Showing posts tagged #dynamic malware analysis

Return Home

Previous analysis:

We are presented with a Word document that has macros. The VBA code for the macros is obfuscated but we can clearly see that it is using some interesting Win32 API calls like VirtualAlloc and CallWindowProc, which later renames.

Thus, we can just

Read More

In this post I will analyze one on the ELF files captured on my honeypot. First, a dynamic analysis will be performed. Once we aknowledge it's behaviour we will move onto a more in-deep static analysis.

Let's start!

We are presented with a 32-bit ELF un-stripped executable.

$ file 05fd293845e7517bcfc6e8a7fa845ef101bf716c5ec6d40c74c6f7e8aed656bf 

Read More