Jump to content
Tuts 4 You

Malware+Custom Obfusc+No detections


chickenbutt

Recommended Posts

chickenbutt

I didn't look to see what this does, beyong dropping binaries and making services. It has to be rebuilt to load in olly(the dropped binaries).

KIS 2010,NIS 2010,Avira 2010 didn't detect with high heuristics. It's all ring 3

dfgdfgdgdgf.zip

Link to comment

I didn't look to see what this does, beyong dropping binaries and making services. It has to be rebuilt to load in olly(the dropped binaries).

KIS 2010,NIS 2010,Avira 2010 didn't detect with high heuristics. It's all ring 3

yu'll fig it out... malware analysis aint no joke...

P.S: try to put a password on your viral weaponry zip's and rar's

Edited by JMC31337
Link to comment

hmmm some custom packer, nothing fancy and have seen it before. Actual viral stuff is unobfuscated.

Looking at it briefly;

- Drops ernel32.dll in the system directory and injects it into explorer.exe when loaded it'll unmap itself.

- Disables bitdefender.

- Seems a bot or server of some sorts.

Edited by quosego
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...