DirtyMoe: Worming Modules

Avast –  Avast –  The DirtyMoe malware is deployed using various kits like PurpleFox or injected installers of Telegram Messenger that require user interaction. Complementary to this deployment, one of…

Toss a Coin to your Helper (Part 2 of 2)

Avast –  Avast –  In the first posting of this series, we looked at a clipboard stealer belonging to the MyKings botnet. In this second part of the blog series,…

DirtyMoe: Deployment

Avast –  Avast –  Database Connection Issue Sorry, this page can’t be reached because of a database connection issue. If this is your website, you can read more about the…

The King is Dead, Long Live MyKings! (Part 1 of 2)

Avast –  Avast –  MyKings is a long-standing and relentless botnet which has been active from at least 2016. Since then it has spread and extended its infrastructure so much…

DirtyMoe: Code Signing Certificate

Avast –  Avast –  Abstract The DirtyMoe malware uses a driver signed with a revoked certificate that can be seamlessly loaded into the Windows kernel. Therefore, one of the goals…

DirtyMoe: Rootkit Driver

Avast –  Avast –  Abstract In the first post DirtyMoe: Introduction and General Overview of Modularized Malware, we have described one of the complex and sophisticated malware called DirtyMoe. The…

DirtyMoe: Introduction and General Overview of Modularized Malware

Avast –  Avast –  The rising price of the cryptocurrency has caused a skyrocketing trend of malware samples in the wild. DDoS attacks go hand in hand with the mining…

Binary Reuse of VB6 P-Code Functions

Avast –  Avast –  Reusing binary code from malware is one of my favorite topics. Binary re-engineering and being able to bend compiled code to your will is really just…