a weird sample...
who absolutely cant work:
yeah that made my day too.
This malware was compiled with a comercial software who convert BAT file to EXE.
the protection was not really nice also, a simple jump to patch:
If we change the flag it will drop a bat file and a exe file:
and after you can enjoy iexplorer.exe who is open (with no SW_HIDE!)
your infected host file (%WINDIR%/system32/drivers/etc/hosts)
and more :)
No comments:
Post a Comment