Analysis of Shellbags is extremely useful method of determining what file or folder actions have been taken on a host by a specific user.

What are Shellbags?

Shellbags are set of registry keys which contain details about a user’s viewed folder; such as its size, position, and icon. This means that all directory traversal is tracked and maintained in the registry.

The shellbags provide timestamps, contextual information, and show the access of directories and other resources, potentially…

Taking a deeper looking into Arucer.dll and uncovering what it does and how to use it.

Energizer Duo USB Battery Charger Trojan

UsbCharger_setup_V1_1_1.exe
3F4F10B927677E45A495D0CDD4390AAF

Arucer.dll
1070be3e60a1868d2cd62fc90d76c861

Battery Powered Trojan — Part 1
Battery Powered Trojan — Part 2

After performing Basic Static and Basic Dynamic analysis on UsbCharger_setup_V1_1_1.exe and Arucer.dll we uncovered that there was a…

Chris Eastwood

Incident Response, Forensic Investigations, and Threat Hunting professional, writing things to learn them better.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store