Explore Joe Security Cloud Basic Accounts Subscribe to our Newsletters Contact Us
top title background image

Joe Security's Blog

Happy New Year!

The Joe Security team wishes you success, satisfaction and many pleasant moments in 2018! .


Loapi - from Static to Dynamic Instrumentation

You might have already heard about Loapi - the Android malware which will kill your phone due to exhaustive bitcoin mining. Loapi was found by Kaspersky, an excellent write-up can be found here: Jack of all trades. While Kaspersky's blog post gives a good overview, it does not provide a fine-grained analysis to deeply understand Loapi's behavior. Interesting forensic information, like Loapi's unpacking and obfuscation techniques being left out.


Threading based Sleep Evasion

Recently we came across an interesting sample: MD5: 52540f430c060a7e5753c999891514a1. A first look at the analysis revealed the following characteristics: Besides a small spike in the classification chart towards Evader, the sample does not show any interesting behavior. It becomes more intriguing when we look at the slideshow, there we can see that the executable crashes on launch. If we dig in further and look at the process we find some interesting sleeps: The sample sleeps twelve times 0.


Older Posts