Recent posts
Deep Analysis of GCleaner
GCleaner is a Pay-Per-Install (PPI) loader first discovered in early 2019, it has been used to deploy other malicious...
Dotnet String Decryptor
Welcome back! This is a short blog about reverse engineering dotnet malware. When working with dotnet malware samples...
Writing x64dbg plugins
In the previous post we talked about writing x64dbg scripts, now let's dive deeper and write our own plugin to do the...
Writing x64dbg scripts
x64dbg is an open-source x64/x32 debugger for windows, it has dozens of features that make the life of reverse engine...
YARA for config extraction
YARA is a tool aimed at helping malware researchers to identify and classify malware samples. It's considered...
Qiling For Malware Analysis: Part 2
In the first part we talked about the basics of Qiling, you can find it here, Now it's time for some real...
Qiling For Malware Analysis: Part 1
Qiling is an advanced binary emulation framework written in python and based on Unicorn...
Deep Analysis of QBot Banking Trojan
Qbot is a modular information stealer also known as Qakbot. It has been active for years since 2007. It has...