You are here

malware

ivan's picture

Detecting anomalies in the RICH header

A few days ago, Kaspersky published a blog post regarding a likely false flag in the wiper component of OlympicDestroyer. The attempt is based on an undocumented, lesser-known PE header called the RICH header. I don’t want to go into too much details regarding its layout, as many other sources have done a great job documenting it.

Subscribe to RSS - malware
Error | Borderline

Error

Error message

  • Warning: Cannot modify header information - headers already sent by (output started at /var/blog.kwiatkowski.fr/includes/common.inc:2821) in drupal_send_headers() (line 1551 of /var/blog.kwiatkowski.fr/includes/bootstrap.inc).
  • Error: Call to undefined function each() in SMTP->Data() (line 393 of /var/blog.kwiatkowski.fr/sites/all/modules/smtp/smtp.transport.inc).
The website encountered an unexpected error. Please try again later.