Sunday, 26 December 2010

DSC0912637.scr ? Don't Worry...

Yesterday, siri gived me one malware sample..
a weird sample...

who absolutely cant work:

yeah that made my day too.
This malware was compiled with a comercial software who convert BAT file to EXE.
the protection was not really nice also, a simple jump to patch:

If we change the flag it will drop a bat file and a exe file:

and after you can enjoy iexplorer.exe who is open (with no SW_HIDE!)
your infected host file (%WINDIR%/system32/drivers/etc/hosts)
and more :)

No comments:

Post a Comment