[Crimeware] Researches Reversing about Eleonore Exploit Pack

November 3, 2009


[Malware] BDS/PHP.Agent.DW.8 Dissection

November 2, 2009

[Malware] BDS/PHP.Agent.DW.8 Dissection

[Malware] PHP-PBot Dissection

November 1, 2009

Redirection : http://evilcodecave.blogspot.com/2009/11/malware-php-pbot-dissection.html

A new case of MSN Identity Theft let-people-laugh

September 16, 2009

Redirection to my second blog:


W32/Skintrim Reverse Engieering of a Badly Coded Malware #4

August 17, 2009




Giuseppe ‘Evilcry’ Bonfa’

W32/Skintrim Reverse Engieering of a Badly Coded Malware #1

July 31, 2009

The first part of W32/Skintrim Reverse Engieering


Blackberry Spyware

July 27, 2009


Reversing in Pills – Fast Notes around Infostealer.Banker.C

June 7, 2009

Notes about Reverse Engineering of Malware Banker Infostealer.Banker.C with OllyDbg 2

Fast Notes About Infostealer.Banker.C


Giuseppe ‘Evilcry’ Bonfa’

Backdoor.Win32.UltimateDefender Reverse Engineering

December 8, 2008


I’ve released Backdoor.Win32.UltimateDefender.gtz Reverse Engineering on my Website:



Giuseppe ‘Evilcry’ Bonfa’

IDA Pro Enhances Hostile Code Analysis Support

October 4, 2008


IDA Pro is really amazing, new IDA ( 5.4 ) will have an innovative support for Hostile Code Analysis, that consists on a Bochs Emulated Debug Environment.

“The next version of IDA will be released with a bochs debugger plugin, and what is nice about is that you will be able to use it easily by just downloading bochs executables and telling IDA where to find it.”

“Finally comes the pe loader, which is a specialized bochs loader, that will read your PE file and create a virtual environment similar to windows environment, trying to mimic basic demands for a PE file (import resolution, SEH, api emulation backed by IDC scripts).”

What to say? is a really great enhancement for Malware Analysis 😉

Here you can watch the first video on Bochs Debugging http://hex-rays.com/video/bochs_video_1.html


Giuseppe ‘Evilcry’ Bonfa’ 🙂