Python

Havex Malware Analysis and Inside Malware C&C Server

  • Posted on: 19 August 2014
  • By: siteadm

In this article I'll analyze recent Havex malware. You can read more about this malware here.

First of all I want to thank Kyle Wilhoit for providing me all samples of Havex malware.

Ok, let's start... As far as I've seen all samples of this malware have a resource called ICT (in SCADA module it is called TYU) which contains encoded config file:

Tiny Malware PoC: Malware Without IAT, DATA OR Resource Section

  • Posted on: 13 August 2014
  • By: siteadm

Have you ever wondered about having an EXE without any entry in IAT (Import Address Table) at all? Well, I knew that it's possible, but never saw an actual exe file without IAT entry. So I developed an application which is 1,536 bytes and still does basic annoying malware things. So to summarize, this tiny app:

- Enumerates following APIs:

Kernel32