Trojans Employ Misdirection Instead of Obfuscation

#8340 by Flopik
Tue Aug 30, 2011 2:34 am

http://blog.webroot.com/2011/08/25/troj ... fuscation/

Sample?

Username

Flopik

Posts

Joined

Wed Sep 08, 2010 5:39 pm

Re: Trojans Employ Misdirection Instead of Obfuscation

#8342 by Xylitol
Tue Aug 30, 2011 6:09 am

give md5...

Registration Problems and FAQ - Rules For Malware Requests

Username

Xylitol

Rank

Global Moderator

Posts

1706

Joined

Sat Apr 10, 2010 5:54 pm

Location

Seireitei, Soul Society

Contact

Re: Trojans Employ Misdirection Instead of Obfuscation

#8346 by dcmorton
Tue Aug 30, 2011 8:16 am

Two samples

http://www.virustotal.com/file-scan/rep ... 1314428639
http://www.virustotal.com/file-scan/rep ... 1314435250

Attachments

malware.zip

password: infected
(34.09 KiB) Downloaded 45 times

Username

dcmorton

Posts

Joined

Tue Nov 16, 2010 4:56 pm

Location

United States

Contact

Re: Trojans Employ Misdirection Instead of Obfuscation

#8347 by EP_X0FF
Tue Aug 30, 2011 8:54 am

All redirection here is trivial PEB->ImageName, CommandLine fields patch.
PExplorer will detect it with correct path in Libraries sub window.

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Page 1 of 1
4 posts

Return to “Malware”

Display:

Sort by:

Jump to: