Effective Malware Analysis using Unicorn

Published date October 30, 2025 Categories Malware Analysis

Unicorn is a QEMU-based CPU emulator framework presented at Black Hat USA 2015. > GitHub – unicorn-engine/unicorn: Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86)https://github.com/unicorn-engine/unicorn It is used for multiple purposes, such as malware analysis and fuzzing. Many binary analysts love it because it offers several advantages compared to other emulator frameworks. In this...

READ MORE Effective Malware Analysis using Unicorn

New Loader Executing TorNet and PureHVNC

Published date October 29, 2025 Categories Malware Analysis

Around May 2025, a ZIP file containing multiple files, including a newly discovered malware loader, was uploaded to VirusTotal. This loader had several characteristics not often seen in other malware loaders, such as its ability to execute two malware families (TorNet and PureHVNC) and its implementation of API hashing with MurmurHash2. In this article, we will share the information gained...

READ MORE New Loader Executing TorNet and PureHVNC

Technical Analysis of NailaoLocker Ransomware

Published date July 18, 2025 Categories Malware Analysis

This is the English version of the Japanese article “ランサムウェアNailaoLockerの調査“. In February 2025, several cybersecurity vendors published a report about a ransomware named NailaoLocker.Compared to other ransomware attacks, NailaoLocker was special because it was deployed along with malware (RAT) such as PlugX and ShadowPad. PlugX and ShadowPad is mainly used for cyber espionage purposes, by threat actors with nation-state background....

READ MORE Technical Analysis of NailaoLocker Ransomware

The Highlights and Sample Slides for Our Training Course at Black Hat USA 2018

Published date April 10, 2018 Categories Other

We are going to provide a new training course named “Practical Incident Response With Digital Forensics & Malware Analysis” at Black Hat USA 2018 in this August. The course outline is in the above link. In this blog, we focus on several highlights of our course, and we also provide several course slide samples. Comprehensive and Practical DFIR (Digital Forensics...

READ MORE The Highlights and Sample Slides for Our Training Course at Black Hat USA 2018

Warnings on the Use of the Online Functions of an IME

Published date December 17, 2013 Categories Technology

In an environment that deals with multibyte text such as Japanese, an IME (Input Method Editor) is an indispensable function. Recently, cloud-related functions that need to always be connected to the Internet have been implemented in these IMEs. These are valuable functions if used well, but here I give an explanation of some warnings concerning their use. The definitions of...

READ MORE Warnings on the Use of the Online Functions of an IME