The Faulty Precursor of Pykspa's DGA

Pyskpa is a worm that spreads over Skype. The malware has been relying on a domain generation algorithm

read

Win32/Upatre.BI - Part FourPayload Format

This last article is all about the second stage payload of Upatre. The first part shows how the...

read

Win32/Upatre.BI - Part ThreeMain Loop

This blog post analyzes the core routine of Upatre. It is covered in only one of my four parts on...

read

Win32/Upatre.BI - Part TwoConfig

The first blog post of the series on Upatre showed how to unpack the malware. You can download the...

read