Not really. R2D2 in attach.
for me its more interesting Reaper dronez malware.
A forum for reverse engineering, OS internals and malware analysis
Attachments
pass: malware
(164.73 KiB) Downloaded 59 times
(164.73 KiB) Downloaded 59 times
Ring0 - the source of inspiration
Thanks but drone malware seems benign according to reports.
hello, search new version of r2d2
http://www.securelist.com/en/blog/20819 ... ig_Brother
http://www.securelist.com/en/blog/20819 ... ig_Brother
sugar wrote:hello, search new version of r2d2Is the Search button finally broken?
http://www.securelist.com/en/blog/20819 ... ig_Brother
http://www.kernelmode.info/forum/viewto ... R2D2#p9047
Ring0 - the source of inspiration
EP_X0FF, no is old version with x86 driver, new version have x64 driver too.
It is well known that 64 bit kernel modules must carry a valid digital signature that can be checked by the operating system, or loading the driver fails. The driver that comes with the rootkit contains a 1024 bit RSA certificate (fingerprint e5445e4a 9c7d24c8 43f0c669 e2a8d3a1 78cf7fa8), issued by Goose Cert on April 11, 2010. However, the certificate must be installed and the trustworthiness must be confirmed in order to make the driver load.