Author Archives: darryl

Deobfuscating PHPJiami

I was sent a PHP script that was protected by PHPJiami which you can find here. PHPJiami is a decent PHP obfuscator that appears to be able to bypass several online deobfuscators. Here’s what the script looks like: When you … Continue reading

Posted in Malscript | Tagged , , | Comments Off on Deobfuscating PHPJiami

ConverterNET v0.1 Released

I spent the past several months porting Converter to the .NET Framework and am finally able to release a public version of it. Many of the original functions are present and I’ve added a few more things to the menu. … Continue reading

Posted in Tools | Tagged , | Comments Off on ConverterNET v0.1 Released

Not Your Typical Ransomware Infection

An analysis of an infected PC revealed that an attacker used several NSA tools just four days after the Shadow Brokers’ dump then it burned the PC with ransomware when they were done with it. This blog post by Secdo … Continue reading

Posted in Malware | Tagged , , | Comments Off on Not Your Typical Ransomware Infection

Wild Wild West – 05/2017

Another update to the exploit kit scene. There’s been some changes but nothing very exciting. We can’t put our guards down however since this could change very easily. If anyone cares to share the source for anything in the most … Continue reading

Posted in Exploit Packs | Comments Off on Wild Wild West – 05/2017

Static vs Dynamic Analysis and the Amusing Outcome

It all started with a malicious RTF document attached to an email and a request from reader Chris (thanks for your request and help!) to locate the embedded SWF object since it was believed to contain a hidden PE file. … Continue reading

Posted in Malicious Email, Malscript | Tagged , , , , | Comments Off on Static vs Dynamic Analysis and the Amusing Outcome