June 7, 2018 - In part two of our series on decoding Emotet, we analyze the PowerShell code flow and structure. We also reconstruct the command-line arguments—for fun!
May 25, 2018 - In the first part of this two-part analysis of Emotet, we look at the VBA code, where you'll learn how to recognize and discard "dead" code thrown in to complicate the analysis process.
May 8, 2018 - Kuik adware, which forces affected machines to join a domain controller, is using this unusual technique to push Google Chrome extensions and coin miner applications. In this blog, we'll provide technical analysis of the adware and custom removal instructions.
April 30, 2018 - Spartacus ransomware is a fairly new variant seen in 2018. We'll walk you through the malware sample to analyze the code in detail, and help you learn how to get an obfuscated .NET sample into a readable state.
April 18, 2018 - Recently, we came across a Python-based sample dropped by an exploit kit. Although it arrives under the disguise of a MinerBlocker, it has nothing in common with miners. In fact, it seems to be PBot: a Python-based adware.
April 12, 2018 - In our final installment of the Encryption 101 series, we walk you through the source code of the Princess Locker decryption tool.
April 4, 2018 - A lesser-known variant called LockCrypt ransomware has been creeping around under the radar since June 2017. We take a look inside its code and expose its flaws.
March 28, 2018 - QuantLoader is a Trojan downloader that has been used in campaigns serving a range of malware, including ransomware, Banking Trojans, and RATs. In this post, we'll take a high-level look at the campaign flow, as well as a deep dive into how the malware executes.