Stack Overflow
Stack Overflow

Questions tagged [malware-detection]

Malware detection relates to any form of discovering whether or not a file contains undesired source instructions, that would perform malicious instructions, ranging from stealing information, directing users to unrequested actions, or even damaging the hardware. Detection attemps to discover malware while not allowing it to be executed, for this reason, most detections search for "footprints", i.e. sequencial binary code in its instructions.

233 questions
0
votes
1 answer

Olevba install linux issues

I'm doing a lab on HTB and i need to download olevba, however when i do it doesn't work. I'm using linux commands i'm using to install are, sudo apt install python3-pip then, in I'm using linux commands i'm using to install are, sudo apt install…
travis bazile
  • 1
0
votes
0 answers

How to see which files (and their path) that were infected after running LMD (Linux Malware Detect) scan?

I searched through my /var/www folder where I have around 10 different websites with Linux Malware Detection with the following command: sudo maldet --scan-all /wwwdata/ The report shows the following: PATH: /wwwdata/ TOTAL FILES: …
Jacob
  • 23
  • 5
0
votes
0 answers

File storage for possible infected files

I need upload files into my application which may be infected by malware, and then do async check. Is safe upload these files directly into rabbitmq or do I need some workaround to safe other files previously uploaded? Thank you.
Denis Stephanov
  • 4,563
  • 24
  • 78
  • 174
0
votes
0 answers

executable compiled by GCC is seen as a virus by 13 detectors on virustotal and contacts an akamai IP

This is weird, so I am trying to compile this code: #include #include typedef struct { int sz; unsigned char sequence[]; } morsechar; int main(void) { morsechar *mc = malloc(sizeof *mc + 5 * (sizeof *mc->sequence)); …
Peaser
  • 565
  • 3
  • 8
  • 16
0
votes
1 answer

Python Exe Obfuscation to Evade Windows Defender

I know this sounds kind of shady but let me explain. I wrote a program in Python to automate some tasks for my work. Now, when I try to build the project into an EXE and run it on my Windows machine, Windows Defender recognizes it as malware and…
jacksc0tt
  • 11
  • 4
0
votes
2 answers

How to specifically extract files that are in a 7z archive

I have a 7z archive that i downloaded from practicalsecurityanalytics.com that contains malware files and benign files of 117GB. The compressed size of this file is 43.8GB which is large and i do not want to extract the whole archive at once. Is…
pr1sm8
  • 1
  • 2
0
votes
1 answer

Python - Can't get the process PID modifying a file because the process is to fast

EDIT: Solved by creating rules with auditctl and then getting the logs from an specific key with ausearch. I'm basically creating a tool to detect Ransomware activity with honeypots spread across the file system. The program functionality is pretty…
Matheus Heidemann
  • 1
  • 2
0
votes
1 answer

How to read a buffer content after you call ReadProcessMemory() ? (python)

I'm building a Memory Scanner with ctypes and after I create a buffer with VirtualAlloc(), then I use ReadProcessMemory() to write the memory contents in the buffer, but how can I see the contents to search for malware strings ? VirtualAlloc()…
Leonardo Poloni
  • 3
  • 2
0
votes
1 answer

how to save gdb command result in a variable and reuse it again inside gdb?

in GDB , i want to save the result of x/x $rsp command , the value inside the address showing example: the result of the command x/x $rsp is 0xffffaaaa : (0x00400b) i want to save that address 0x00400b that i highlighted between brackets…
Noob_learner_90
  • 61
  • 9
0
votes
1 answer

How to successfully run Golang program with an http.Get calls - On Windows with MalwareBytes running?

ETA. Okay, based on some advice I'd received, I used go build main.go rather than go run main.go This puts the main.exe in my project folder (which I excluded) rather than putting a temporary main.exe in the Temp Folder (which would be bad folder…
YvetteS
  • 1
  • 3
0
votes
0 answers

Creating Kibana Dashboard based on Malware

I am thinking of creating a Kibana Dashboard to detect malware by the use of graphs/visualizations. Anyone have any ideas on how I can implement a dashboard based on different visualizations of network traffic to create this dashboard?
RedTiger66
  • 1
0
votes
1 answer

understanding cuckoo sandbox json report

I have setup cuckoo sandbox and already analyzing some malware the problem is im having a difficult time trying to understand the json report . could anyone please help me understand the following : UDP, procmemory, dns_servers , http , icmp,…
ray
  • 63
  • 8
0
votes
1 answer

Renting AWS Device Farm for testing anti-virus application

Can we use AWS Device Farm to test anti-virus application by installing real malware on rented devices?
Dania
  • 3
  • 1
0
votes
1 answer

Why my web traffic is redirected via IP 10.0.0.11 address on my Mac?

I know nothing about networking. so I need serious help here. I was on a Zoom call with my mentor and we were talking about the difference between HTTP, HTTP1, and HTTP2. Then he noticed that even websites which are supposed to use HTTP1 all of them…
Rashad Bayram
  • 59
  • 6
0
votes
1 answer

Does each language compile jump tables to custom locations, or are there specific places within ELF / PE headers for them to be?

I'm trying to figure out where jump tables (a data table pairing subroutine names with their addresses) are placed within an executable, and whether it's based on the language, the compiler, or if there's a standard placement perhaps within the…
J.Todd
  • 707
  • 1
  • 12
  • 34
1 2 3
15 16