Skip navigation.

Reversing Challenges

Regarding XOR encryption


Hi frienns,
i have a file which is xored with 256 key. i m not getting how to unxor it? i have key also.
Plz let me know how to unxor?

Buffer overflow attack in Microsoft Word targetted at the sensitive organization

| | | |

The malicious doc mail has been sent to the organization.I am analyzing it but it don't contain any malicious VB script but officemalwarescanner does show it as creating
Api-Name GetTempPath
Api-Name CreateFile
Api-Name CloseHandle
Api-name WriteFile

I am trying to find any shell code if any .

i have posted the doc file at h__p://

Need a researcher for this virus


I need someone to analysis this virus
it's md5:

I'm waiting for replies

.sisx reverse engeneering


Hi. I'm new here, as on this forums as well.
My question: how can I edit a .sisx app (Symbian)? I know that I have to use SisWare, but is not compatible with my Vista laptop.
I don't know too much about programming and nothing about C++. But I can learn and I have that willing to do something. I don't think its too difficult once I have the script, extracted from the .pkg file
I'm trying to change GUI by translating from english into my language. I really need a hand. Thanks a lot.

Anti rootkit tool


Hi guys,

Just wondering apart from the usual Rootkit Unhooker/Icesword/GMER what other anti rootkit tools out there do you use?

I wonder if there are other better tools out there which I am not aware of.


Code injection

| |

Not a new concept for sure.

A new wave of more difficult to remove malware? A new way of stealing information? Maybe.

In the last 6 months to a year it seems code injection and file infectors have "opened a new door". It's still seems to be the "replicate and destroy" but recently with infections like "Scribble" "sality" "alman" and "virut" some changes have begun to show in this "angle of attack".

Now instead of just replicating out of control the infections are replicating crazily, but also bringing down fake-alerts and other nasty things.

How to Unpack NTKRNL Secure Suite


I have a file packed with NTKRNL but I cannot unpack it using olly scripts found in tuts4you. Please help! need to verify if this is malicious or not!

Research for new rootkit >TDSS****.sys & ~5 similarly rand DLLS



I've got some samples right now of this nasty little rootkit.

Seems to be using higher level polymorphism and deletion prevention of some sort. When attacked using any type of anti-rootkit it seems to sense the attack. It will then proceed to disappear and render the antirootkit software useless against it, thus requiring about 3-5 programs to use for removal.

It's using a driver "TDSSserv" @ hklm\system\Current Control\Services\TDSSserv
hklm\system\Current Control\Services\TDSSserv.sys)

These have an imagepath and start and type. String and dword dword respectively.

A new member of the Offensive Computing team - Dante Allegro

| | | | | | | |

Hello everyone!

My name is Dante Allegro , and as the newest member of the team my job is to work with members of the commercial community who wish to purchase products and services from Offensive Computing.

If you or your company would like to utilize the Offensive Computing malware database in your commercial product, or if you have a specific job that you feel the Offensive Computing team can assist you with , please contact me and I will be quite happy to assist you.

As I am on the road quite a bit please contact me directly at dallegro ( at )

Storm Worm Reversing Challenge

Hi folks,

Over a year now, Storm has dominated the Malware of its class. (still?)
One of the biggest challenge has been the diversity of packers used on its various versions.

So here is our challenge.

1 - pick up any sample of the Storm Worm Trojan.
2 - unpack it and reconstruct the IAT if needed.
3 - upload your unpacked binary to a fileserver and submit the link here with your comments.

ps* Please don't forget to mention the md5sum of the sample you've chosen.

Clarity of the final unpacked code is what is more appreciated.
So pick up a sample packed with a packer you know quite well to save you some time.

Syndicate content