27.09.2012, 18:58
tachion napisał(a): Zbot+antidebug który jest ciężki do przeanalizowania na virtualu i sprawdzenia w sandboxie
Checking for Packer Signature....Treść widoczna jedynie dla zarejestrowanych użytkowników
Identified packer :Microsoft Visual C++ ?.?
Computing Checksum for malware :2.exe
Checksum of malware :54bf62cedf6d9feacc546baf2e837aab
Malware loads following DLLs
KERNEL32.dll
USER32.dll
GDI32.dll
COMCTL32.dll
Identifying Suspicious section. Processing....
SUSPICIOUS
Section Name: IMAGE_SECTION_HEADER Entropy 7.37056207708
**This Test shall be performed when you are confirm that suspect is a malware**
Anti Debugging traces identification
Found a call at: 0x40b068 CloseHandle
Found a call at: 0x40b074 GetCurrentProcess
Found a call at: 0x40b098 GetProcAddress
Found a call at: 0x40b0cc IsDebuggerPresent
Found a call at: 0x40b124 GetTickCount
Malware File System Activity Traces
Found a call at: 0x40b05c CreateProcessA
Found a call at: 0x40b064 GetFileAttributesA
DEP Setting Change trace
Found a DEP setting change trace: 0x40b070 HeapCreate
Emsi 7 kosi silnikiem bitdefendera.
Norton Internet Security