Malware Analysis and Detect Response

Malware analysis isn't just part of a job, it's a
hobby. Like many in the field of DFIR, I find that playing with
samples, looking at obfuscation and reversing engineering is fun. Many Practitioners feel that sharing with the community is
important. I also feel that sharing samples, detection techniques and indicators is an important public service.  Hopefully the content in this site is found to be useful analysts who happen to come upon this page.

What's on this site?

I won't host any samples on this site, I will however share indicators and links to public sandbox runs and virustotal pages. on my blog.

On the blog I will attempt to provide some detailed analysis of samples and alert data.

In the Downloads section I will provide some custom decoders, scripts, and extraction tools for various obfuscation and encoding techniques I've observed in multiple malware campaigns.

Malware Analysis

HydraSeven Malware Loader. PDFunk.exe, PDFconverters.exe (October 25, 2023)

Malware decoders, YARA rules, and Extractors

Solarmarker Malware (December 22, 2020)

Solarmarker Analysis (December 12, 2020)

Emotet Analysis (June 22, 2018)

H-Worm Analysis (August 19, 2016)