Recent Posts

71

Malware Analysis / Re: PDF malware adopts another obfuscation trick in attempt to avoid detection

« Last post by dlipman on January 21, 2016, 01:08:09 pm »

is using a different obfuscation technique

On what ?

There is no content that would need to be obfuscated.

If you can not indicate what is or would need to be obfuscated then the conjecture is FUD.  In other words...
If one is to speculate that there may be a case of "a different obfuscation technique" then one must show show what the content is that would be the object of that obfuscation.

 

72

Malware Analysis / Re: PDF malware adopts another obfuscation trick in attempt to avoid detection

« Last post by adityasawant28 on January 21, 2016, 04:39:57 am »

Hello,

There is a possibility that the person who created this file is using a different obfuscation technique which bypasses most of the anti virus softwares and is not detected by online file examining tools.

If these technique is added to the database of Virus Total then they will show this file as malicious.

Just a thought. :-)

Thanks,
Aditya

73

Malware Analysis / Re: PDF malware adopts another obfuscation trick in attempt to avoid detection

« Last post by dlipman on January 20, 2016, 10:02:36 pm »

You uploaded this file, twice, early this AM in another location.  I subsequently examined it.

It's a PDF on JavaScript Concurrency.  It is not a malicious PDF nor even suspicious.

Virus Total Report

74

Malware Analysis / Re: PDF malware adopts another obfuscation trick in attempt to avoid detection

« Last post by adityasawant28 on January 20, 2016, 09:59:53 am »

Hello,

Please check : hxxp://file.allitebooks.com/20160104/JavaScript%20Concurrency.pdf

Size: 1714620 bytes
MD5: 1a2348c186c8b5c8b4a07a08d70e4957
Sha1: 73565f3a46c44487c11ea701783e8c150b73ba27
Sha256: f86b701f25823b9be8916974b01c1e141d7d801e3fb96f416803e13ed4bb9104
ssdeep: 24576:95xT7fEtdDA4LcQBS8M7hP/SVTEMDfbZIogpWBK+Pkuys0792:9v8nDnYKS8MZKV3DfmoWWBRkO0p2
Type: PDF document, version 1.6.

Detection: Malware [12]

Summary:
632.0@491775: suspicious.obfuscation using charCodeAt
632.0@491775: suspicious.obfuscation using String.fromCharCode
831.0@710564: suspicious.obfuscation using eval

Used malwaretracker.com for analysis, not sure if they give trusted information. Manually checked the file, obj 2038 looks suspicious.

Thanks,
Aditya

75

Site / Forum Discussion / http://login.kasikornbankgroupkcyber.ru/K-Online/indexHome_th.jsp

« Last post by servercare on January 16, 2016, 07:00:17 am »

phishing = hxxp://login.kasikornbankgroupkcyber.ru/K-Online/indexHome_th.jsp   



authenticity  =
hxxps://online.kasikornbankgroup.com/K-Online/login.jsp?lang=th&type=

76

Malicious Domains / Re: Paypal Phishing

« Last post by boneco69 on January 16, 2016, 06:57:16 am »

And another one...

hxxp://www.atheme-formation.fr/wp-includes/Pay-pal-assistance-ssl-H87967633488569786/

"Can list" server contents

hxxp://www.atheme-formation.fr/wp-includes/

77

Malicious Domains / Re: Paypal Phishing

« Last post by InfectedPacket on January 13, 2016, 02:54:51 pm »

Additional Paypal phishing:

http://inclusivediversity.co.uk/wp-content/upgrade/ Paypal Phishing (Redirect)
http://dashlinen.testing-domain-live.co.uk/Secure/paypal-CA/ Paypal Phishing

78

Malicious Domains / Re: soundclou.com - dangerous exploit installer/typosquatter

« Last post by dlipman on January 09, 2016, 04:33:18 pm »

You can upload it/them ( samples ) to http://www.uploadmalware.com  and mark the submission that it was based upon a request from MDL.

Obrigado.

79

Malicious Domains / Re: soundclou.com - dangerous exploit installer/typosquatter

« Last post by emmyslim on January 08, 2016, 01:44:02 pm »

hello thanks for your post please i want doc exploit spy and i also want need an exploits that i can use to convert my exe file to doc or pdf

80

This and That / Best Browser

« Last post by Tabeer on January 04, 2016, 08:22:31 am »

Can any one tell me which is the better browser. Currently I am using Chrome (not working properly these days) and Opera.