all InfoSec news
Tofsee (part 1): Static Analysis
Malware Analysis, News and Indicators - Latest topics malware.news
It’s about time I got some more technical content on my blog and after presenting at the Malware Reverse Engineering conference in February and seeing a presentation on Tofsee, I decided to do my own analysis of Tofsee.
I downloaded a Tofsee sample (at least it was tagged as ‘Tofsee’) from Malware Bazaar. The sample’s SHA256 hash is 9aded5733ec844d31a675d461968a7f3dffd3b2287cb932e8442d09c8cb2bd20.
Let’s get started with some static analysis by running strings(1) on the malware sample:
$ strings sample.exe
Doing so shows …
analysis bazaar blog conference engineering february malware malware analysis own presentation reverse reverse engineering sample static analysis technical