Jump to content

Search the Community

Showing results for tags 'samples'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 5 results

  1. Top Maliciously Used APIs Today I’m going to be discussing the top APIs imported from a large number of confirmed malware samples. This all started out of a curiosity and a lack of research published surrounding the topic. I’m not 100% sure I reached any concrete conclusions after completing this experiment but here are my results and the conclusions I drew. The Experiment Download the largest collections of malware that I could find (making sure all samples were unique and confirmed on VirusTotal) then proceed to retrieve the imports of all of the PE files. I ended up with 549,035 PE samples with a final uncompressed size of just over 5TB. Once I retrieved all of my samples (thanks to virusshare.com and my own personal collection) I proceeded to write a multi-threaded python script (yes it was terribly slow) that would retrieve all the imports and count the number of times each sample uniquely imported an API. The script then racked and stacked the results to show which APIs were imported the most. The Results There was a final total of 120,126 uniquely imported APIs. A much larger number than I would have predicted. There was a total of 21,043 samples with no imports at all compared to 527,992 samples that did import at least one API. There were a number of interesting findings. I’m attaching a PDF with the all of the imports at the end. Finding #1 The first result that I found interesting was that only 3.8% of the samples had no imports at all. That means that less than 5% of the files were either packed with no imports, statically included their dlls, or were using their own methods for finding and importing APIs outside of the PE import table. This is fairly interesting and not personally what I’ve seen in the wild. Top Ten Imported APIs #1 GetProcAddress 394546 #2 LoadLibraryA 344607 #3 GetModuleHandleA 305054 #4 ExitProcess 301073 #5 VirtualAlloc 244900 #6 WriteFile 223855 #7 GetModuleFileNameA 221006 #8 CloseHandle 220358 #9 RegCloseKey 213748 #10 VirtualFree 211790 Finding #2 The second and most important result was the top ten imported APIs. If you compare the top ten APIs vs. the remaining imported APIs there’s a significant drop off. I expected some APIs such as WinExec to have a much larger import (one of my personal favorite APIs) but it was only imported 31,943 times, this is a significantly smaller number than the number one import. Even from the number one import to the number three import there is a fairly significant difference. What this tells me is that there is a significant number of malicious files that are dynamically loading their own libraries at run time (good potential for being packed), a very interesting result. Attached is a graph showing the large drop off after GetProcAddress and LoadLibraryA (only top 100 imported APIs are graphed). top100apis Finding #3 One of the most interesting results from this experiment was the large number of APIs imported (120,126). I wasn’t expecting this so I began look through some of the imports to look for any common trends that stuck out. What became clear is that a number of APIs were being imported from 3rd party dll’s. For example av_dup_packet was imported from an audio dll (FFmpeg: libavcodec/avpacket.c File Reference). After some discussion with my friend Matt Weeks (scriptjunkie – website linked below), it’s likely that these APIs are being used to break AntiVirus sandboxes (and potentially malware sandboxes like Cuckoo). Further there are a number of imports that are just aliases to Windows APIs such as vlc_memset (alias to memset). These are two interesting techniques that would work great for evading a heuristic or signature based AV product that’s examining imports. To read more about these techniques I included a link in the Resources section at the bottom. Finding #4 There were a large number of Windows SystemFunction APIs imported (undocumented Windows APIs). Specifically there were 38 SystemFunction imports, ranging from being imported 122 times to just 10. While this is not unexpected, I did find some of their imports interesting. I expected the largest number of imports to be from function to help with retrieving passwords or hashes from the system but it doesn’t appear that was the case (at least from my knowledge of the methods used to retrieve passwords or hashes from Windows). The most imported SystemFunction was SystemFunction040 which is an alias for RtlEncryptMemory according to the MSDN. More interestingly, SystemFunction006 was the third most imported SystemFunction, this is used in the current version of Mimikatz (Google if you don’t know what Mimikatz does). There were some remaining imports which struck me as interesting but overall nothing I didn’t expect. For example one file imported an API from the SKIDROW dll. SKIDROW is a notorious cracker group of commercial protection in PC games, I can only imagine what this sample was trying to do. Feel free to draw your own conclusion from these results, I’d love to hear any thoughts on these findings. Findings PDF Attached here are the results of the findings in a PDF. If you’d like the excel file to perform your own analysis on please email me at nullbnx@bnxnet.com. Malware APIs Results PDF Resources Virus Share Paper on AV evasion with APIs MSDN Script Junkie’s Blog Source : https://www.bnxnet.com/top-maliciously-used-apis/
  2. Download: duqu 2.0.rar pass: virus
  3. Equation samples: https://www.dropbox.com/s/latggdox9s3xv4t/Equation_x86_x64.zip mai multe despre subiect: https://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/ https://rstforums.com/forum/97370-russian-researchers-expose-breakthrough-spying-program.rst https://rstforums.com/forum/97377-brand-hard-disk-firmware-worldwide-riddled-nsa-spy-kit.rst
  4. Shaking Samples Big EDM Pack WAV MiDi Ni Massive Shaking Samples Big EDM Pack WAV MiDi Ni Massive TEAM MAGNETRiXX 23 September 2014 | 1.11 GB Shaking Samples presents "BIG PACK EDM" A collection of four packages of samples inspired by the world superstar djs and producers. If you are a fun of productions from W & W, Showtek, Hardwell, Dimitri Vegas and Like Mike, Tiesto, David Guetta, Steve Aoki, Garrix Martin, R3hab, BlasterJaxx, then, this pack is made for you. Royalty-Free: All of the content in this Download is 100% royalty-free. Once Purchased, you can use in Original sounds in your own commercial music releases with no restrictions. Big EDM Pack Contains: -Pack 1: - 5 Kits - MIDI Files - Standard Wavs At 24 Bit - Bonus Loops - Over 1.24 Gb Of Content -Pack 2: - 5 Kits - MIDI Files - 133 Samples Wavs At 24 Bit - Bonus Loops - Over 287,2 Mb Of Content -Pack 3: - 14 Booming Basslines - 27 Big-Room Beats - 37 Killer Synths - 28 Euphoric Fx - 11Claps&Snares - 10 Hats - 13 Punchy Kicks - 13 Percs - 23 MIDI - 16 Bonus Loops - Total 328.8 Mb -Pack 4: - 58 Nmsv Massive Presets. - Bonus (20 Hard Kicks Loops-14-14 Midis) - Over 1.9 Gb Of Content home page sounds.beatport.com/pack/big-edm-pack/9454 DOWNLOAD LINKS: http://u19822771.letitbit.net/download/91419.936c783b8d4085a27e813b457f63/mgn-skgslbempk.part1.rar.html http://u19822771.letitbit.net/download/32301.3d08e67afdb41d2d900903cfe34d/mgn-skgslbempk.part2.rar.html http://uploaded.net/file/8nk96iuu/mgn-skgslbempk.part1.rar http://uploaded.net/file/ie0c88cb/mgn-skgslbempk.part2.rar http://rapidgator.net/file/3e9f1ebf6861781bd202fca415ed0ca7/mgn-skgslbempk.part1.rar.html http://rapidgator.net/file/674e76be9aff70172f2d225e085a0413/mgn-skgslbempk.part2.rar.html http://www.uploadable.ch/file/zpQnGVCtsKDj/mgn-skgslbempk.part1.rar http://www.uploadable.ch/file/Vuwk7rpWR7Nc/mgn-skgslbempk.part2.rar
  5. Fox Samples EDM Toolbox WAV MIDI FXB Fox Samples EDM Toolbox WAV MIDI FXB DISCOVER\SYNTHiC4TE | The Brotherhood Release | 711 MB 'EDM Toolbox' from Fox Samples is a hot new product that will give your EDM production the edge it needs. This pack consists of guitar loops, piano loops and pluck loops all at 128 BPM. MIDI is also included. Each loop comes as dry, processed and sidechained. All pianos and plucks also come with MIDI data giving you full flexibility to adapt the loops to your tracks. As an extra, you also get 20 Sylenth1 pluck presets. Totalling 300 files and close to 1 GB of content, this pack will bring you the elements you need for your next EDM anthem. This product features 24-Bit WAV loops and includes MIDI files. All loops are 100% Royalty-Free. Product Features: • 300 Loops at 128 BPM • MIDI included • Guitars, pianos & plucks • Sylenth1 soundbank (20 presets) • 100% Royalty-Free • Over 960 MB of content • 24-Bit WAV • Tempo and key-labelled home page producerloops.com/Download-Fox-Samples-EDM-Toolbox.html DOWNLOAD LINKS: http://u19822771.letitbit.net/download/81224.82eae7234d8acbb960c8ea9d2f1b/EDM.Toolbox.rar.html http://uploaded.net/file/kuqoyb3w/EDM.Toolbox.rar http://rapidgator.net/file/7ee72e00f64c9b3c43b5d2afdc639e48/EDM.Toolbox.rar.html http://www.uploadable.ch/file/FA9REMgbGWMe/EDM.Toolbox.rar
×
×
  • Create New...