A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #27807  by unixfreaxjp
 Tue Feb 02, 2016 4:30 pm
The ChinaZ edition/version2 (they called it), with modified codes in many places.
Attack main function as initial too is DNS-AMP. This time it doesn't need to load amp.dat or Config.ini to perform an attack, a PONG traffic can be used to trigger a specific DNS AMP attack to traffic's hard coded DNS servera nd target A record to flood.
Report with many picture and explanation http://imgur.com/a/d0x24
Sample: https://www.virustotal.com/en/file/c042 ... /analysis/
Attachments
7z/infected
(449.51 KiB) Downloaded 46 times