Teddy Rogers Posted May 16, 2008 Share Posted May 16, 2008 Trojan-Downloader.Win32.Small or Win32/PolyCrypt AnalysisPolyCrypt is spreaded through infected Websites by using Exploits or every other form of abusive Download mechanism. PolyCrypt is weakly Packer Protected, so with VMUnpack we can suddenly obtain the full working unpacked copy.Trojan_DownloaderWin32Small.pdfTed. 1 Link to comment Share on other sites More sharing options...
Patrickssj6 Posted May 24, 2008 Share Posted May 24, 2008 That's all? It ends right before the analysis of msstub.dll...isn't there a second paper? Thanks. Link to comment Share on other sites More sharing options...
evilcry Posted May 24, 2008 Share Posted May 24, 2008 (edited) That's all? It ends right before the analysis of msstub.dll...isn't there a second paper?Uhm seems that the paper has lost a part of the original paper, the entire paper is here http://evilcodecave.wordpress.com/2008/05/...rypt-reversing/Regards,Evilcry Edited May 24, 2008 by evilcry Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now