Phoenix Consultants Group is a software development firm specializing in creating data-driven software applications and websites.  Phoenix creates superior custom software products that deliver the tools necessary for business managers and owners to make informed decisions and manage their important data.

To learn more about the services we offer and our extensive client portfolio visit the tabs below.

Category: Application Development

CryptoLocker – Ransomware Virus Information

CryptoLocker (Trojan:Win32/Crilock.A)

Postby Fabian Wosar » Tue Sep 10, 2013 9:29 am

Hi everyone,Looks like there has been a new crypto malware on the loose for the past 2 – 3 days. The malware is referred to by its author as “CryptoLocker”. Microsoft adopted the name Crilock. Sample is attached. Here are a few notes that I gathered so far. I am currently sick with the flu so take these information with a grain of salt:

  • Connection with the C&C server is established through either a hardcoded IP (184.164.136.134, which is down now) or if that fails through a domain generation algorithm located at 0x40FDD0 and seeded by GetSystemTime. At this time I found that xeogrhxquuubt.com and qaaepodedahnslq.org are both active and point to 173.246.105.23.
  • The communication channel uses POST to the /home/ directory of the C&C server. The data is encrypted using RSA. The public key can be found at offset 0x00010da0 inside the malware file.
  • On first contact the malware will send in an information string containing the malware version, the system language, as well as an id and a group id. In return it receives a RSA public key. In my case this has been:
    CODE: SELECT ALL
    -----BEGIN PUBLIC KEY-----
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQBZgSk3NNo54cxwl3nS
    zZHMhFI4oU0ygX81IFsktcaCAIUrMSnUVQEcFvhcidh/5JuE+piQY5Z3iuDcKqiF
    0yWZ7rck+xC1i/xaY5nNxJnh/clEqO8qRNg9DTe6qDlVO8PAHgr882dUHTzZgdAN
    OWR8+5rWxck9LxtB8+DSE8cWy

    The key is saved inside the HKCU\Software\CryptoLocker. If you want to capture the key on your system, the easiest way to do so is to break on CryptStringtoBinaryA.

  • The malware targets files using the following search masks:
    CODE: SELECT ALL
    *.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.eps, *.ai, *.indd, *.cdr, ????????.jpg, ????????.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c

    The encryption used to encrypt files matching these masks is a mix of RSA and AES. Essentially the malware will generate a new AES 256 key for each file it is going to encrypt. The key is then used to encrypt the content of the file. The AES key itself is then encrypted using the public RSA key obtained from the server. The RSA encrypted blob is then stored together with the encrypted file content inside the encrypted file. As a result encrypted files are slightly larger than their originals. Last but not least the malware records the file it encrypted inside the HKCU\Software\CryptoLocker\Files key. Value names are the file paths where “\” has been replaced with “?”. I haven’t looked into the meaning of the DWORD value yet.

Feel free to add anything you find that I haven’t covered in my notes yet. At least from what I can tell so far, decryption without paying the ransom is not feasible.

VirusTotal results:
https://www.virustotal.com/en/file/d765 … /analysis/

Access Database Programming – Development for Growth

Evolution of Databases

Access Database Programming – Development for Growth

 

Business is driven by the information that we have and database programming allows for that information to flow properly. The processes that our businesses follow must provide feedback at every stage in order to improve the outcomes for our clients. Increasingly, we are realizing that raw data from throughout our organizations provide information on the preferences of our clients, the speed of our delivery, the effectiveness of our personnel, and the value intrinsic in our offering. By improving on any or all of these measures, we are able to increase our competitiveness and our profit.

The Evolution of Databases

Database Programming and EvolutionIt used to be the standard that businesses developed paper-based tracking systems. The customer book on the receptionist’s desk was the database of clients. The system evolved so that many businesses utilized excel spreadsheets and took their analysis and reporting to a new level of sophistication. These days, businesses are moving to database driven systems that can scale with their business and provide far increased functionality.

Increasing Demands on Business

As business grows, the demands upon it become more varied and challenging. An increased customer base often means businesses lose the personal touch on which their success was initially founded. Database driven operation can ensure that information gets to the people that need it when they need it, making them more effective in their business relationships with their clients… keeping the personal touch.

Business growth also brings with it the challenges of tracking service delivery and product delivery. There may be stringent requirements for ensuring things get where they need to get to, when they need to get there, depending on the industry in which your business operates.

Improved Service Levels

Even service industries, for example, the finance industry, have documents go back and forth between clients and companies. Documents go post, information is passed by fax and by email, and all this information is lost when something goes wrong or is not reported correctly.

Database driven systems ensure that there is transparency through the business, and even transparency with clients if a web portal is enabled for their own tracking processes.

Investment NOT Cost

There are so many applications of database driven information. Whether you are primarily online or offline business, the process of developing a meaningful system for your business really is worthwhile. Bottlenecks in business are perhaps one area that will cause more reputation damage than in any other facet.

 

Case Study Apple

Database Programming - Case Study AppleIf reports are to be believed the Apple iPhone is struggling to deliver its iPhone 6 to the market in 2013. Reports suggest that it is the ability of their manufacturers to deliver the component parts to the level and volume required that is the main stumbling block. Understanding the demands of the business means understanding every facet and every component for iPhone. Their tracking must be spot on or they will over promise and under deliver.

Most businesses do not have the demands of “an Apple.” However, the principle remains true at whatever level you operate. You must be able to understand where your business is at any one time, and what you need to do to prioritize the effective completion of every task.

Customers are becoming more demanding and businesses are becoming more efficient. In order to grow and stay competitive as you grow, you must have a process that facilitates this. That means, upgrading to a database driven system that can provide you with the information analysis tools and reporting to keep you ahead of the game.

How To Choose The Best Database Programs

Database Programs

How To Choose The Best Database Programs

Choosing the best database program for your business will transform columns and rows of data into priceless information to make your business efficient and competitive. Databases certainly aren’t just about the columns and rows.

Different businesses have different uses for their data. Some databases are nothing more than mailing lists that require a minimal amount of information but have a very powerful function in the business. Other databases have product inventories that need to be constantly updated as sales are made online and offline. Others are even more complex, tracking the full lifecycle of a product through manufacture and distribution.

Whatever data your business is able to collect, it is important to know how to get the best out of it. Here are some tips to help you select the best software.

A Lot of Different Options

Database ProgramsThe first thing to note is the plethora of options available for you through the different types of database management systems. We now have web-enabled, server-based, desktop, cloud, and so many more different means of accessing database technology. Traditional databases are just a part of the offering nowadays. There are even targeted systems, such as column stores, unstructured information, in-memory; and each and every one of these can add value to organizations in different ways.

Each system has advantages and disadvantages and what’s important is selecting the best database program that is right for your business. The minimum necessities that are required are a suite of tools for customization, frequent updates, and reliable, expert support.

The process of choosing the best database program can be time-consuming, but it’s well worth the investment in the long run to ensure business scalability, efficiency, and profitability. Having a trusted partner at your side, through a consulting company, really does pay dividends.

Desktop Solutions

Desktop solutions are generally for single users and are cost-effective for people that really just need a database on their computer. Many people will use Microsoft Access or a very low-cost solution.

Server-Based Databases

A server-based database is designed for multiple users and enables the storage and manipulation of significant amounts of data. The most popular server-based systems are Oracle, Microsoft SQL Server, and MySQL. The cost implications of server-based solutions are pretty high.

Web-Based Database Management

Naturally, these days, most things are integrated with the Web. The most popular product available as a web-based solution is Microsoft Access, and it is relatively inexpensive.

With websites increasingly being the feeder for databases, web-based solutions are an exciting proposition. It is important to consider your data uses when you are selecting your database software. You need to look at the value you gain based on the different tools available to you. Your budget and your company size will also be important.

Steps to Take

Choosing the Best Database ProgramForm a strategic plan to understand the importance of the software to your business so that you can understand the financial implications. Drill down into the exact information you want to collect so that you can understand the impact it will have and ensure that you will get maximum benefit.

Whether you choose a custom solution, an off-the-shelf package system, or a tailored off-the-shelf solution, will depend on your needs and budget. Certainly, if you need something particularly complex, then a server platform will likely be best. If budget is your primary concern, then a desktop-based database will suit your needs perhaps most affordably. If you’re looking for flexibility and cost-effectiveness, then web-based solution may interact best with your business.

Web-based solutions also offer customer relationship management and content management systems combined, and also maximize efficiency. It is important to also think about data protection to ensure that the company you choose meets the guidelines set out by the relevant security standards councils.

Key Concepts and Definitions

Here are some key concepts you should understand well when considering database software.

Database

Databases are collections of data stored for business purposes in columns and rows and accessed to manipulate, provide reports and generally understand the business.

Database Management System (DBMS)

These are tools and software that are utilized in order to create and manipulate databases. They catalog, capture, and run queries on data. They also enable businesses to manage and organize data that arrives into a database and provide ways that users can modify and extract the data in order to suit the specific business needs.

Non-Relational Database (No SQL)

Unstructured information, such as tweets, emails, documents, and so on will need a database that is designed for this purpose. Many databases have information that is particularly organized and structured and can be nicely slotted into columns and rows. If this isn’t the case, then No SQL is the solution likely to work best.

Primary Key

This is a column in a database that is unique and identifies the entry into a database. For example, it could be a customer number or a social security number.

Schema

This is the structure of a database as defined by formal language. Relational databases have schema defined as tables, fields, relationships, indexes, functions, and sequences.

Structured Query Language (SQL)

This is a very common language used in programming to create and manipulate databases. It is the basis for relational databases and provides the ability to input data, create new tables, purge databases, and so on.

 

So there you have it – some tips on how to choose the best database programs and also some of the language that you’ll need to know to have good discussions with IT companies.

Custom Software Applications Can Make Your Business Fly

custom software application

custom software applicationFor many businesses, custom software applications have made their business more efficient and cheaper to run. Retail software can reduce upfront costs, but in the long run will have many costs that businesses fail to take into consideration. Retail is designed like a one size fits all mitten. With the right custom software developer, custom software can be developed to fit your business like a glove. Retail software is not designed for a specific business, but rather a wide range to ensure that the company sells as many units as possible. The negative effects of this include cluttered menus, slow performance, and the inability to tweak different aspects of the software. Working with a custom software developer, a custom application can be developed that is more efficient in every way. Overall costs will be reduced because of the time saved over months and years that the software is used. Training time can be reduced because of the customized menus that show only the information needed. A common frustration with retail software is that a feature that is very important to a certain company is hidden in the menus and not easily accessible. When you have custom software applications, a company can work with the custom software developer to make the user interface and functionality that you dream of a reality.

Benefits Of Custom Software Applications

custom software applicatoin

custom software applicatoinMore and more companies are creating their own software. They are making internal processes easier and making apps for people with smartphones to connect with their business.  The more ingrained you can get a potential customer the better, and smartphone apps have proven to be a winning combination for many businesses.

The reason that custom software applications are so powerful is because of how tailored they can be to your business. Most software companies create software, and then you have to figure out how to adapt your business practices to it. The software itself cant change because you want it to, and you inevitably end up frustrated. It will be able to do eight out of ten things you want, but not in the way you want it to.

Working with a custom software developer, you can specify every little part of the application to set up your work flow. Custom software applications will have all the nuances that you need them to. With the right software team, you can set up a recurring contract so they can add features to the program as more needs arise. Being flexible with your software is one of the best parts of the having custom software.