Ever received an Incident where a user machine got infected by a malicious attachment which he/she received in the email and as an Incident Responder it suspects you of having a malicious macro that takes advantage of Windows’ own legitimate tools like CMD and PowerShell. But not sure how to quickly extract and analyze macros …
Hi readers! This is probably going to be my first technical post regarding the deep analysis of any malware sample. If you would have followed my blog then you must be aware that most of my posts include building concepts related to malware analysis. However, I decided to take a break from that for a …
Before we proceed to the concept of PE File Format, which describes the internal structure of all Windows executable files, one should also know the concepts of Virtual Address (VA), Relative Virtual Address (RVA) and Offsets as these would be the foundation in helping you to understand the technical parts of the PE file format. …
Earlier, I wrote a post on “Understanding PE Structure – The Layman’s Way” and this one is a continuation to that post. I highly recommend my readers to go through that post, where I have gone detailed into the PE file format, before jumping onto this article. Since the earlier post was already too long …
From a very long time, I was thinking of writing an article where I received an email that contained an attachment having some sort of an invoice. The mail seemed legit though but however, was suspicious and I decided that it would be a good time to write up an article on how we can …