RevEng.AI is a deep AI framework for analysing binary computer programs. Read our news and research here.| RevEng.AI Blog
Executive Summary This analysis represents the second instalment in a comprehensive examination of the KorPlug malware family. Previous reporting detailed the initial loading vector utilising DLL side-loading techniques against legitimate utilities to achieve code execution. The second-stage payload executes via a designated entry point function. Static analysis of the binary| RevEng.AI Blog
Executive Summary In late May 2025, RevEng.AI identified a new sample of KorPlug (a.k.a Hodur) —a well-known Remote Access Trojan (RAT) frequently leveraged in targeted cyber-espionage campaigns—uploaded to a third-party file-scanning platform. This report is the first in a three-part series detailing a malware campaign involving| RevEng.AI Blog
Reverse engineering malware often feels like solving a puzzle where half the pieces are hidden. Among the most common obstacles analysts face is string obfuscation—a technique where malware authors encrypt or encode strings to evade detection and frustrate analysis. This anti-analysis technique appears in virtually every modern malware| RevEng.AI Blog
Executive Summary In February 2025, the RevEngAI team observed an ongoing LummaStealer campaign that employed a distinct approach compared to the ClickFix method detailed in the previous instalment of this series. In this report, we take a closer look at this campaign and examine how the RevEng.AI platform successfully| RevEng.AI Blog
Executive Summary Throughout 2024, RevEng.AI has been actively monitoring LummaStealer as part of its mission to uncover and analyse emerging threats across the commodity malware landscape. In mid January 2025, we observed a LummaStealer campaign being distributed via ClickFix - in the form of fake reCAPTCHA pages. RevEng.AI| RevEng.AI Blog
In early September 2024, RevEng.AI conducted a brief analysis of the evasion techniques leveraged by modern malware and command-and-control (C2) frameworks. This analysis underscores the methods employed by adversaries to bypass traditional detection mechanisms and security solutions, enabling their malicious activities to remain concealed. The techniques described reflect the| RevEng.AI Blog
Introduction In this post, we explore a vulnerability in the Windows IOMap64.sys driver (CVE-2024-41498) RevEng.AI researchers discovered with the help of our AI Binary Analysis Platform. We perform a technical analysis of the IOMap64.sys driver, cover the software fault leading to the vulnerability which under the hood| RevEng.AI Blog
Explore the resumed activity conducted by Latrodectus download and executed by BRC4 post Operation Endgame| RevEng.AI Blog
This blog post is the first in a new series that explains some of the new capabilities we are developing at RevEng.AI - starting with identifying symbols relative to known anchor points. What exactly does that mean?| RevEng.AI Blog
Introduction The challenge of converting low-level assembly code back into human-readable source code is a cornerstone problem in reverse engineering. In this post, we summarise recent work done at RevEng.AI that addresses this challenge through the development of foundational AI models designed for decompilation. As we shall see, this| RevEng.AI Blog
