Author Archives: darryl

Wild Wild West – 11/2016

It’s been awhile since I updated this; my apologies for the delay to those who have been asking. Many thanks to Kafeine for his expertise and invaluable feedback!

Posted in Exploit Packs | Comments Off on Wild Wild West – 11/2016

Deobfuscating the Nemucod Downloader Script

Matt Decker from hybrid-cloudblog.com sent me this script he received via email and asked for help deobfuscating this so here we go… Here’s the WSF file he sent me: About half-way down the script, I come across this. Two variables … Continue reading

Posted in Malscript, Tools | Tagged , , , , , , | Comments Off on Deobfuscating the Nemucod Downloader Script

Deobfuscating a Malicious PHP Downloader

A PHP script was sent to me by reader Nuno who got this from a hacked Joomla website and wanted to know what this was. He said this script was prepended to several legitimate PHP files. Looking into this a … Continue reading

Posted in Malscript | Tagged , , , | Comments Off on Deobfuscating a Malicious PHP Downloader

Javascript Leads to Browser Hijacking

I came across this nasty-looking script that hijacks your browser. It appears to have been around in some shape or form since 2014 but this latest version deploys an aggressive tactic I’ve not seen before. Here’s what this script looks … Continue reading

Posted in Malscript | Tagged , , , | Comments Off on Javascript Leads to Browser Hijacking

Tools Update

Several programs have been updated. You can find them on the Tools page. Converter Notable changes since the last version: – Changed textbox font to Courier to improve readability – Added reverse file option – Added compare files option – … Continue reading

Posted in Tools | Tagged , , , , , | Comments Off on Tools Update