Skip to main content
Borderline

Navigation principale

  • Chrysalide
  • Home

Breadcrumb

  1. Home

manalyze

By Ivan, 3 December, 2018
Screenshot of the manalyzer.org website

Detecting anomalies in the RICH header

A few days ago, Kaspersky published a blog post regarding a likely false flag in the wiper component of OlympicDestroyer. The attempt is based on an undocumented, lesser-known PE header called the RICH header. I don’t want to go into too much details regarding its layout, as many other sources have done a great job documenting it.

Tags

  • malware
  • manalyze
By Ivan, 7 June, 2017
Process hollowing diagram

Process Hollowing with Manalyze's PE library

For some reason, articles about process injection techniques seem to be popular these days, and I thought it was the perfect opportunity to write something I have had in mind for a long time. As some of you may know, I maintain Manalyze, a static analyzer for PE executables. One key part of this program is obviously its parser, as writing PE parsers is notoriously hard. For this reason, I took great pains to make sure this part of Manalyze could be reused in other projects.

Tags

  • manalyze
manalyze

Language

  • 🇺🇸 English
  • 🇫🇷 Français
RSS feed

Find me on social media