Phorpiex - An IRC wormFull reversal for the fun of it

Phorpiex is a worm controlled over IRC. It can be instructed to do mainly three things: (1) download and run other executables, including the possibility to update itself; (2) to brute-force SMTP credentials...

read
notes

The DGA in Alureon/DNSChanger

At least some of the famous DNSChanger malware samples use a domain generation algorithm (DGA) to generate five pseudo random domains. In contrast to most other uses of DGAs, the domains are never intended...

read

Kraken's two Domain Generation AlgorithmsA side by side comparison of the DGAs

A side by side comparison of the two Domain Generation Algorithms (DGA) of the Kraken malware.

read

A JavaScript-based DGAAnalysis of a defunct Proslikefan Sample

Note 2016-06-17: I later found a fully functional sample of Proslikefan and wrote about it here. Please check out the newer blog post in favor of this post. I leave this write-up of Proslikefan up,...

read