Blog Archive

March 17, 2025

One of the most famous banking Trojans back in 2014.

February 2, 2025

In this article, we take a look at how Qbot dynamically decrypts strings, creates API structs, and decrypts payloads. Then, we discuss about dealing with them using Binary Ninja and Binary Refinery.

January 25, 2025

Here we come to the next part of my write-up for Z2A custom sample. I will analyze the stage 2 of this sample, and also extract the final stage.

December 7, 2024

After many theoretical chapters, we finally move to a practical session with a custom sample. This is part one of my analysis.

December 4, 2024

Recently, I’ve become very interested in learning how to use the Binary Ninja API to build a deobfuscator. So, I read all their posts and started with a simple challenge from the Grand Reverse Engineering Challenge.

November 10, 2024

This is just a note for some Windows Structures that I found useful to look back on while analyzing

October 10, 2024

Unpacking is well-known as a method for malware to hide its actual payload. Understanding this concept is fundamental for malware analysis.