You are here


ivan's picture

Detecting anomalies in the RICH header

A few days ago, Kaspersky published a blog post regarding a likely false flag in the wiper component of OlympicDestroyer. The attempt is based on an undocumented, lesser-known PE header called the RICH header. I don’t want to go into too much details regarding its layout, as many other sources have done a great job documenting it.

Subscribe to RSS - malware
Error | Borderline


Error message

  • Warning: Cannot modify header information - headers already sent by (output started at /var/ in drupal_send_headers() (line 1551 of /var/
  • Error: Call to undefined function each() in SMTP->Data() (line 393 of /var/
The website encountered an unexpected error. Please try again later.