Process Doppelgänging meets Process Hollowing in Osiris dropper

Process doppleganging, a rare technique of impersonating a process, was discovered last year, but hasn’t been seen much in the wild since. It was an interesting surprise, then, to discover its use mixed in with Process Hollowing, yet another technique, in a dropper for the Osiris banking Trojan.

Read more

De-obfuscating malicious Vbscripts

With the returned popularity of visual basic as a first attack vector in mind, we took a look at de-obfuscating a few recent vbs files starting with a very easy one and progressing to a lot more complex script.

Read more

Select your language