Author

Topic: TwentyThree's Software and Malware Analysis Service (Read 305 times)

newbie
Activity: 11
Merit: 0
What can you do that virustotal can not ?

Virustotal is sort of useful tool for the first 5 minutes of analysis, but like all AVs it determines the behavior of a program in its own virtual environment. If malware is written to detect that, it will run normally and Virustotal will not detect it. However, Virustotal and other AV companies have an agreement to share samples which are uploaded. Sometimes they will include Virustotal submissions even if the file is not malicious. It's qualitatively equivalent to any other AV, but with all their different approaches to malware detection.

No technology can yet supersede a few years worth of skill and human intuition.

Do you offer ip tracking of trojan master or just determine mallability of programs ?!

Implied in "network analysis." I can tell you much more than just the maliciousness of a software. Depends on what you ask for.

Edit: IP tracking might be tricky. It really depends on the software. If the author is intelligent, they would use TOR and similar shit. I would have to look at the sample to determine the difficulty and price, and give you a better answer.

Cheers

How do you mean tor ?! afaik you cant use tor as gateway for usual no-ip or dyn-dns redirects.
If you said proxy or vpn i would agree, but so far i am yet to find someone using tor for this particular thingy. (highly fuzzed about this)

It's trivial for malware to use TOR to connect to a command / control server or a collector. Malware which uses TOR is old news. Both TOR and VPN rely on TCP/IP to get to the next node / VPN server, otherwise routing would be impossible, but it takes much more work to trace the connection (you would need control over the nodes in between, or the VPN server).

Cheers
legendary
Activity: 1722
Merit: 1000
Satoshi is rolling in his grave. #bitcoin
What can you do that virustotal can not ?

Virustotal is sort of useful tool for the first 5 minutes of analysis, but like all AVs it determines the behavior of a program in its own virtual environment. If malware is written to detect that, it will run normally and Virustotal will not detect it. However, Virustotal and other AV companies have an agreement to share samples which are uploaded. Sometimes they will include Virustotal submissions even if the file is not malicious. It's qualitatively equivalent to any other AV, but with all their different approaches to malware detection.

No technology can yet supersede a few years worth of skill and human intuition.

Do you offer ip tracking of trojan master or just determine mallability of programs ?!

Implied in "network analysis." I can tell you much more than just the maliciousness of a software. Depends on what you ask for.

Edit: IP tracking might be tricky. It really depends on the software. If the author is intelligent, they would use TOR and similar shit. I would have to look at the sample to determine the difficulty and price, and give you a better answer.

Cheers

How do you mean tor ?! afaik you cant use tor as gateway for usual no-ip or dyn-dns redirects.
If you said proxy or vpn i would agree, but so far i am yet to find someone using tor for this particular thingy. (highly fuzzed about this)
newbie
Activity: 11
Merit: 0
What can you do that virustotal can not ?

Virustotal is sort of useful tool for the first 5 minutes of analysis, but like all AVs it determines the behavior of a program in its own virtual environment. If malware is written to detect that, it will run normally and Virustotal will not detect it. However, Virustotal and other AV companies have an agreement to share samples which are uploaded. Sometimes they will include Virustotal submissions even if the file is not malicious. It's qualitatively equivalent to any other AV, but with all their different approaches to malware detection.

No technology can yet supersede a few years worth of skill and human intuition.

Do you offer ip tracking of trojan master or just determine mallability of programs ?!

Implied in "network analysis." I can tell you much more than just the maliciousness of a software. Depends on what you ask for.

Edit: IP tracking might be tricky. It really depends on the software. If the author is intelligent, they would use TOR and similar shit. I would have to look at the sample to determine the difficulty and price, and give you a better answer.

Cheers
legendary
Activity: 1722
Merit: 1000
Satoshi is rolling in his grave. #bitcoin
What can you do that virustotal can not ?
Do you offer ip tracking of trojan master or just determine mallability of programs ?!
newbie
Activity: 11
Merit: 0
I'm an experienced software reverse engineer and I'm offering a simple service for malware analysis.
I most often use IDA for static analysis, and windbg / gdbpeda for dynamic. I also use a variety of tools to observe changes in the OS environment, depending on the OS, as well as network analysis.

If you have a piece of software that looks suspicious, and need proof, I can help you.
If you want to know exactly what the software is doing, and what's at risk (your wallet, passwords, etc), I can help you.

Yes, I do Linux malware as well. Linux is not an inherently secure system, either. The most secure system you can have is *you*, if you are careful.

Give me the sample, then we can negotiate a price and escrow.
Price range: 0.2 BTC - 2.0 BTC is expected.

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I do not want any of your personal details, I will never ask you to download anything,
and I will never ask for access to your shit. All posts concerning business with this
service will be signed by a PGP key, which I created for this account on the date of
this post.

497F D552 2079 7C2E FEAA BAC2 BC66 E086 848F F923
http://pgp.mit.edu/pks/lookup?op=vindex&fingerprint=on&search=0xBC66E086848FF923

or search for this fingerprint on the keyservers: 0xBC66E086848FF923

Antiviruses are and were never good at catching malware. They look for certain
signatures (behavioral and static) that can change easily to bypass the AV's detection
programming. For example, a lot of malware I deal with bypass heuristic detection
by AVs by looking for cues, such as files / folders in the AVs fake runtime environment
(where software is run when analyzed), then changing its own behavior to act like a
normal program. The type of malware that usually gets caught are the ones created by
some script kiddie in their mom's basement or just old. If you want to be completely sure,
an antivirus will only give you the illusion of security.

If any of you want to learn more about malware analysis I would be more than happy to
help, since it's a fun thing to do.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWGYFFAAoJELxm4IaEj/kj55AP/RD0O0HSAa9PEdrTxuUcLLba
nCU7i9p+byoHgZMR8t7yi/RRxQ23d909qU845tbMIX3/64lcka5iekVxBJ8P84+p
R+tPgK1fxA46YxvuZHf2e3gPwR2gNoGtJ/6JQciOKTVZrHY3w+yTPtPNCHh8H3LX
8DfcqVA5EQy4bhu0oPImQElOhAc8BrNWHacr528IVdIt2S5t6ARX2PrlGYkFKPpk
zppExFd3EH9GUWyXrQHqCGz2Vsl+XYdUE0FTh1V9GaaYmXqn/I9uIxz2Q86vGu1Y
Is4dBi4cfmpsMuToJKBGjMwBSVlU6noaliXXtSp40RKlzRCTwHQ/KVWsLjtmyXo5
/QyYtVSFVYvGTCoMBEVRra/kCCRJjZeiSGz6qnu1wdf6/Pno8ZumA/TlgEGo9LUL
YFF9JxGPPawQkKqhimTpGUUIsmk/Aj6aC3Az5+BghFEohufdL7WfKtn0yuf4keAX
Ua9hVI8kUiZv+sujh/6atp0wgYgZQlEgc6z90e8SK8GD2wfixu4CL2XC3PFy+UBK
eeZSFf41tZoVxBDbMZ8dGJo5sbMfyBDLu7qLIAG7RX71sM8a/goEpOo6fwfFTQfa
F5Xz+3SQTPQc+mjOFsdFQn2qbkuu2KOWlRhxhLzi2wn3C+dD0MUBOkJ2gOS+vhcj
jypcoMeweUA0DhjbNOvR
=+pes
-----END PGP SIGNATURE-----


Jump to: