Tag Archives: sirefef

Analysis of a self-debugging Sirefef cryptor

Recently I wrote a blog post about a legitimate website spreading Sirefef malware. Then I continued with a deeper analysis and noticed that it uses an interesting cryptor. Malware authors spread many new variants of malware every day. These variants often look completely different at the first glance. That’s why regular updates of your antivirus […]

Regents of Louisiana spreading Sirefef malware

I was given a suspicious website link pointing to the website belonging to Board of Regents of State of Louisiana. This link points to the main website hxxp://regents.la.gov/, followed by /wp-content/upgrade/<numbers>.exe, where <numbers>.exe represents several random numbers, followed by EXE extension. A link looking like the following one hxxp://regents.la.gov/wp-content/upgrade/<some_numbers>.exe seems suspicious at first glance. Websites […]