Highest Voted 'malware-analysis' Questions - IT Security Stack Exchange

3

votes

2 answers

Has malware detected mitmproxy and similar tools used to intercept and analyze malicious traffic?

When trying to analyze malware, have there been cases where malware detected the use of mitmproxy and ceased operation? If that has happened, would it be a good idea to be constantly using a proxy as a measure for deterring any malware?

malware detection malware-analysis

asked Apr 01 '22 at 09:40

Sir Muffington

1,447
2
9
22

2

votes

0 answers

Opened compromised Excel file - am I safe?

Long story short, got duped into opening an XLSM in Excel, with macros being enabled. Realised instantly. Digged into the Excel structure, found the following (extremely obfuscated)…

trojan malware-analysis excel macro

asked Mar 04 '22 at 02:36

user275197

21
1

1

vote

1 answer

Can I trust companies that test antimalware software?

Do they lie? I mean companies something like AV-TEST, AV-Comparatives, Virus Bulleting, ERG Effitas, etc.

malware virus antivirus antimalware malware-analysis

asked Sep 12 '22 at 09:44

Kristal

11
2

1

vote

0 answers

What is the difference between malware signatures and malware artifacts?

I am trying to analyse some malware samples but I am trying to understand the differen between malware signatures and malware artifacts. As far as I understand (and from what I've understood from this other post: What is the difference between…

malware virus antivirus antimalware malware-analysis

asked Feb 18 '22 at 23:32

jefazo92

31
1

1

vote

0 answers

Pixel File Size in STAMINA

Last year Intel released a white paper on a joint research effort with Microsoft concerning the possibility to perform malware analysis by converting a file to an image and then applying a deep neural network model on it. In the said white paper the…

static-analysis malware-analysis

asked Jun 30 '21 at 18:53

Elhitch

403
3
11

0

votes

1 answer

Can ransomware impact SSD drives?

I was watching this DefCon talking about Solid State Drives (SSDs) destroying forensic and data recovery jobs. It was interesting to note, that the speaker did acknowledge that it is unknown how long deleted files will remain recoverable for. I have…

malware ransomware deletion ssd malware-analysis

asked Aug 23 '22 at 14:09

user5623335

381
1
4
12

0

votes

1 answer

How malware file signature is generated?

How is the malware file signature generated? Does it use a sequence of bytes in the beginning, size, PE (export, import, section), etc? And can the MD5 or SHA256 be considered a file signature for a malware file? Note: I know that there's YARA that…

malware identification malware-analysis

asked Jul 26 '22 at 20:35

heaprc

103
4

0

votes

0 answers

Reliable information on AV engine false positive rate

I just came across this blog post (archived here). I am curious to know where I can find more data on false positive rates of anti-virus software. Of course, any such data would be subjective, since the samples are chosen by the people who publish…

antivirus antimalware detection malware-analysis

asked Jul 09 '22 at 19:44

user21820

623
1
6
13

0

votes

0 answers

Malware sinkhole evasion techniques

I have read into malware sink holing, as a way to disrupt botnets. There are also approaches to make this more difficult, for example using a Domain Name Generator algorithm which is what the Conficker worm used, fast-flux, double fast-flux, and P2P…

malware antimalware botnet honeypot malware-analysis

asked Jun 17 '22 at 18:18

questioner

171
2
11

0

votes

0 answers

Malware binaries for the SpySheriff scareware

When I first became interested in malware reverse engineering years ago, the first malicious program I encountered was a scareware called SpySheriff. It had a wide internet presence, as it spread through the typo-squatting domain goggle.com. I have…

malware reverse-engineering malware-analysis

asked May 21 '22 at 16:07

questioner

171
2
11

0

votes

1 answer

How to store malware for analysis?

I am planning on analysing some malware samples dynamically using a sandbox tool and a target Windows VM. The host (physical machine) runs Ubuntu and in it are the sandbox and target VM. So far I only analysed benign samples, i.e. normal software. I…

malware virtualization sandbox malware-analysis

asked Feb 22 '22 at 13:20

Marcus

1,145
1
8
12

0

votes

1 answer

Malware dropper uses "^" character in syntax of cmd.exe before calling mshta.exe to download file?

I found a malicious Excel file that was using an embedded HTA program as its dropper to download a powershell program from a malicious IP. The dropper was on a hidden sheet in the file. After reviewing the output in the sandbox I found that the…

malware antivirus antimalware malware-analysis

asked Jan 14 '22 at 19:35

QOHEN

1

0

votes

0 answers

OCSP hosts. How to tell Malicious OCSP hosts apart

Learning abit about allowed OCSP hosts on Windows 10: I've picked up OCSP requests carried out by CryptSvc pointing towards an OCSP server in Japan. Referring to Microsoft's Win10 Non-enterprise endpoint lists, I've already witnessed and confirmed…

firewalls ocsp malware-analysis

asked Nov 24 '21 at 04:17

N S

41
3

0

votes

0 answers

What does it mean to find a Imphash match?

I have Import Hash (Imphash) matches for some executables and dlls in my environment like teams update.exe, outlook.exe and other microsoft provided dlls apart from non-microsoft dlls too. When I take the hash of the identified dlls and executables…

malware-analysis

asked Oct 25 '21 at 08:10

termcap

31
4

0

votes

0 answers

Security of Third Party Plugins in Thunderbird

In Thunderbird (a popular open source email client), there is an extension store similar to Mozilla Firefox which adds further functionality to the client. Mozilla has an article detailing the security and safety of Firefox extensions (see Tips for…

malware browser-extensions thunderbird malware-analysis

asked Aug 27 '21 at 03:00

Harrison G

67
6

Questions tagged [malware-analysis]