OllyScript – Automating detection and unpacking the Conficker Worm Variant B/C

In order to bring the problem of extracting unpacking code into the realm of decidability,  MyCERT had been working on  automating the unpacking script in an assembly-like language. The script, called OllyScript,  can be used to unpack malicious worm Win32/Conficker B and Win32/Conficker C. OllyScript is the scripting language plugin for OllyDbg.  It simulates user’s […]

MyKotakPasir: Solved major problem during automated analysis.

MyKotakPasir 2 is a malware sandbox developed by Malware Research Center at MyCERT. A lot of  improvements have been introduced since the first version. For instance, in the previous version, 2 different programming languages, namely Python and VB, were used to handle analysis work. Due to some teething problems with Python,  I have changed everything to […]