PC Matic SuperShield Protects Customers from Emotet Banking Trojan

The Malware Research team here at PC Pitstop has noticed a large number of hits on seemingly randomly-generated files in our research queue. Upon further investigation, it is apparent that these files are coming from Emotet Banking Trojan. In this post we will give a brief overview of the Trojan, how we detected it, and […]

136 total views, no views today

Continue reading


Running DLL Files for Malware Analysis

READ FIRST: Disclaimer – Malware can destroy data, damage your computer, cause your computer to damage other computers, steal information, or cause other harm to property and even life in the case of a system which is in control of some equipment or machinery. When analyzing malware, you must always do so on a machine […]

1,158 total views, no views today

Continue reading


Unpacking Malware Part 2 – Reconstructing the Import Address Table

READ FIRST: Disclaimer – Malware can destroy data, damage your computer, cause your computer to damage other computers, steal information, or cause other harm to property and even life in the case of a system which is in control of some equipment or machinery. When analyzing malware, you must always do so on a machine […]

1,388 total views, 1 views today

Continue reading


Debugging and Unpacking Malicious Software

READ FIRST: Disclaimer – Malware can destroy data, damage your computer, cause your computer to damage other computers, steal information, or cause other harm to property and even life in the case of a system which is in control of some equipment or machinery. When analyzing malware, you must always do so on a machine […]

2,161 total views, 4 views today

Continue reading


What is an Advanced Persistent Threat (APT)?

In the anti-malware world, you may hear the term APT which is short for Advanced Persistent Threat. It sounds like a complicated buzzword. What is it really? Before we start talking about what an “advanced” persistent threat is, let’s just start with a plain ol’ persistent threat. In computer science, the term “persistence” is generally […]

1,770 total views, no views today

Continue reading


The High-Level Anatomy of a Malware Exploit

ETERNALBLUE, DOUBLEPULSAR, Heartbleed…. Many of us have heard of these terms and possibly of their association with malware. However, the ecosystem and jargon can be confusing. How is ETERNALBLUE really related to WannaCry and Petya? What is the difference between an exploit and a malware to begin with? As a Malware Researcher, I’ve done deep […]

2,215 total views, no views today

Continue reading


Script Engines Being Used to Distribute New Strain of Spora Ransomware

We’ve recently been covering scripting attacks in more detail on the Malware Research blog. These types of attacks have the ability to be completely fileless, as explained in a previous post. However, scripts also sometimes do come in files or accompany file-based malware. The new strain of Spora malware does just this. It uses a […]

1,947 total views, 1 views today

Continue reading


Deobfuscating JavaScript Malware

Fileless Malware

The Malware Research Team have come across some JavaScript malware as we posted about in Fileless Malware Explained last month. In this post, we will highlight one such piece of malware and specifically, the process used in deobfuscating part of the malicious code. What is Obfuscation? Code obfuscation is a group of techniques used to […]

1,440 total views, no views today

Continue reading


Fileless Malware Explained

Fileless Malware

A few days ago, Kayla wrote about Fileless Malware, and how PC Matic protects your devices from it. Malware can be so complicated and confusing to understand, that Malware Research is a full-time job… Let alone “fileless” malware. However, when explained in the proper steps, the concept is actually very easy to understand and every […]

964 total views, no views today

Continue reading


WanaCrypt0r Analysis Part II – SMB Exploit and Worm Component

Wanacrypt0r ransom screen

Introduction Part II of the WanaCrypt0r code analysis has arrived. We’re going to be starting out where we left off last time, which is with the Microsoft Windows MS17-010 Server Message Block (SMB) exploit/”worm component” that made the ransomware so dangerous by allowing it to spread to other vulnerable (not patched) systems on the network […]

903 total views, no views today

Continue reading


WanaCrypt0r – A dive into the code

Wanacrypt0r ransom screen

Introduction During the past few days, as one might expect, we’ve been getting lots of news, reports, and files for the ransomware entitled WanaCrypt0r/WannaCry/WanaCrypt. First and foremost, the good news is that customers of PC Matic SuperShield were protected from WanaCrypt0r the entire time. However, this post aims to provide a technical analysis of how […]

1,668 total views, no views today

Continue reading


Got Apple Quicktime installed on your computer? Uninstall it immediately, says Department of Homeland Security

A recent report from TrendMicro/ZDI stated that Apple has ceased development of Apple Quicktime, and has also revealed two critical vulnerabilities under their Zero Day Initiative. These two vulnerabilities are considered “remote code execution” vulnerabilities, which means a miscreant could get the victim to click on a link or visit a website, and can remotely […]

79 total views, no views today

Continue reading


Actors behind Dridex launch another spam campaign, delivering Locky Ransomware

Recent reports have indicated that the actors behind Dridex, originally a banking Trojan distributor, have switched tactics, and are now heavily pushing out a new ransomware called Locky. The current method of distribution is via a spam email, which contains a Word document. Additional reports have stated that it is being distributed via the Neutrino […]

190 total views, no views today

Continue reading