A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #26801  by sysopfb
 Fri Sep 25, 2015 4:30 pm
Here's the version the AV companies have dubbed ipatre....

Few upatre samples in attach, payload is Dyre. This one just spins up svchost and overwrites the oep with a push ret or a jmp to the injected code section.
Attachments
pw:infected
(63.32 KiB) Downloaded 49 times