sirp Posted September 6, 2010 Posted September 6, 2010 even more of that nasty tricks ,)The last spreading malware version of Waledac, a notorious spamming botnet that has been taken down in a collaborative effortlead by Microsoft earlier this year, contained some neat anti-debugging tricks in order to make reverse-engineering more difficult.Felix Leder and I have been presenting about the approach at SIGINT 2010 in Cologne yesterday, and as the method seems to be notpublicly known yet, I will quickly describe it here as well.Here's the Info
Peter Ferrie Posted September 15, 2010 Posted September 15, 2010 as the method seems to be not publicly known yet, I will quickly describe it here as well.The int 2e edx value has been used for a while by other malware. I suppose that no-one talked about it because it's well-understood.However, they lost Windows 2000 compatability when they switched to that technique.The reason why is obscure, but it's described in one of my Anti-Unpacker papers which will be published in a couple of months. :-)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now