Malware Analysis

DLL side loading technique leveraged by Qakbot to carry out its attack

bySatyajit Daulaguphu
November 5, 2022

QBot is a banking trojan that steals victims’ credentials and is usually spread via phishing campaigns. QBot aka QakBot malware has been there for a decade as it frequently evolves new techniques to attack victims. Recently, several articles have been making rounds regarding the new variant of QakBot leverages DLL Side Loading technique to spread ... Read more

MMalware Analysis

bySatyajit Daulaguphu
August 15, 2022

In this article, we will look at the PE Structure or Portable Executable file format (PE File Format), which is important in understanding the internal structure of an executable file. Once you have an overall idea about what’s inside the executable file and how it works in Windows, it will become easy to analyze any ... Read more

MMalware Analysis

bySatyajit Daulaguphu
April 7, 2022

In this article, we’ll take a look at some of the most common malware persistence mechanisms as malware likes to persist whenever they take control of any compromised system. Windows has a lot of AutoStart Extension Points (ASEP) which makes it easier for the malware to persist so that it can continue doing its work ... Read more

MMalware Analysis

Understanding Concepts of VA, RVA and File Offsets

bySatyajit Daulaguphu
October 24, 2019

Before we proceed to the concept of PE File Format, which describes the internal structure of all Windows executable files, one should also know the concepts of Virtual Address (VA), Relative Virtual Address (RVA) and File Offsets as these would be the foundation in helping you to understand the technical parts of the PE file ... Read more

MMalware Analysis

Import Address Table of an Executable File

bySatyajit Daulaguphu
August 27, 2019

Earlier, I wrote a post on Understanding PE Structure – The Layman’s Way and this one is a continuation of that post. I highly recommend my readers to go through that post, where I have gone detailed into the PE file format, before jumping onto this article. Since the earlier post was already too long ... Read more

MMalware Analysis

bySatyajit Daulaguphu
December 22, 2018

For the past couple of months, I thought of implementing an internal Sandbox (Cuckoo Sandbox) for my organization as you cannot rely totally on other community-based sandboxes available on the internet like Hybrid Analysis, Joe Sandbox, Reverse It, etc. What is Cuckoo Sandbox? Cuckoo sandbox is an open source automated malware analysis system which is ... Read more

Malware Analysis

How QakBot Leverages DLL Side Loading Technique? – Technical Analysis

Mastering PE Structure for Malware Analysis: A Layman’s Guide

11 Critical Malware Persistence Mechanisms You Should Be Familiar With!

Understanding Concepts of Virtual Address (VA), Relative Virtual Address (RVA) and File Offsets

Exciting Journey Towards Import Address Table (IAT) of an Executable

Install Cuckoo Sandbox For Real-Time Malware Analysis [Part 1]