Tag: Reverse Engineering

Analysis of False/Morel

Introduction About a month ago, a group called the Shadow Brokers claimed to have stolen a number of cyber espionage tools from the Equation Group. They made a number of the files available to prove the validity of their claim

Tagged with: , ,

Using NodeJS To Deobfuscate Malicious JavaScript

Introduction A group of analysts in the office are spending some time reverse engineering an Angler sample found at http://malware-traffic-analysis.net/2016/03/02/index2.html. The website shows a screen capture of the malicious javascript that was injected into a page served by a compromised

Tagged with: , , ,

Reverse Engineering a Malicious MS Word Document

Introduction This blog post analyzes a Word document that was used to deliver a ransomware executable. The Word document includes a macro that will execute when the document is opened if the end user clicks a button called “enable content”.

Tagged with: , ,

Reverse Engineering Necurs (Part 3 – Patching)

Introduction In the previous post, we started to step through the Necurs sample using WinDbg. We also used IDA Pro to perform static analysis of the malware sample so we could get an idea of where to set breakpoints. However,

Tagged with: , ,