nRansom v2

nRansom v1 Analysis:

nRansom v3 Analysis:

As you can see from the title, the new ransomware called “nRansom” has been updated. But after a full analysis of nRansom v2, we only found few changes(but some of them are important) Continue reading “nRansom v2”

Chinese Trojan Downloader

From July to now, we have collected lots of Chinese backdoor samples from a special source.

Sometimes they are encrypted, so they need a loader to download & decrypt.

We’re very lucky to get the full source code of this family of backdoor(Including source code, server module, client module and payload builder), so it’s easier for us to create signature.

Here is a downloader sample. Continue reading “Chinese Trojan Downloader”

X-Sec Antivirus Released!

X-Sec Antivirus Release Note


  • Now X-Sec Antivirus can scan more types of file
  • Detection for a new type of encoded backdoor payload
  • Now X-Sec Antivirus GUI and X-Sec Antivirus Updater require admin privilege
  • Optimize memory usage during scan
  • Optimize script identification logic
  • X-Sec CommandLine Scanner updated to
  • X-Sec Antivirus Updater updated to
  • XSec_FC.dll updated to
  • XSec_FI.dll updated to
  • XSec_HE.dll updated to
  • XSec_STK.dll updated to

Users must update to this version otherwise you will no longer use Cloud Engine.