Jump to content
Tuts 4 You

Maleware selfchecking Zeus Bot


ltheonel

Recommended Posts

ATTENTION: THIS IS A MALEWARE SAMPLE AND EXECUTION/ANALYSING IS ON OWN RISK!!!!!!!!!

Hello, i got this Zeus bot sample this should connect to your local lan, there seems to be some selfchecking done inside it, that i dont understand.

I obscured it with a simple crypter to analyse behavior but failed.

If you have some interest tips for me just post, doing research now maybe a week :(

You can break befor execution of resumethread and manipulate the entry of new created process thats where the maleware got deobfuscated in first layer.

this is bot samlpe:

crypted.bot:http://www.mediafire.com/?qryeecrg3j3se3c

uncrypted.bot:http://www.mediafire.com/?idcx6gy3xmntd3j

ATTENTION: THIS IS A MALEWARE SAMPLE AND EXECUTION/ANALYSING IS ON OWN RISC!!!!!!!!!

Link to comment
  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...