A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #18138  by cjbi
 Sun Feb 10, 2013 7:30 pm
This is old Korean targeted bootkit.

Analysis
anonymous at VirusTotal wrote:- MBR infector (Bootkit).
- Created DiskSystem.exe, FileEngine.sys, halc.dll, lpk.dll
- Anti anti-virus (against well known Korean anti-virus program)
Analysis by AhnLab http://translate.google.com/translate?s ... ab.com/328
Detailed analysis by AhnLab http://translate.google.com/translate?s ... nlab.com/5

VirusTotal result(s)
Compilation timedatestamp.....: 2011-09-12 13:18:59 35/45 https://www.virustotal.com/file/247b45b ... 360523587/
Compilation timedatestamp.....: 2011-09-16 11:33:38 36/45 https://www.virustotal.com/file/0ee0b76 ... 360523590/
Compilation timedatestamp.....: 2011-09-17 11:43:55 35/45 https://www.virustotal.com/file/8a99e22 ... 360523596/
Compilation timedatestamp.....: 2011-09-18 13:11:13 35/45 https://www.virustotal.com/file/33f1005 ... 360523602/
Compilation timedatestamp.....: 2011-09-23 11:26:44 36/45 https://www.virustotal.com/file/57e34f4 ... 360523607/