Tag Archives: shellcode

Static vs Dynamic Analysis and the Amusing Outcome

It all started with a malicious RTF document attached to an email and a request from reader Chris (thanks for your request and help!) to locate the embedded SWF object since it was believed to contain a hidden PE file. … Continue reading

Posted in Malicious Email, Malscript | Tagged , , , , | Comments Off on Static vs Dynamic Analysis and the Amusing Outcome

PDF Analysis using PDFStreamDumper

PDFStreamDumper is a PDF analyzer developed by Sandsprite’s David Zimmer. He has added quite a bit of useful functions to make this an all-in-one, go-to tool as you’ll soon see. Here’s a spear-phish email that contains a malicious PDF file … Continue reading

Posted in Malicious Email, Tools | Tagged , , | 2 Comments

Reversing the Incognito Exploit Kit

Looks like Incognito got updated yet again. Let’s reverse the Javascript exploit code… First let’s clean this up (the complete script is here)! You can see it’s now using p, div, and span tags to hold the obfuscated code which … Continue reading

Posted in Exploit Packs, Malscript | Tagged , , , , , , | 5 Comments

Flash 0Day Found in Drive-By

The recently announced Adobe Flash 0day exploit (CVE-2011-0611) has been found in the wild as a drive-by download. The exploit targets Adobe Flash Player version 10.2.153.1 and works quite reliably. Here’s a portion of Javascript code for an exploit shared … Continue reading

Posted in 0-Day, Malscript | Tagged , , , , , | 4 Comments