🦔 📹 New Video: Can office files be malicious without Macros?

➡️ VSTO Add-Ins
➡️ External Templates
➡️ Checklist for Office analysis
#MalwareAnalysisForHedgehogs
https://www.youtube.com/watch?v=RtHHckH5IsI

🦔 📹New Video: RenPy game loads stealer, beginner friendly
➡️ strategies for finding malware in 2956 files
➡️ extracting and decompiling RenPy
➡️ remote access tool config extraction
➡️ unpacking native payload
#MalwareAnalysisForHedgehogs #RenPy
https://www.youtube.com/watch?v=Fmfg0F1e2tM

🦔📹 New Video: Modifying string decrypter for a new ConfuserEx2 variant
➡️ Defeating antis with Harmony hooks
➡️ AsmResolver
➡️ .NET string deobfuscation

#MalwareAnalysisForHedgehogs

https://www.youtube.com/watch?v=sARnT7o8L60

🦔 📹 Video: Analysis of malicious NordVPN setup
➡️ beginner-suitable
➡️ sorry, no spoilers here ;)

https://www.youtube.com/watch?v=5-OY3ISH6Bk

#MalwareAnalysisForHedgehogs

🦔 📹 New video: What breakpoints to set for unpacking malware?
➡️ Steps of unpacking stub
➡️ Breakpoint targets
➡️ VirtualAlloc from user to kernel mode

#MalwareAnalysisForHedgehogs #Unpacking
https://www.youtube.com/watch?v=fn8rAm9u4rc

🦔 📹 New Video: There is more than Clean and Malicious

➡️ 7 file analysis verdicts and what they mean

#MalwareAnalysisForHedgehogs #Verdicts
https://www.youtube.com/watch?v=XwT23XVtAw0

🦔 📹 Virut Part III: File infection analysis and bait file creation

#MalwareAnalysisForHedgehogs #Virut
https://www.youtube.com/watch?v=FcXPSpBh4ps

Virut part II: process infection and NTDLL hooking 🦔📹
➡️x64dbg scripting
➡️conditional breakpoints
➡️more import table resolving
➡️fixing control flow
➡️marking up hook code

#MalwareAnalysisForHedgehogs #Virut
https://www.youtube.com/watch?v=nuxnvjGgUQQ&lc=

🦔 📹New Video: Analysis of Virut - Part I
➡️ self-modifying code
➡️ Ghidra markup decryption stub
➡️ API resolving
➡️ unpacking
#MalwareAnalysisForHedgehogs
https://www.youtube.com/watch?v=250Bxe0qlQY

New video: Why antivirus software detects cracks as malware or PUP 🦔📹

#MalwareAnalysisForHedgehogs #cracks #antivirus
https://www.youtube.com/watch?v=KA7R9rt5r40

🦔 📹 New Video: D3fack loader analysis

➡️ Inno Setup pascal script analysis
➡️ string deobfuscation with binary refinery
➡️ JPHP decompilation

Sample was first described by @RussianPanda9xx

https://www.youtube.com/watch?v=y09ZreJaWE0
#MalwareAnalysisForHedgehogs #D3fackLoader

New Video: Why Windows system files have wrong compile timestamps 🦔📹

#MalwareAnalysisForHedgehogs #Repro
https://youtu.be/8Q_cbAolKGg?si=34Wsq8XDWdzfar1H

New Video: How to find the main code in an Electron App. Unpacking Ageostealer. 🦔📹

#MalwareAnalysisForHedgehogs #Electron #JS

https://youtu.be/kGwa9poV8OU

New Video: Auto Start Monitoring and Disinfection Training with Sysinternals Autoruns

Topics: IFEO, Run, RunOnce, Services, Scheduled Tasks, Active Setup, Startup folder

#MalwareAnalysisForHedgehogs #Disinfection #ASEPs
https://youtu.be/NNRSFrIyLUg

New Video: Packer identifiers do not tell you if a file is packed 🦔📹

#MalwareAnalysisForHedgehogs #Packer #PackerIdentifiers

https://youtu.be/ozyBOXpKm1I

New Video: C2 extraction for 3CX SmoothOperator 🦔📹

https://youtu.be/_jsgCRNcf1o

#MalwareAnalysisForHedgehogs #3CX #SmoothOperator

New Video: How the malware in 3CX SmoothOperator abuses authenticode signatures. 🎥🦔

#MalwareAnalysisForHedgehogs #SmoothOperator #3CX
https://youtu.be/jCXIKHCpvn8

New video: 3CX SmoothOperator analysis of ffmpeg with Binary Ninja
🦔📹
#MalwareAnalysisForHedgehogs #3CX #SmoothOperator
https://youtu.be/fTX-vgSEfjk

New Video: Packers, polymorphism and common misconceptions🦔📹

#MalwareAnalysisForHedgehogs #Packers
https://youtu.be/ESLEf66EzDk

New video: Does writing malware help with malware analysis? 🦔

#MalwareAnalysisForHedgehogs
https://youtu.be/vzfmjBYaTwg