Hello,
I am new to the forum, but have been doing occasional reverse engineering of malware in my spare time. I was wondering if anyone has come across the CVE-2012-0779 flash exploit and has attempted to dissect the flash files? I have been trying to find a good flash tool to use to get past the DoSwf encoding and give me the embedded flash file with the shellcode in it. If anyone is able to figure out how to extract out the action script as posted on the contagio forums in the comment section with the pastebin link, please let me know. I am very interested in the process of having to reverse these types of files. I am will keep trying to find out myself and let everyone know if I discover how to do this as well.
http://contagiodump.blogspot.com/2012/0 ... yghur.html
I am new to the forum, but have been doing occasional reverse engineering of malware in my spare time. I was wondering if anyone has come across the CVE-2012-0779 flash exploit and has attempted to dissect the flash files? I have been trying to find a good flash tool to use to get past the DoSwf encoding and give me the embedded flash file with the shellcode in it. If anyone is able to figure out how to extract out the action script as posted on the contagio forums in the comment section with the pastebin link, please let me know. I am very interested in the process of having to reverse these types of files. I am will keep trying to find out myself and let everyone know if I discover how to do this as well.
http://contagiodump.blogspot.com/2012/0 ... yghur.html