Malware Analysis

4D5A Security employs leading global experts in the world of anti-virus and malware incident response.  Our staff has experts who have been in the field for years, including Ken Dunham who started his anti-virus research in 1989.  We can jump on an incident response call within minutes, supplement your team response for increased assurance and speed, or dive deeper with specialist in incident response, malware research, and reverse engineering.  Don’t rely on signature updates for assurance, know the entire attack chain, affiliated malware codes, and TTPs of actors behind the attacks to respond to the entire THREAT CONTEXT instead of a singular threat component.


  • 4D5A Security joined an incident response call in progress within ten minutes of being asked to assist.
  • During the call, in real-time, 4D5A Security successfully decoded malicious data to identify and help mitigate the attack.
  • 4D5A Security identified the original vector of the attack and provided critical information that led to blocking at least six attacks in the next week.
  • 4D5A Security completed in-depth research and coordinated with the client which resulted in advanced HIPS and gateway configurations to block the attack on multiple levels.

April 2015: a large western USA financial investment firm suffered two CryptoWall malware attacks within a one week period.  With a strong security program in place the company hadn’t seen any notable malware infections for over a year; now two similar infections within a week. Worse, CryptoWall attempts to encrypt targeted files on both the local computer AND network shares, and did so in this incident.  Fortunately the company had an excellent incident response, backup, and restoration capability in place to quickly identify and mitigate both attacks.

4D5A Security was instrumental in identifying the attack and characteristics of the entire attack life cycle to enabled the client to implement robust security controls.  Multiple exploit attempts have been launched against their network since the response, of which none have had success.  Even if CryptoWall does break through to a host level HIPS has been configured to stop it dead in its tracks before it can even write to the disk.

4D5A Security proved to be an excellent resource both during and after our second incident.  We haven’t had an incident of this nature since bringing them on board.“– Security Manager