Tag: anti-analysis
-
VB2018 paper: Unpacking the packed unpacker: reversing an Android anti-analysis library
Though still relatively new (the first VB conference paper on Android malware was presented in 2011), malware targeting the Android mobile operating system has evolved quickly, in terms of both quantity and quality. Many of the characteristics of desktop malware are now also seen in Android malware – for example, the use of anti-analysis techniques, and…
-
VB2018 paper: Unpacking the packed unpacker: reversing an Android anti-analysis library
Though still relatively new (the first VB conference paper on Android malware was presented in 2011), malware targeting the Android mobile operating system has evolved quickly, in terms of both quantity and quality. Many of the characteristics of desktop malware are now also seen in Android malware – for example, the use of anti-analysis techniques, and…
-
VB2018 preview: Unpacking the packed unpacker: reversing an Android anti-analysis library
Seven years ago, the first VB conference paper on Android malware looked at what was then a new, but growing trend. Since then both the threat and the research community have grown enormously, and every VB conference since has featured several talks on Android malware. VB2018 is no exception. One of this year’s Android talks…
-
VB2018 preview: Unpacking the packed unpacker: reversing an Android anti-analysis library
Seven years ago, the first VB conference paper on Android malware looked at what was then a new, but growing trend. Since then both the threat and the research community have grown enormously, and every VB conference since has featured several talks on Android malware. VB2018 is no exception. One of this year’s Android talks…
-
GravityRAT malware takes your system’s temperature
Cisco Talos researchers Warren Mercer and Paul Rascagnères recently discovered and analysed ‘GravityRAT’, an advanced Remote Access Trojan (RAT) that appears to have been used in targeted attacks against organizations in India. Analysis of this piece of malware gives an interesting insight into the current state of malware development. The malware is delivered through a…
-
GravityRAT malware takes your system’s temperature
Cisco Talos researchers Warren Mercer and Paul Rascagnères recently discovered and analysed ‘GravityRAT’, an advanced Remote Access Trojan (RAT) that appears to have been used in targeted attacks against organizations in India. Analysis of this piece of malware gives an interesting insight into the current state of malware development. The malware is delivered through a…
-
VB2016 paper: Defeating sandbox evasion: how to increase successful emulation rate in your virtualized environment
In order to analyse a potentially malicious binary, an important first step is to run it in a specialised virtual environment, or sandbox environment, and see what it does – if it exhibits some known malicious behaviour, it is probably worth blocking it. However, malware authors are wise to this analysis technique, and most pieces…
-
VB2016 paper: Defeating sandbox evasion: how to increase successful emulation rate in your virtualized environment
In order to analyse a potentially malicious binary, an important first step is to run it in a specialised virtual environment, or sandbox environment, and see what it does – if it exhibits some known malicious behaviour, it is probably worth blocking it. However, malware authors are wise to this analysis technique, and most pieces…
-
Exploit kit requires link to be clicked before redirection
Automatic analysis of malicious payloads becomes a little bit harder again. A security researcher at ESET has discovered how a malicious site serving the Angler exploit kit prevents automatic analysis by making a user click a link before being redirected to the exploit kit. Having spent many hours during the past two years building a…