Friday, January 30, 2015

A malware sample I analyzed

Recently I analyzed a malware sample. I don't know what it was or whether I completed it but I stepped through it and wrote a very detailed report about it that I'd like to share now.

It is completely possible that I have missed things in it, but honestly anyone reading through it, specially if you're at the beginner-intermediate level should get some useful information from it.

I'd love to hear more feedback on how things can be done better, and if anyone has indeed analyzed this deeper and better than me - do call me out.. and if you can get in touch with me somehow so I can learn :)

I started a new repository on Git just now - to add a lot of my random stuff that doesn't really have a specific home. Here's the link to the PDF report (no it is not malicious :)).

https://github.com/arvinddoraiswamy/blahblah/blob/master/somevirus.pdf

I cannot see how I can upload the sample to offensivecomputing so here is a link to a virus total analysis instead. I guess anyone interested should be able to find a sample using the hashes on this link.

https://www.virustotal.com/en/file/5564bed78d23ad0ad198a0dbbf4196f5fdcc1eb8529673941736db18c3257e0b/analysis/

3 comments:

ekse said...

Hi Arvind,

This is a sample of Smoke Loader/Dofoil. There is a good analysis by Fortinet.
https://blog.fortinet.com/post/the-rebirth-of-dofoil

Sébastien

Arvind said...

Thank you very much Sebastien :). I will study that report.

VnSpl0it said...

Hi Arvind,

Could you please to share me the sample file ? (my email is vietwow@gmail.com) Because I don't have account on virustotal. Thanks you so much.

Best Regards,
VietNC