Tag Archives: deobfuscation

Revelo Updated

Posted on February 15, 2015 by darryl

A colleague of mine received the following email in their Gmail in-box and wondered how it got past their filters and what it does. What almost tricked him was the fact that it called out his name. Only after looking … Continue reading

Posted in Malicious Email, Malscript, Tools | Tagged , , | Comments Off on Revelo Updated

Reversing a PHP Script Dynamically and Statically

Posted on July 11, 2014 by darryl

A reader sent me two PHP scripts because the PHP Converter program I wrote wasn’t able to handle it. They are both similar so I’ll just work on one of them in this post. Here’s what it looks like: And … Continue reading

Posted in Malscript, Tools | Tagged , , | Comments Off on Reversing a PHP Script Dynamically and Statically

Deobfuscating Magnitude Exploit Kit

Posted on November 11, 2013 by darryl

Per a couple of reader’s request, I’ll be covering how to deobfuscate Magnitude using the latest version of Converter. For those of you who don’t already know the history of Magnitude EK, you can catch up by checking out the … Continue reading

Posted in Exploit Packs, Malscript, Tools | Tagged , , , , , , | Comments Off on Deobfuscating Magnitude Exploit Kit

Unpacking a Malicious Java Applet

Posted on January 14, 2013 by darryl

Fellow researcher Denis Laskov shared the infection chain of a new exploit pack with an impressive bunch of security researchers. For some reason, I got called to help and was more than willing to contribute by analyzing the Java applet … Continue reading

Posted in Malscript, Tools | Tagged , , , | 249 Comments

Not A Very Nice Pack

Posted on November 1, 2012 by darryl

Someone just rigged an unsubscribe page with a Nice Pack drive-by! How cruel is that?! At least this gives us another reason not to click on links in email, even if it is to opt-out. Here’s the unsubscribe page: And … Continue reading

Posted in Exploit Packs, Malscript | Tagged , , , | 1 Comment