Reversing malware in a custom format: Hidden Bee elements

When we recently analyzed payloads related to Hidden Bee (dropped by the Underminer EK), we noticed something unusual. After reversing the malware, we discovered that its authors actually created their own executable format. Follow our step-by-step analysis for a closer look.

Read more

A .NET malware abusing legitimate ffmpeg

There is a growing trend among malware authors to incorporate legitimate applications in their malicious package. This time, we encountered a malware downloading a legitimate ffmpeg.

Read more

‘Payload tested’ browser popup via AOL’s ad network causes a scare

The last thing you’d expect when navigating through a site would probably be a pop up telling you that a “payload” had just been tested in your browser.

Read more

Select your language