Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Waledac's Anti-Debugging Tricks

sirp
sirp
in Malware Reverse Engineering

Featured Replies

Posted

even more of that nasty tricks ,)

The last spreading malware version of Waledac, a notorious spamming botnet that has been taken down in a collaborative effort

lead by Microsoft earlier this year, contained some neat anti-debugging tricks in order to make reverse-engineering more difficult.

Felix Leder and I have been presenting about the approach at SIGINT 2010 in Cologne yesterday, and as the method seems to be not

publicly known yet, I will quickly describe it here as well.

Here's the Info

  • 2 weeks later...

as the method seems to be not publicly known yet, I will quickly describe it here as well.

The int 2e edx value has been used for a while by other malware. I suppose that no-one talked about it because it's well-understood.

However, they lost Windows 2000 compatability when they switched to that technique.

The reason why is obscure, but it's described in one of my Anti-Unpacker papers which will be published in a couple of months. :-)

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.