Vladislav Hrčka

Vladislav Hrčka

Malware Analyst


Education Studying Applied Computer Science at the Comenius University in Bratislava.

Position and history at ESET? Joined ESET as a Junior Malware Analyst in 2017.

Favorite computer game/activity I’ve always loved minesweeper.

What malware do you hate the most? The one not written from the heart.

Golden rule for cyberspace Question everything.

Highlights of your career? Currently being the author of articles which are (to be) placed under this bio.

When did you get your first computer and what kind was it? Around 2005, I think. I remember it as something with Windows XP.

Favorite activities Sports and reading.


8 articles by Vladislav Hrčka

ESET research

WinorDLL64: A backdoor from the vast Lazarus arsenal?

WinorDLL64: A backdoor from the vast Lazarus arsenal?

ESET research

WinorDLL64: A backdoor from the vast Lazarus arsenal?

The targeted region, and overlap in behavior and code, suggest the tool is used by the infamous North Korea-aligned APT group

Vladislav Hrčka23 Feb 20236 min. read


ESET research

You never walk alone: The SideWalk backdoor gets a Linux variant

You never walk alone: The SideWalk backdoor gets a Linux variant

ESET research

You never walk alone: The SideWalk backdoor gets a Linux variant

ESET researchers have uncovered another tool in the already extensive arsenal of the SparklingGoblin APT group: a Linux variant of the SideWalk backdoor

Vladislav Hrčka, Thibaut Passilly, Mathieu Tartare14 Sep 202210 min. read


ESET research

Under the hood of Wslink’s multilayered virtual machine

Under the hood of Wslink’s multilayered virtual machine

ESET research

Under the hood of Wslink’s multilayered virtual machine

ESET researchers describe the structure of the virtual machine used in samples of Wslink and suggest a possible approach to see through its obfuscation techniques

Vladislav Hrčka28 Mar 202218 min. read


ESET research

Wslink: Unique and undocumented malicious loader that runs as a server

Wslink: Unique and undocumented malicious loader that runs as a server

ESET research

Wslink: Unique and undocumented malicious loader that runs as a server

There are no code, functionality or operational similarities to suggest that this is a tool from a known threat actor

Vladislav Hrčka27 Oct 20214 min. read


ESET research

FontOnLake: Previously unknown malware family targeting Linux

FontOnLake: Previously unknown malware family targeting Linux

ESET research

FontOnLake: Previously unknown malware family targeting Linux

ESET researchers discover a malware family with tools that show signs they’re used in targeted attacks

Vladislav Hrčka07 Oct 20214 min. read


ESET research

Stadeo: Deobfuscating Stantinko and more

Stadeo: Deobfuscating Stantinko and more

ESET research

Stadeo: Deobfuscating Stantinko and more

We introduce Stadeo – a set of scripts that can help fellow threat researchers and reverse engineers to deobfuscate the code of Stantinko and other malware

Vladislav Hrčka07 Aug 20205 min. read


ESET research

Stantinko’s new cryptominer features unique obfuscation techniques

Stantinko’s new cryptominer features unique obfuscation techniques

ESET research

Stantinko’s new cryptominer features unique obfuscation techniques

ESET researchers bring to light unique obfuscation techniques discovered in the course of analyzing a new cryptomining module distributed by the Stantinko group’s botnet

Vladislav Hrčka19 Mar 202012 min. read


ESET research

Stantinko botnet adds cryptomining to its pool of criminal activities

Stantinko botnet adds cryptomining to its pool of criminal activities

ESET research

Stantinko botnet adds cryptomining to its pool of criminal activities

ESET researchers have discovered that the criminals behind the Stantinko botnet are distributing a cryptomining module to the computers they control

Vladislav Hrčka26 Nov 20199 min. read