Do you use Gmail? If you do, you might have noticed a new addition to…

Encryption; why it should matter to you

Springtime for us means it’s time for none another than…spring cleaning! And if there is…

How to spring clean your PC!

Remember that time that you, channeling your inner diva, began to belt it out on…

The dangers of public WiFi

Chalk it up to the fact that homo sapiens have always had to find new…

Curiosity killed the computer

Perhaps it’s no coincidence that “adware” and “annoying” both start with the letter A, because…

Adware goes rogue

We have written a lot about ransomware in all different forms and incarnations here on…

Ransomware, Ransomware , Everywhere

We’re betting you love your smartphone. It’s okay if you do, because you’re in good…

The Banking Trojan in Your Pocket (or, Why Your Smartphone is Way Less Secure Than you Think it is)

Where were you in 2012? If you were on LinkedIn back then, there’s a good…

Have you Been Pwned in the LinkedIn Data Dump? Here is how to Tell!

Remember how your crazy old Aunt Sally stashed all her money in between mattresses because…

Lessons from the SWIFT Fiasco; Could you be Banking Safer ?

June is upon us and with it comes some of life’s sweet little pleasures –…

The Mega Hacks Cometh!

Invariably, if you use the internet a lot, you probably hear the term “The cloud”…

Are You a Closet-Cloud-Confusee? Understanding The Cloud and What it Means for Your Security

Betcha didn’t know it, but June is Internet Safety Month. You probably missed that section in…

June is Internet Safety Month &#8211; How Safe are Your Kids on Social Media?

So if you remember, about two weeks ago we told you about a huge string…

Mark Zuckerberg Gets a Lesson in Password Safety

Boom! Whizz! Bang! Typically, when you think of the Fourth of July, you think about…

The How to Liberate  Your Device From Intruders Guide for the Fourth of July

Wondering what your friend or co-worker is doing, staring at his or her phone, wandering…

Go, Pokemon Go! The Latest Craze that Could Fill your Device with Malware

So not only is Pokemon go the biggest craze ever (seemingly anyway), it also seems…

Privacy in the Age of Pokemon Go!

We are well into the summer and for a whole lot of people that means…

Sure, it's Not Your Fault; But They Got Your CC Info Anyway

We’re finally in the home stretch – In just a few days, school starts up…

8 Essential Back-to-School Cyber Security Tips for a Rockin&#039; (and secure) School Year

Happy National Online Learning Day! Wait, is that even a thing? Well, it is and…

Happy Online Learning Day! (Yup, it&#039;s Really a Thing!)

Here at Reason Software, we are excited to announce the release of Unchecky v1.0. This…

Unchecky v1.0 is Here! Interview with Michael Maltsev

Attention any and all persons weighing 400 pounds or more — Donald Trump thinks you…

Is Cyber Security Worth a Spotlight at the Debates?

Gather ‘round and we’ll tell you a tale (okay, a few tales) of mystery, murder,…

Creepy Tales from the Internet of Things Crypt

As morning hits around the globe, the world is waking up to find out that…

Lessons Learned From the Election Shocker &#8211; Don&#039;t Let Hacks Take You by Surprise

WhatsApp is a great way to keep in touch with far off friends and relatives…

Coming to a Smartphone Near You! The Latest Round of WhatsApp Scams

For better or for worse, the biggest shopping season of the year has arrived. Now…

The Ultimate &quot;How to Not Get Hacked While Shopping Online&quot;Guide

Oh, Thanksgiving Day. You probably get a warm and fuzzy feeling even before the sugar…

The (Rotten) Gift that Keeps on Giving

As if worrying that your Android might suddenly explode wasn’t enough to worry about. Researchers…

The Gooligan Android Breach &#8211; What you Need to Know

It’s that frosty time of year again, when the days are short and the deals…

16 for 2016 &#8211; Don&#039;t Fall for These Holiday Scams!!

“Um, honey, I think we have a problem. The computer is telling me that all…

Vulnerability of the year: Ransomware

2016 has come and gone and now we can look back at the year that…

A is for Apple, B is for BitCoin &#8211; The Most Noteworthy Data Breaches of 2016

It’s been a full fifteen minutes since you last checked your Facebook account (oh, the…

Fake News Flash &#8211; Think Before you Share!

Who doesn’t love a good fishing trip? Go ahead, picture the scene: it’s just you,…

One Phish, Two Phish, Red Phish&#8230;Spear Phish?

Mobile devices have come a long way. We mean a reeeallly long way. In but…

Simple Tips to Spotting Evil Apps

How does the idea of a smart city sound to you? The term might conjure…

The Hidden Dangers in Smart Cities + 5 Bonus Tips to Secure Your IoT Devices

You know the only saying “Nothing is certain but death and taxes”? Seems pretty clear…

5 Tricky Tax Season Scams and How to Avoid Them

When was the last time you went to your bank? If it feels like you’re…

5 Major FinTech Security Concerns You Need to Know About Before You Bank

In honor of Mother’s Day, we thought it would be fitting to take a look…

The amazing mothers of tech

By now, WannaCry is a household name. The ransomware that shocked the world on May…

WannaCry No More? You Better Start Patching

When is adware not just adware? When it’s also malware, of course! Fireball, a new…

Fireball &#8211; the explosive malware heard &#8216;Round the World&#8217;

Imagine this scene: You’re sitting at home one night, happily watching House of Cards on…

Attacks to critical Infrastructures: the next cyber front to worry about

“We pride ourselves on being a leader in managing and protecting data….We also are focused…

Think Your ID was Exposed in the Equifax Breach? Here&#039;s What to do About it

This post has been updated to reflect the current BitCoin to UD Dollar exchange rate,…

Everything You Need to Know About Cryptocurrency

In a recent post, we discussed the basics of cryptocurrency — what it is, how…

The Role of Cryptocurrency In Cyber Crime

Remember the Petya/NotPetya ransomware outbreak from back in June? That was the ransomware that was…

Bad Rabbit: The New Ransomware With Some Famous Cousins

“It’s the most hackable time of the year.”  Oh wait, that’s not how the song…

How to steer clear of Cyber Monday scams

As the holidays draw closer, chances are you’re busy making your gift list and checking…

What NOT to buy for the holidays

Another day, another oddly named malware attack. Last week, researchers from Kaspersky disclosed that they…

ZooPark and Watering Hole Attacks

So now, May 25th has come and gone. If you live in the EU, you’re…

Oh, the irony &#8211; phishers are using GDPR to scam you

Which is worse: getting hit with crypto mining malware or falling prey to ransomware? with…

Ransomware or crypto mining malware? Rakhni is both!

You may not have known, but September 15th is National Online Learning Day. Nowadays, it…

Watch out for online learning scams!

Veux-tu Virobot? For the non-francophones among us, what we’re asking is if you’ve heard about…

Virobot: are monster mash-ups the future of ransomware?

January 28th is International Data Privacy Day. If you’re wondering why data privacy needs its…

It&#8217;s Data Privacy Day: What does your camera know about you?

Today, cameras are everywhere — on our phones, our Alexas, baby monitors, desktops, laptops, home…

Webcam hacking &#8211; taking back what’s yours

In spring 2018, a powerful banking Trojan named BackSwap surfaced, targeting online banking users in…

Browser-based threats;  don’t Worry, we’ve got your back

Another day, another major hack. This time around, India-based outsourcing giant Wipro was hit with…

To Scan or Not to Scan; The Proactive Way to Protect Your PC

  Today is Mother’s Day, the day set aside to honor those special women, who…

The 5 Coolest Mother’s Day Tech Gifts You Can Find (and how to secure them!)

Reason is excited to launch Reason for Business, a powerful endpoint security protection solution for…

We Invite You to Join Reason for Business Beta

Cybersecurity breaches only make the headlines when they involve large entities like banks or tech…

Think SMBs Fall Under the Radar as Targets for Cyber Threats? Think Again.

The threat landscape is undeniably becoming more challenging and more menacing every day. It seems…

Reason Download Defender- It’s time to defend your downloads.

While spring cleaning may only come around once a year, PC cleaning needs to happen…

Should I Remove It? It’s cleaning time! How to declutter your PC.

6 tips for celebrating National Online Learning Day and keeping your data safe! Magnifying the…

To learn (online) or not to learn?

Next up on the ‘crazy meter’, and probably the ‘creepy meter’ as well, is the…

What happens when ‘ransomware’ meets ‘crazy’?

Recently, the cryptoblackmail scam, “ScamYourself”, has returned to the market – many usersworldwide have been…

Threat Analysis Report: Save Yourself Malware

The advent of the Internet and Internet-enabled technologies not only ushered in the era of…

Threat Intelligence; A Unifying Force of the Future.

Halloween: Famous SMB Cyber Attacks in Disguise. Halloween normally conjures up images of costumes and…

All Tricks and No Treats.

Looking for another reason to put on your party hat? Well, we’ve got one: International…

International Internet Day: A Reminder about Security Online.

Before launching into a discussion on how an antivirus detects malware, it’s important to first…

How does an antivirus detect malware?

Antivirus programs were initially created to distinguish and expel PC infections. Be that as it…

What is antivirus software and how can it protect you?

Hacking has evolved into a billion-dollar growth business, making hackers relentless in their pursuit to…

Can Antivirus Programs Stop Hackers?

Get 70% Off Reason Cybersecurity on Black Friday and Keep Your Business out of the…

Cyber attacks and Black Friday: It only takes one to put you on the red

Windows 10, according to theinquirer.net, is a particularly appealing target for hackers and virus writers…

Which Antivirus is Best for Window 10?

Start by Installing Reason Cybersecurity – Get 70% Off Today! Think about this for a minute:…

How to Keep Your Business Safe on Cyber Monday.

I think we can all agree that pups, the friendly, loyal, man’s-best-friend kind are cute…

Unwanted Software Blockers: Why Small Businesses Need Them.

Hackers increasingly target SMBs. What should businesses expect in 2020?

It’s here, 2020, the start of not just a new year, but a new decade…

Small business growth and guardianship in 2020: staying safe from hackers

Windows 10 was first launched in 2015, but it wasn’t until January 2018 that it…

Which Antivirus is Best for Windows 7

To answer the question, ‘can antivirus software remove viruses’, we should first examine what antivirus…

Can Antivirus Remove Virus?

“Reaper”, the first antivirus software, was created in response to “Creeper” the first computer virus,…

Are antivirus programs worth it?

We hear the terms ‘antivirus’ and ‘antimalware’ bandied about so much it’s easy to understand…

Can antivirus detect malware?

If a salesperson at a clothing store asked you if you needed any help and…

Browser or big brother? ReasonLab’s secure browsing premium feature protects your business

We hear a lot about the importance of having antivirus software on our computers, but…

How Does Antivirus Software Work?

Hackers are always looking for security holes so that they can install malware on your…

Which Antivirus is Best for Laptops?

The term ‘antivirus’ is a bit of a misnomer today, since today’s antivirus software must…

why antivirus is needed?

Today, Windows 10 comes with Windows Defender, a native, comprehensive antivirus solution already integrated into…

What antivirus software comes with Windows 10?

According to cybercrime statistics from cpomagazine.com and websitehostingrating.com respectively, cybercrimes account for trillions of dollars…

Why is antivirus software important?

While there is no quick way to answer which antivirus is better, there are at…

Which antivirus is better?

If Windows is your computer operating system, you’re in good company; according to statista.com, Windows…

Which is the best antivirus for Windows?

The first question people usually ask about antivirus (AV) software, is ‘do I really need…

How do you know what antivirus to use?

According to a recent report from statista.com, an online statistics portal, 74% of Americans own…

Which antivirus is best for a Windows 10 laptop?

Learning about antivirus programs and how antivirus programs protect your computer is a good first…

How antivirus programs protect your computer

If you perform a Google search to find out which antivirus is good, the search…

Which antivirus is good?

The best protection against viruses and malware is reliable, up-to-date, antivirus software. Fortunately, there are…

Which antivirus should I use?

It’s been over 40 years since the Creeper computer virus, made its appearance, and although…

Is an antivirus necessary?

If you’re alarmed by all the news reports about malware attacks and the damage they…

The alarming proliferation of malware and cyber attacks, reported almost daily in the news, has…

What antivirus do I need?

So you’ve finally decided on the antivirus (AV) software you want to install and are…

Will antivirus software remove existing viruses?

To combat the continuously evolving landscape of cybersecurity threats, antivirus software has been changing and…

How Antivirus Software Works

Antivirus, aka anti-virus, aka anti-malware, aka security software, has been around since 1971, and yes,…

What do antivirus do?

Cybercrime is on the rise; it is becoming increasingly ubiquitous and menacing. From private individuals,…

Which antivirus should I buy?

Cybercrime is a global phenomenon and India has been just as affected by it as…

Which antivirus is best for PCs in India

Nowadays, malware is more sophisticated due to the use of obfuscation techniques. The goal of obfuscation is simple: it makes it more difficult for a security researcher to actually understand what’s going. Obfuscation is also challenging for security products and can buy time for the attacker to remain undetected.

Attackers create a multistage process from the dropper to the malware itself in order to make it hard to trace and research. Furthermore, attackers also use a variety of obfuscation techniques along the way, so only experienced researchers can handle the attack.

Let’s have a look at a sample that I found, so we can see the process of breaking a multistage malware attack.

**HTA**  
The sample itself is an HTA document. HTA is a file extension for an HTML executable file format.  
The idea behind HTA files is to let developers create web applications for Internet Explorer. Of course, attackers found HTA files easy to abuse; they can get Internet Explorer to execute scripts without any browser security checks. This can cause a malicious execution without any problem.  
This technique is a part of “LOL”(Living off the land), which means that the attacker doesn’t really need external tools for execution; he uses functionality that is available from the operating system.

So by grabbing the HTA file and looking at what is inside, we can see some HTML code with a Javascript array. We can also see that the main goal here is to create an object.

![](https://cms.reasonlabs.com/cdn/1.png)

In order to view what’s hiding inside this hex array, I just used Python since Python can turn it into decimal format when printing to the screen:

![](https://cms.reasonlabs.com/cdn/2.png)

The content of the hex array:

![](https://cms.reasonlabs.com/cdn/3.png)

Now that we have the content, we can reorganize the creation of the object.  
The original array:

ActiveXObject(\_0xb8a2\[4\])\[\_0xb8a2\[3\]\](\_0xb8a2\[0\],\_0xb8a2\[1\],\_0xb8a2\[2\],\_0xb8a2\[2\],0);window\[\_0xb8a2\[5\]\]();self\[\_0xb8a2\[5\]\]

After reorganization:  
ActiveXObject(\_0xb8a2\[**SHeLl.AppLiCATIoN**\])\[\_0xb8a2\[‘**shELLeXEcuTE**‘\]\](\_0xb8a2\[**‘PoweRsHElL.eXE**‘\],\_0xb8a2\[‘**The Base64 powershell script**’\],\_0xb8a2\[‘’\],\_0xb8a2\[‘’\],0);window\[\_0xb8a2\[**‘close**’\]\]();self\[\_0xb8a2\[‘**close**’\]\]

Since we now understand the creation of the object, we must next try to understand the content that the object is going to execute. Therefore, we will have to decode the Base64 encoding:

![](https://cms.reasonlabs.com/cdn/4.png)

We can see that we have some null bytes that presented to us in a utf8 format, so in order to extract something, we have to first remove those null bytes:

![](https://cms.reasonlabs.com/cdn/5.png)

There are a few things we can see here:

1.  There is a usage of bitsadmin in order to pull another file from a URL.
2.  A second file called “brat.true’ is fetched from the URL.
3.  The file is saved as “Com100Chats.exe”.

That’s all for Part One. To summarize, we learned how to deal with a hex array in order to analyze it, we decoded base64 with utf8 format and cleaned the null bytes so we can view clear content.  
Our next stage is to analyze the “Com100Chats.exe” and figure out what it does.

\*\*\*

**For more info contact us [here](https://labs.reasonsecurity.com/contact-us)**

Nowadays, malware is more sophisticated due to the use of obfuscation techniques. The goal of…

#Threat Research

Multistage malware breakdown; Part 1

Multistage malware breakdown – Part 2

Multistage malware breakdown – Part 3

Conhost.exe Forcev1: New Raccoon Malware You Should Know