[Crimeware] Researches Reversing about Eleonore Exploit Pack

November 3, 2009

http://evilcodecave.blogspot.com/2009/11/crimeware-researches-about-eleonore.html


[Malware] BDS/PHP.Agent.DW.8 Dissection

November 2, 2009

[Malware] BDS/PHP.Agent.DW.8 Dissection


[Malware] PHP-PBot Dissection

November 1, 2009

Redirection : http://evilcodecave.blogspot.com/2009/11/malware-php-pbot-dissection.html


A new case of MSN Identity Theft let-people-laugh

September 16, 2009

Redirection to my second blog:

http://evilcodecave.blogspot.com/2009/09/new-case-of-msn-identity-theft-let.html


W32/Skintrim Reverse Engieering of a Badly Coded Malware #4

August 17, 2009

Redirection:

http://evilcodecave.blogspot.com/2009/08/w32skintrim-reverse-engieering-of-badly.html

Regards,

Giuseppe ‘Evilcry’ Bonfa’


W32/Skintrim Reverse Engieering of a Badly Coded Malware #1

July 31, 2009

The first part of W32/Skintrim Reverse Engieering

http://evilcodecave.blogspot.com/2009/07/w32skintrim-reverse-engieering-of-badly.html


Blackberry Spyware

July 27, 2009

http://evilcodecave.blogspot.com/2009/07/blackberry-spyware.html


Reversing in Pills – Fast Notes around Infostealer.Banker.C

June 7, 2009

Notes about Reverse Engineering of Malware Banker Infostealer.Banker.C with OllyDbg 2

Fast Notes About Infostealer.Banker.C

Regards,

Giuseppe ‘Evilcry’ Bonfa’


Backdoor.Win32.UltimateDefender Reverse Engineering

December 8, 2008

Hi,

I’ve released Backdoor.Win32.UltimateDefender.gtz Reverse Engineering on my Website:

http://evilcry.netsons.org/tuts/Mw/Backdoor-UltimateDefender.pdf

Regards,

Giuseppe ‘Evilcry’ Bonfa’


IDA Pro Enhances Hostile Code Analysis Support

October 4, 2008

Hi,

IDA Pro is really amazing, new IDA ( 5.4 ) will have an innovative support for Hostile Code Analysis, that consists on a Bochs Emulated Debug Environment.

“The next version of IDA will be released with a bochs debugger plugin, and what is nice about is that you will be able to use it easily by just downloading bochs executables and telling IDA where to find it.”

“Finally comes the pe loader, which is a specialized bochs loader, that will read your PE file and create a virtual environment similar to windows environment, trying to mimic basic demands for a PE file (import resolution, SEH, api emulation backed by IDC scripts).”

What to say? is a really great enhancement for Malware Analysis 😉

Here you can watch the first video on Bochs Debugging http://hex-rays.com/video/bochs_video_1.html

Regards,

Giuseppe ‘Evilcry’ Bonfa’ 🙂