Solarwinds DLL Quick Overview
Hash and certificate stamp: Filename: solarwinds.orion.core.businesslayer.dll MD5: 846E27A652A5E1BFBD0DDD38A16DC865 sha1: D130BD75645C2433F88AC03E73395FBA172EF676 sha256: CE77D116A074DAB7A22A0FD4F2C1AB475F16EEC42E1DED3C0B0AA8211FE858D6 imphash: DAE02F32A21E03CE65412F6E56942DAA description: SolarWinds.Orion.Core.BusinessLayer file-type: dynamic-link-library certificate-stamp:0xB9480000 (Tue Jan 21 01:00:00 2020) Code Analysis: Part One: // SolarWinds.Orion.Core.BusinessLayer.OrionImprovementBusinessLayer // Token: 0x06000057 RID: 87 RVA: 0x00004F8C File Offset: 0x0000318C private static void DelayMs(double minMs, double maxMs) { if ((int)maxMs == 0) { minMs = 1000.0; maxMs = 2000.0; } double num; for (num = minMs + new Random().NextDouble() * (maxMs – minMs); num >= 2147483647.0; num -= 2147483647.0) { Thread.Sleep(int.MaxValue); } Thread.Sleep((int)num); NOTE: sleeps for 24 days Part Two: // SolarWinds.Orion.Core.BusinessLayer.OrionImprovementBusinessLayer // Token: 0x06000055 RID: 85 RVA: 0x00004E14 File Offset: 0x00003014 private static bool GetOrCreateUserID(out byte[] hash64) { string text = OrionImprovementBusinessLayer.ReadDeviceInfo(); hash64 = new byte[8]; Array.Clear(hash64, 0, hash64.Length); if (text == null) […]
Read More →Fake Malwarebytes Site
Recently we came across a fake Malwarebytes site that looked amazing. The site is http://www.malwarebytes-free[.]com/ The below screenshot shows the fake site which as of 4/8/2020 is still live. There is a JavaScript here that redirects the user to a malicious URL that hosts the Fallout Exploit Kit Below is the malicious code […]
Read More →
Malwarebytes- Age verification vendor Persona left frontend exposed, researchers say February 20, 2026Behind a basic age check, researchers say Persona’s system runs extensive identity, watchlist, and adverse-media screening.
- Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets February 20, 2026Attackers are weaponizing Facebook ads to distribute password-stealing malware masked as a Windows download.
- AI-generated passwords are a security risk February 19, 2026AI-generated passwords are "highly predictable" and aren’t truly random, making them easier for cybercriminals to crack.
- Age verification vendor Persona left frontend exposed, researchers say February 20, 2026
- ThreatPost
- Student Loan Breach Exposes 2.5M Records August 31, 20222.5 million people were affected, in a breach that could spell more trouble down the line.
- Watering Hole Attacks Push ScanBox Keylogger August 30, 2022Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms August 29, 2022Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- Ransomware Attacks are on the Rise August 26, 2022Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras August 25, 2022Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
- Student Loan Breach Exposes 2.5M Records August 31, 2022