Hello,
This is old news, but I found out that TrendMicro has blogged about malware using the Unicode right-to-left override character to make a file appear to be legitimate. Attached to this post is a RAR that contains two files. Firstly, an EXE that has been renamed to appear to be a JPG file, with the icon set to the default Windows image icon. The EXE is not malware - it simply shows a messagebox and then exits. I have added a TXT file that contains the name of the file, saved in Unicode. Open it in a hex editor to see what the raw encoding is.
If anyone has samples of malware that use this trick, please post them here.
Thanks,
--AD
This is old news, but I found out that TrendMicro has blogged about malware using the Unicode right-to-left override character to make a file appear to be legitimate. Attached to this post is a RAR that contains two files. Firstly, an EXE that has been renamed to appear to be a JPG file, with the icon set to the default Windows image icon. The EXE is not malware - it simply shows a messagebox and then exits. I have added a TXT file that contains the name of the file, saved in Unicode. Open it in a hex editor to see what the raw encoding is.
If anyone has samples of malware that use this trick, please post them here.
Thanks,
--AD
Attachments
Pass: infected
(20.76 KiB) Downloaded 92 times
(20.76 KiB) Downloaded 92 times
