Thice.nl

Thice Security

De Star 6, 1601 MH Enkhuizen
Thice Security

Posts Categorized / Malware

Meaningful MD5 Collisions: Creating executables

19/01/2015 | Code, CTF, Forensics, Malware | by Thice

More than two years ago I worked on meaningful MD5 collisions, especially creating executables files, but I never finished my write up about this until now (hurray for having a sabbatical 😉 ). The idea behind this project was to create multiple executables with the same MD5, but with different behavior. I ended up creating […]

Perl2Exe back to Perl – 64-bit (with x64_dbg)

06/01/2015 | Code, Malware | by Thice

After posting information on my website about the Perl2Exe reversing article I published before, I got a comment with a question on how to perform the same “trick” on 64-bit Perl2Exe executables. Sadly enough at that time there was no free and easy to use 64-bit debugger available to create a similar approach for 64-bit […]

Perl2Exe back to Perl – 2014

12/08/2014 | Code, Malware | by Thice

Two years ago I published my Perl2Exe back to Perl article in Digital Forensics Magazine, more information can be found in my post here. Since I published this article in a magazine I was not allowed to post it on my own website as well, but since enough time has passed I am now allowed […]

Reverse Engineering Perl2Exe back to Perl

01/08/2012 | Code, Forensics, Malware | by Thice

In the August issue of the Digital Forensics Magazine (DFM) my article on reverse engineering Perl2Exe can be found. The article describes a way to recover the source code of the Perl program back from the executable created with Perl2Exe program. Reverse Engineering PERL2EXE Back to Perl Perl2Exe is a program which converts Perl source […]

Getting rid of the Buma Stemra ransomware malware – Windows 7

09/03/2012 | Malware | by Thice

Word reached me that my approach to get rid of the Buma Stemra Ransomware malware did not work on Windows 7. I initially only tested the approach on Windows XP, but I now took the time to test it on Windows 7 as well. The video below will show that the approach worked fine on […]

Getting rid of the Buma Stemra ransomware malware

03/03/2012 | Malware | by Thice

Since a week or so a new Dutch version of some ransomware malware is active in the Netherlands. This malware claims to be from The Buma Stemra, but of course has nothing to do with the real Buma Stemra.  The malware successfully takes over the system by replacing the start of explorer.exe with itself, so […]