By ro0ted | February 28, 2015 - 01:07 | Posted in /b/ | 13 Comments
#ro0ted #OpNewblood What the blackhats don’t want you to know: Analyzing Adware

Today we are going to play with adware. Ever went a streaming website and it asks you to download a plugin and/or it says your chrome or firefox/ie say it’s outdated? Well I formatted today so that’s one way I know it’s bs. Let’s actually download the plugin and analyze it. :] – https://twitter.com/ro0ted/

 

So I click a random movie and I’m interrupted by this screen:

Untitled

So we download it.

Untitled

Then we open exeinfoPE:

Untitled

Okay see where it says EP Section: CODE? Remember that. Open up 7-zip.

Untitled

Untitled

Everything we need is here now how do we read it?

First we extract it:

Untitled

Click .rsrc this will show us what we can see in Resource Hacker:

Untitled

Remember we talked about the importance of RCData in the Delphi tutorial? If not go back n read. We open Resource Hacker:

Untitled

Nothing there. Open the code file in Notepad++:

Untitled

Scroll down….Don’t exit it til you know its all like that:

Untitled

Now look up that website:

Untitled

Now ask yourself….is that streaming website really harmless?

ro0ted

 


 

(In order)

Why am I teaching Reverse Engineering to inexperienced new Anons in OpNewblood?

Whitehat Lab

ASM Programming

Introduction Part 1 Ollydbg 

Introduction Part 2 Using Ollydbg and Tracing Botnets

Analyzing Botnets

 Introduction Part 3 Ollydbg: Cheating a Crackme

Introduction Part 4 Ollydbg: Your first Patch

Encryption 101

Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com

Introduction to Honeydrive: A Brief Walk Through

Installing Kippo the SSH Honeypot on a VPS Part 1: How to set it up

Resource Hacker

Dll Injection the Easy Way

Visual Basic Binaries Walk Through Part 1

Ollydbg on Steroids

Creating Patchers Part 1

Have you supported the gas mask campaign over the years?

Crack to win a gas mask gift pack

How to edit a register me crack me Pre Part 1

Unwinding Delphi Binaries Walk Through if not Preview

Cracking Delphi Part 2

Reversing Timed Trials: Ollydbg Tricks Part 3

Analyzing Adware +

 

 

(Visited 530 times, 1 visits today)


  • You can follow any responses to this entry through the RSS 2.0 feed.
  • Both comments and pings are currently closed.