So I’ve been busy for a while and couldn’t write much, many apologies. For this article I’ll be writing about a new injection method known as Process Doppelganging and create an automated unpacker for it. Process Doppelganging is a newly discovered injection method that bypasses all AVs HIPs engine. As it has only been discovered […]

Read more

As promised, prime crypt, a new crypting service available on HackForums.Net, was looked at by the Krabs Investigation Team. A sample of it was provided to us by a fellow malwarehuntermen (not to be confused with the twitter user malwarehunterteam), and we shall put it under the critical lense of Bikini Bottom’s finest patties. Sample […]

Read more

Hello, today I would like to discuss a new malware known to the public as “Bayside RAT”. Bayside RAT is attributed to “BildungIstSuper”, a German malware developer who started a malware group known as “BotSquad”. BildungIstSuper is known for releasing malware that either (1) doesn’t function or (2) are backdoored and doesn’t function. Some of […]

Read more

fudPE is not your ordinary malware packer. Unlike the malware we normally analyze on this blog, fudPE did not originate from the private criminal youtube-exploit-kit-distributing malwarehole dubbed “HackForums”. fudPE only appeared on HF after having established a presence on other underground forums such as exploit.in. Today we will analyze a payload packed with fudPE that’s […]

Read more