Have you ever wondered how some malware variants are able to delete themselves? A malicious executable is launched on a machine, and once launched in memory, the executable vanishes. This makes malware analysis very hard if no memory dump was taken, as there is seemingly nothing there. We can however use other artefacts to confirm … Continue reading Self deleting malware
Tag: malware analysis
Malware Analysis Training
As I begin to do more and more forensic malware analyses, it’s always good to know what kind of training opportunities are available. Here is a list of professional courses (for the UK) along with some free online courses. Please let me know in the comments section if you know of any more. I know … Continue reading Malware Analysis Training
Alternate Data Streams
Lots of apologies that I haven’t been blogging lately. I have recently got married, and as you can imagine that has taken up a lot of my time! I’m currently doing a course called the Certified Malware Investigator run by 7Safe, and one of the practical exercises in today’s session was on Alternate Data Streams (ADSs). I’ve … Continue reading Alternate Data Streams
Unicode making malware easier
I recently discovered a wonderful unicode character that makes the following text reverse called right-to-left-override. For example: print "Hello[U+202E]World", produces the output: Hello dlroW. I'm not sure of what legitimate reason you would use the unicode character, but several blogs have warned that it can be used by malware writers to get people to click on files. Most people … Continue reading Unicode making malware easier
Lowmanio 