In the last entry, we saw how to inject and execute ASM (shellcode) by the use of a new thread using CreateRemoteThread. The problem is: if a function is self-threaded and cannot be called from a foreign thread, we’re f*cked… To do this injection, we will use the main thread to do our things.
Xartrick » Monday 15 July 2013 23:14
Xartrick » Friday 12 July 2013 17:54
In this entry, we will see how to inject and execute ASM (shellcode) using CreateRemoteThread in x86 environment (I don’t even test it on x64 since my computers all running on x86).
Xartrick » Saturday 25 May 2013 13:20
A Keygen-Me found on crackmes.de, done in Assembly by Greedy_Fly.
Xartrick » Wednesday 22 May 2013 21:55
In this entry, the malware is a .NET stealer.
The first executable is a WinRAR SFX Archive who extract two files: a stealer and a fake application.
At the end, the malware owner got exposed.
Xartrick » Wednesday 22 May 2013 13:08
Here we are! For this first entry, I will introduce a malware who’s like matryoshka dolls.
Before the malware, there is three layer of “security”.
The first layer is in .NET using drop method, the second in AutoIt who run the executable in memory, the third is in native language and is a loader of a (unknown) packer and then, we have our malware.