The DGA of PitouAnalyzing a Virtualized Algorithm

The domain generation algorithm (DGA) of Pitou runs in kernel mode and is protected by a virtual machine, which makes it the hardest DGA I have reverse-engineered so far. This blog post shows, after...

read

The new Domain Generation Algorithm of Nymaim

The Nymaim malware first appeared in 2013. It is mainly used as a downloader for other malware such as ransomware, but it later also started manipulating search results for click fraud. Many great...

read

The DGA of Sisron

Sisron was part of a financial fraud and identity theft botnet. It was taken down by Microsoft in the anti-botnet operation B106. The malware uses a very simple domain generation algorithm (DGA) that...

read
notes

The DGA of Qadars v3

In March, the following sample caught my attention because it relies on a Domain Generation Algorithm (DGA) to communicate with its C&C-servers: md5 0dcbb31cbc5279293cb5ebf4cd9eff4e

read