Author Archives: darryl

Malicious Word Macro Caught Using Sneaky Trick

There has been a slew of malicious Word documents attached to email purporting to be invoices, receipts, etc. This particular one caught my eye but I’m not sure if this is an old trick. I just haven’t seen this method … Continue reading

Posted in Malicious Email, Malscript | Tagged , , , , , , | Comments Off

Deobfuscating a Wicked-Looking Script

Bart Blaze, one of my security researcher friends passed along this PHP script to me. Let’s have a look. It looks like PHP ate some Perl and barfed it out. First thing I asked myself is, “does this even run?” … Continue reading

Posted in Malscript | Tagged , , | Comments Off

Revelo Updated

A colleague of mine received the following email in their Gmail in-box and wondered how it got past their filters and what it does. What almost tricked him was the fact that it called out his name. Only after looking … Continue reading

Posted in Malicious Email, Malscript, Tools | Tagged , , | Comments Off

Wild Wild West – 12/2014

Added the following packs: Null Hole “Hanjuan EK” “Archie EK” “Astrum EK” “SedKit” “SPL2 Pack” Special thanks to Kafeine for his valuable input.

Posted in Exploit Packs | Comments Off

Registry Dumper – Find and Dump Hidden Registry Keys

The cybercriminals behind Poweliks implemented two clever techniques in their malware. The first was leveraging rundll32.dll to execute Javascript and the second was using a method to hide/protect their registry keys. I’ll be focusing on the second method. The technique … Continue reading

Posted in Malscript, Tools | Tagged , , , | Comments Off