Category Archives: Malicious Email

Static vs Dynamic Analysis and the Amusing Outcome

It all started with a malicious RTF document attached to an email and a request from reader Chris (thanks for your request and help!) to locate the embedded SWF object since it was believed to contain a hidden PE file. … Continue reading

Posted in Malicious Email, Malscript | Tagged , , , , | Comments Off on Static vs Dynamic Analysis and the Amusing Outcome

Locky JS and URL Revealer

From various reports, it appears that the malicious Javascript files sent via email that pull Locky down is back. Let’s see what these scripts look like: At the bottom of the script, is this function that reverses the string above, … Continue reading

Posted in Malicious Email, Malscript, Tools | Tagged , , , , | Comments Off on Locky JS and URL Revealer

Deobfuscating a Hideous-Looking JS Downloader

One of my readers, Stefano from zanna.it (thanks!), sent me this little gem: In the midst of seemingly random strings, there are clues to its structure but there’s very little to go on. I started off by grabbing a portion … Continue reading

Posted in Malicious Email, Malscript | Tagged , | Comments Off on Deobfuscating a Hideous-Looking JS Downloader

Malicious Word Macro Caught Using Sneaky Trick

There has been a slew of malicious Word documents attached to email purporting to be invoices, receipts, etc. This particular one caught my eye but I’m not sure if this is an old trick. I just haven’t seen this method … Continue reading

Posted in Malicious Email, Malscript | Tagged , , , , , , | Comments Off on Malicious Word Macro Caught Using Sneaky Trick

Revelo Updated

A colleague of mine received the following email in their Gmail in-box and wondered how it got past their filters and what it does. What almost tricked him was the fact that it called out his name. Only after looking … Continue reading

Posted in Malicious Email, Malscript, Tools | Tagged , , | Comments Off on Revelo Updated