Category Archives: Windows

Build nwjs12 for windows

Here is the list of steps to build nwjs12 for windows: Download up the path for depot_toolsgclientInstall VS 2013 community editionInstall Windows 10 SDKset DEPOT_TOOLS_WIN_TOOLCHAIN=0set GYP_DEFINES=”clang=0 nwjs_sdk=0 disable_nacl=1″set GYP_MSVS_VERSION=2013mkdir -p $HOME/nwjscd $HOME/nwjsgclient config –name=src    Add this to .gclient    … Continue reading

Posted in browser, Chrome, Web, Windows | Tagged , , , | Leave a comment

Dealing with pcaps in windows using Fiddler/FiddlerCore

Many a times when we receive a pcap(especially exploit packs pcaps) for malware analysis purpose we had to do lot of manual work to load it in Fiddler and extract the objects and analyze those. While using windows, i depend … Continue reading

Posted in Malware, Malware Analyzer, Tools, Web, Windows | Tagged , , , , , , | Leave a comment

Build and use PCRE in windows

Building PCRE(older version) source code in windows environment is quite easy with CMake build system. Once you checkout the code from their SVN server using following command:    svn co svn:// pcre Install the CMake build system and issue the following … Continue reading

Posted in Regex, Windows, Windows VC++ | Tagged , , | 1 Comment

Injecting code into .Net processes in WinXP

When we inject a piece of code into newly created suspended .Net process using CreateRemoteThread() technique, we will face a crash issue. The reason behind is, the .net framework will try to control the first running thread in the process … Continue reading

Posted in .Net, Windows, Windows VC++ | Tagged , , , | Leave a comment

API Hash List 5

ModuleName= C:\Windows\SysWOW64\ntdll.dll    Export: A_SHAFinal(0xE1261181)    Export: A_SHAInit(0xCF622A55)    Export: A_SHAUpdate(0x9EAB5138)    Export: AlpcAdjustCompletionListConcurrencyCount(0x9A553B02)    Export: AlpcFreeCompletionListMessage(0x4028B60C)    Export: AlpcGetCompletionListLastMessageInformation(0x89E569D6)    Export: AlpcGetCompletionListMessageAttributes(0x1768AE13)    Export: AlpcGetHeaderSize(0xA4114689)    Export: AlpcGetMessageAttribute(0x385ED4DA)    Export: AlpcGetMessageFromCompletionList(0xAB7482D4)    Export: AlpcGetOutstandingCompletionListMessageCount(0x2AFE3F4F)    Export: AlpcInitializeMessageAttribute(0xC473965E)    Export: AlpcMaxAllowedMessageLength(0x068D26E2)    Export: AlpcRegisterCompletionList(0xC94E5B22)    Export: AlpcRegisterCompletionListWorkerThread(0xAAD67568)    Export: AlpcRundownCompletionList(0x6B6BEDAC)    Export: AlpcUnregisterCompletionList(0x9B15568F)    Export: AlpcUnregisterCompletionListWorkerThread(0x35F00885)    Export: CsrAllocateCaptureBuffer(0x9DFC17EC)    … Continue reading

Posted in Malware, Windows | Tagged , , | Leave a comment

Digging deep into Recent Angler Exploit kit Fileless delivery

Recently ThreatGlass released a PCAP related to Angler Exploit kit from Looking into this, Angler EK has changed it’s obfuscation techniques to load it’s dropper from the exploit server. Let’s dig into this. The initial dropper is downloaded before … Continue reading

Posted in Exploit, Exploit Kit, Malware, Malware Analyzer, Shellcode, Windows | Tagged , , , | Leave a comment

API Hash List 4

ModuleName= C:\Windows\SysWOW64\ntdll.dll (0x3E9A174F)    Export: A_SHAFinal(0xB207C0C3)    Export: A_SHAInit(0xFE60D410)    Export: A_SHAUpdate(0x0DA114BF)    Export: AlpcAdjustCompletionListConcurrencyCount(0x624F5337)    Export: AlpcFreeCompletionListMessage(0x417B6050)    Export: AlpcGetCompletionListLastMessageInformation(0xD0EEC59D)    Export: AlpcGetCompletionListMessageAttributes(0x59EE3E7F)    Export: AlpcGetHeaderSize(0x9B342F01)    Export: AlpcGetMessageAttribute(0x8DC7D091)    Export: AlpcGetMessageFromCompletionList(0x1F7AA351)    Export: AlpcGetOutstandingCompletionListMessageCount(0x5835A85C)    Export: AlpcInitializeMessageAttribute(0xA47373D8)    Export: AlpcMaxAllowedMessageLength(0x34EB0021)    Export: AlpcRegisterCompletionList(0xFC284352)    Export: AlpcRegisterCompletionListWorkerThread(0xCBD57BCC)    Export: AlpcRundownCompletionList(0x0200896D)    Export: AlpcUnregisterCompletionList(0xB9A3E9AA)    Export: AlpcUnregisterCompletionListWorkerThread(0xA38FE148)    Export: … Continue reading

Posted in Windows | Tagged , | Leave a comment