Results 1 to 10 of 10

Thread: ARTeam: Introduction To Malware Techniques and Logics Part 1

  1. #1
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430

    ARTeam: Introduction To Malware Techniques and Logics Part 1

    Hi all,
    a new tutorial from Gunther has been published on our site.

    Following the great works by EvilCry, I have decided it’s time to release some of my past and present works on Malware Analysis (some of them will be coming soon). This is in the hope of igniting some interests in Malware Analysis via Reverse Engineers’ mindset.
    This tutorial is written to provide a better understanding of where to find information and what is the aim of most Trojans. Their aim is simply to steal information or to act as a Bot in a Botnet. Please note that this article has been written for learning purposes and not for complex functionality. In the early days, there were many incidents where users received emails with malicious CHM (Microsoft Compiled HTML Help) and DOC (Microsoft Office Word Document) attachments containing Trojan Riler which is also known as BackDoor-BCB.
    So I have decided to impart some of my knowledge on Forensics in order to complete this tutorial, writing “Introduction to Malware Techniques and Logics part 1”. The tutorial will cover different issues:
    • How to decompile .CHM files.
    • How to detect and analyse the shellcode
    • How to dump the backdoor components
    • How to discover the communication protocol

    I hope that this could begin a new chapter in the ongoing series of Reverse Engineering and Forensics guides from ARTeam and spark a new interest.
    available for download here:

    http://www.accessroot.com/arteam/site/download.php?view.312
    (¯`·._.·[¯¨´*·~-.¸¸,.-~*´¨ Ŝħůβ¬Ňïĝµŕřāŧħ ₪¯¨´*·~-.¸¸,.-~*´¨]·._.·´¯)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

  2. #2
    Thanks as always Shub for sharing with out readers!



    Regards,
    JMI

  3. #3
    BANNED APACHE's Avatar
    Join Date
    Aug 2009
    Location
    Behind You
    Posts
    11

    Thumbs up Great Job dude...!!!

    Really a great work.... it really gives an idea of malware's behaviour and very good beginners...and "ARTeam's tutorials"...no one can beat the quality...
    Thanx Shub, Gunther..and.... and..... and....... "EVILCRY"

    but i thnk a correction would be right (not neceessary if you guys
    dont want):

    password: infected (not "INFECTED" as given in pdf) and what is the password of <logs.zip> inside this(malware_sample_beware) pass protected archive..

  4. #4
    Registered User
    Join Date
    Aug 2005
    Location
    Italy
    Posts
    133
    Blog Entries
    31
    thank you Apache but the great work is done by Gunther =)

    In some day I'll come with another Malware RCE paper

    Regards,
    Evilcry

    http://evilcry.netsons.org (Repository)
    http://evilcodecave.blogspot.com
    http://evilcodecave.wordpress.com

  5. #5
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430
    in the first page there were wrong password information to open the internal archive, I updated the tutorials online then.
    (¯`·._.·[¯¨´*·~-.¸¸,.-~*´¨ Ŝħůβ¬Ňïĝµŕřāŧħ ₪¯¨´*·~-.¸¸,.-~*´¨]·._.·´¯)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

  6. #6
    Great tutorial for nubeez like me, thank you.

    Question....I don't the the .chm or .doc files in the download package. And I cannot unzip the logs.zip file as it says the infected password is not correct.

    Thanks again,
    Dave
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    3ks,good

  8. #8
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430
    if you download again the package you'll see in the first page updated passwords. The password are two: for the first archive is "infected", for the innser zip it is "password", all smallcaps.
    (¯`·._.·[¯¨´*·~-.¸¸,.-~*´¨ Ŝħůβ¬Ňïĝµŕřāŧħ ₪¯¨´*·~-.¸¸,.-~*´¨]·._.·´¯)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

  9. #9
    Thank you Shub-nigurrath. I thought I had re-downloaded it but I guess not.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    Thank you Shub-nigurrath.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Observation Techniques
    By ned in forum The Newbie Forum
    Replies: 3
    Last Post: September 16th, 2012, 23:49
  2. [ARTeam] Analyzing an Adobe Flash Malware (CVE-2011-2110) by +NCR/CRC!
    By Shub-nigurrath in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: November 9th, 2011, 09:10
  3. nt!NtMapUserPhysicalPages and Kernel Stack-Spraying Techniques
    By j00ru vx tech blog in forum Blogs Forum
    Replies: 0
    Last Post: May 29th, 2011, 12:33
  4. Part 2: Introduction to Optimization
    By OpenRCE_RolfRolles in forum Blogs Forum
    Replies: 0
    Last Post: August 7th, 2008, 04:50
  5. ARTeam: Notes on Reversing and Cracking Java Target Part 3 by ThunderPwr
    By Shub-nigurrath in forum Advanced Reversing and Programming
    Replies: 9
    Last Post: October 27th, 2007, 08:28

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •