notes

The DGA of PadCryptVersions 2.2.86.0 and 2.2.97.1

EDIT 2016-03-06: I completely missed that Lawrence Abrams of BleepinComputer.com not only reversed the DGA of PadCrypt long before me, but also tweeted an updated version of the DGA. Many thanks to...

read
notes

The DGA of Qakbot.T

Qakbot, Akbot or Qbot is an older banking trojan from 2009 that underwent multiple modifications ā€” Symantec calls the current version Generation 10, Microsoft arrived at letter ā€œUā€ . Since at least...

read

Phorpiex - An IRC wormFull reversal for the fun of it

Phorpiex is a worm controlled over IRC. It can be instructed to do mainly three things: (1) download and run other executables, including the possibility to update itself; (2) to brute-force SMTP credentials...

read
notes

The DGA in Alureon/DNSChanger

At least some of the famous DNSChanger malware samples use a domain generation algorithm (DGA) to generate five pseudo random domains. In contrast to most other uses of DGAs, the domains are never intended...

read