Malware detection relates to any form of discovering whether or not a file contains undesired source instructions, that would perform malicious instructions, ranging from stealing information, directing users to unrequested actions, or even damaging the hardware. Detection attemps to discover malware while not allowing it to be executed, for this reason, most detections search for "footprints", i.e. sequencial binary code in its instructions.
Questions tagged [malware-detection]
233 questions
0
votes
1 answer
MiniFilter Driver - The right implementation and the Microsoft signature
I am working on malware analysis. I use a mini-filter driver to intercept file system access. Then I apply algorithms to detect malicious activity.
My questions:
It know that the driver will need a signature by Microsoft for a public…
fgon
- 1
- 2
0
votes
2 answers
Visual Studio Code output gets detected as malware?
So, first time code-writer here. I just got VSC and am trying to do your typical "Hello World" basic line in the output. Nothing harmful. When I run the code (shown below) I am immediately met by Avast saying they blocked me from Win32:MalwareGen. I…
Zack C.
- 1
0
votes
1 answer
What kind of anti-debugging technique doesn't allow attaching with usermode debugger?
I'm currently in the process of learning different techniques malware use to prevent debugging, and I came across an issue I can't seem to really understand. This piece of malware that I am currently trying to figure out and debug uses some kind of…
0
votes
2 answers
Androguard: 'NameError: name 'AnalyzeAPK' is not defined' error
I am trying to use androguard to analyze a malware apk file but am facing the following error.
In [1]: a,d,dx = AnalyzeAPK("malware.apk", decompiler="dad")
NameError Traceback (most recent call…
V.Abhijith Bharadwaj
- 23
- 3
0
votes
0 answers
Method to find DNS hijack?
I'm getting worried. For one specific computer where I run win10 and chrome i maybe once every 30-60 days get a different web page compared to the url I manually type in.
I have tested kaspersky and avast, but none of them found anything on my…
Anders Karlsson
- 54
- 4
0
votes
1 answer
Hiding command prompt in a cuckoo report screenshots
I am analyzing malware using cuckoo. But in the reports generated, the content on screen is hidden due to the command prompt running on the host machine. Is there a way to hide this command prompt? I tired:
cuckoo submit -o arguments="- windows…
Parth
- 2,682
- 1
- 20
- 39
0
votes
3 answers
My website contains malware
Warning: Something's Not Right Here!
www.mywebsite.com contains malware. Your computer might catch a virus if you visit this site.
Google has found malicious software may be installed onto your computer if you proceed. If you've visited this site in…
woninana
- 3,409
- 9
- 42
- 66
0
votes
1 answer
Is it posible to load a system driver from memory without it touching the filesystem directly?
Is it possible to load a signed windows driver from memory without the file ever touching the disk? If it is possible, is it trivial to achieve or are there any obstacles to overcome. To clarify, the driver may exist on the disk at some point but in…
solumnant
- 61
- 1
- 7
0
votes
0 answers
in real networks do servers send request to each other?
perhaps a silly question!!
in real networks, do servers send requests to each other? for example do a web server send request to another web server to fetch some data (for example .jpg and so on) ? or can a DNS server send request to another DNS…
taranom
- 153
- 2
- 12
0
votes
0 answers
sshd2 command consume 100% memory in ubuntu on ec2
I noticed that command sshd consume more than 100% cpu usage on EC2 Server.
I'm attaching screenshot which is result of command top.
For information : I've installed solr.Unfortunately this command use solr user.
I can't get any solution for…
Mitesh Vasava
- 707
- 6
- 13
0
votes
1 answer
Can python modules downloaded through pip(3) “phone home”, with logs of your activity?
Do I understand correctly that the best way to make sure is to go through module’s code and see for myself?
Nikita Korneev
- 5
- 3
0
votes
1 answer
Scan Javascript for Adware
I am suspecting that a popular javascript extension (which I run through GreaseMonkey) is introducing adware into my browser (Firefox). Before I report this to the original developers of the extension (or alternately report the developers!), I want…
shivams
- 923
- 12
- 27
0
votes
2 answers
How to remove injected link from drupal 7 project
Our drupal 7 site infected with this link :
https://click.clickanalytics208.com/s_code.js?cid=240&v=73a55f6de3dee2a751c3
Our google ads has been blocked by google due to this link.
We made:
All .js files immutable for same link;
Checked all code…
0
votes
1 answer
Can malware binaries be in packed form?
Recently I'm reading malware analysis. I'm going through this Malware Repository (https://github.com/ytisf/theZoo). Here we can find malware binaries. Can binaries be in packed form? If so, how can we say that these binaries are packed or not?
PS:…
Lelouch
- 23
- 3
0
votes
1 answer
Can somebody tell why I'm getting this URL is crawled more than other pages?
I checked the web stats of my site and seeing specific URL getting more hits than the other.
I just scan the site trying to find out the location but file not exist.
{"version":"1.0","provider_name":"Pragmatic Web…
Vijay
- 13
- 4