Heartbleed (CVE-2014-0160) is a vulnerability on OpenSSL library which is affected on million of website. This will cause any user on the internet to read system memory. Our team have working to provide an alternative URL for user to verify their web server for vulnerable OpenSSL. User can visit to the following URL: http://heartbleed.honeynet.org.my/ If […]
TOR Based APK Trojan
Several security firms recently discovered TOR based malware on android platform. As we received the sample, we make some quick analysis on it. MD5: 58FED8B5B549BE7ECBFBC6C63B84A728 SHA-1: 2E6DBFA85186AF23A598694D2667207A254F8979 The sample has been reported to have C&C capability which is using unusual top level domain name (.onion). This TLD is usually used by TOR. The use of Orbot TOR […]
Maybank Phishkit Analysis
Just couple of days ago, we discovered a certain Maybank Phishing kit that limits access to only IP address from Malaysia. The phishing kit is hosted in a server in the US. This is basically done via the .htaccess file. Directory of C:\temp\xyz\xyz\m2u\abc 07/04/2011 12:43 PM . 07/04/2011 12:43 PM .. 27/01/2011 01:12 AM 8,701 […]
IDA Pro: IDC Script for Decrypting VB Obfuscated Malware
I was playing with a piece of malware with Jun Yee and we came across an obfuscated string in the VB code. The malware itself was written in Microsoft Visual Basic 6. It has a feature that allows the malware to overwrite itself after execution just to make it a bit stealthier. Additionally, the virus […]
New features added to MyKotakPasir 2
A lot of improvements has been added in the last 2 months including security fixes, producing better report output and making the back end analysis engine more stable. The following are the list of updates: Antivirus scanning results now being taken care by VirusTotal Import Address Table Hook result Hex Dump output can be downloaded […]
MyX1: SSDT Detector and Remover
MyCERT has developed a tool to detect and restore changed address of API made by rootkit. MyX1 SSDT Detector and Remover is a part of our Malware Tracking project. Figure 1: Screenshot showing MyX1 SSDT The application relies on two two (2) files will be use upon execution: 1. ssdt.sys is used to list all […]
MyKotakPasir: Solved major problem during automated analysis.
MyKotakPasir 2 is a malware sandbox developed by Malware Research Center at MyCERT. A lot of improvements have been introduced since the first version. For instance, in the previous version, 2 different programming languages, namely Python and VB, were used to handle analysis work. Due to some teething problems with Python, I have changed everything to […]
MySuntikanAPI
MyCERT have been developing a few analysis tools for reversing. MySuntikanAPI is still in alpha version and need more improvement. Every hooked API will capture detail information to make sure we don’t miss any behavior especially in malware sample. API Hooking is same as IAT hooking. One of the tools that we created is called […]
You must be logged in to post a comment.