Here is probably new variant of TDL. Or another copy-paste clone, I'm not sure, currently can't get it work because of nice Blue Screens it provides to me (BSOD in atapi.sys and then system unbootable) :)
Three different methods of drivers loading used (tdl3 method, beep.sys method, direct NtLoadDriver).
443-direct.e_ = dropper itself
269E.dll to be injected into spooler (contains sys, see next)
sst2.sys driver it's trying to load
here is ThreatExpert entry describing the same behavior
http://www.threatexpert.com/report.aspx ... 9cdfb34340
source hxxp://clickcalm.org/any5/443-direct.exe
Three different methods of drivers loading used (tdl3 method, beep.sys method, direct NtLoadDriver).
443-direct.e_ = dropper itself
269E.dll to be injected into spooler (contains sys, see next)
sst2.sys driver it's trying to load
here is ThreatExpert entry describing the same behavior
http://www.threatexpert.com/report.aspx ... 9cdfb34340
source hxxp://clickcalm.org/any5/443-direct.exe
Attachments
pass: malware
(286.53 KiB) Downloaded 343 times
(286.53 KiB) Downloaded 343 times
Ring0 - the source of inspiration