Extracting Digital Signatures from Signed Malware with pf | BOT24

Extracting Digital Signatures from Signed Malware with pf

Lot of malware/PUP (Potential Unwanted Programs)/Adwares are now digitally signed. Those signatures can contain interesting properties that can be used as Indicators Of Compromise (IOC) by analysts or used to perform some large-scale analysis on a lot of samples. As an example, let's use the recent signed dridex sample sample (5df62149bb91084eb677aecff7a8ca5fffeaaa23).

On Windows the Portable Executable file format uses IMAGE_DIRECTORY_ENTRY_SECURITY to store the information which corresponds to the 5th IMAGE_DATA_DIRECTORY. Let's use radare2 to dump the certificate using pf command.

more here.................http://radare.today/extracting-digital-signatures-from-signed-malware/


SIGN UP TO RECEIVE THE DATE OF PUBLICATION AND ADDITIONAL NEWS ON DISCLAIM AND DISCLOSE, THE MOST ANTICIPATED BOOK TO COME OUT IN YEARS HERE.....http://www.disclaimanddisclose.com/2016/03/disclaim-and-disclose.html

"Disclaim and Disclose" due out by the end of December 2016, is the true story of how the effects of early childhood and a deceptive business associate landed my name on the top of a Securities Criminal Indictment stemming from a Panamanian Drug Cartel Investigation.

Determined and on the elusive hunt for love, I trample through a sad state of infatuations completely blinded between the hype of ungrounded emotions and surrounded by the financial arena’s acquisitive players and their fury for cold hard cash.

Although the passing of my mother causes me to spiral into a severe state of depression, I begin to rise back up through the ashes and stabilize myself emotionally as well as financially; that is until it is all ripped away by one man’s ignorance and greed as twenty federal agents ascend on my Manhattan apartment complex in the early hours of the morning.

Everything I had worked so hard for, including my reputation, was now desecrated in an instant as my name spread like wildfire all over the Internet and through various media outlets placing me at the top of news headlines nationally. To make matters worse, I was now facing a possible 30 years in prison.

"Disclaim and Disclose" depicts the loss of love aggregated with the trials and incarceration from inside a Federal Prison Camp, including a cast of insane characters and a warm welcome to Shabbat dinner with an eclectic mix of Jewish cohorts and gentiles.



As I harbor an abundance of anger and imprisoned with limited liberties, I am learning that I can both start to embrace my past and look towards my future.


Share on Google Plus

About Bradley Susser

    Blogger Comment
    Facebook Comment

0 comments :

Post a Comment