I was able to find out [...]

I picked up a copy of a malicious pdf a week or so ago that was trying to infected a workstation. Lets crack it open and see what’s inside. Virus Total MD5: bccb814a5bcba72be31cdaf4e8805a7b Filename: pdf.pdf Simply running the file command on the pdf returns the following: pdf.pdf: PDF document, version 1.4 Running strings on pdf.pdf [...]

While perusing some malware for learning purposes I ran across some anti analysis techniques used in Trojan-Downloader.Win32.Agent.abti. I’m keeping this post a little more brief by posting fewer screenshots. MD5: 588573DC336B3695E9FDB890EEFD26DB Virus Total Results Anubis Results Threat Expert Results Sunbelt sandbox results The Anubis scan yielded great results, but we are focusing mainly on the [...]