sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex ... - CrySyS Lab
sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex ... - CrySyS Lab
sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex ... - CrySyS Lab
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
c81d037b723adc43e3ee17b1eee9d6cc *boot32drv.sys (not constant but possible match)<br />
Figure 3 – MD5 hashes of the malware’s components<br />
60d5dbddae21ecb4cfb601a2586dae776ca973ef *advnetcfg.ocx<br />
3a9ac7cd49e10a922abce365f88a6f894f7f1e9e *msglu32.ocx<br />
a592d49ff32fe130591ecfde006ffa4fb34140d5 *mssecmgr.ocx<br />
7105b17d07fd5b30d5386862a3b9cc1ff53a2398 *nteps32.ocx<br />
5fdd7f613db43a5b0dbec8583d30ea7064983106 *soapr32.ocx<br />
faaef4933e5f738e2abaff3089d36801dd871e89 *ccalc32.sys<br />
8b591dd7cd44d8abae7024ca2cc26034457dd50e *mscrypt.dat<br />
25fc20eedd7bfca26cf5fad1fade13b05c9a2d20 *00004069.ex_<br />
e608a6d9f0ab379e62119656e30eef12542f2263 *00004784.dl_<br />
5fdd7f613db43a5b0dbec8583d30ea7064983106 *00005729.dl_<br />
7a1351c084a556bdceaf221a43cb69579ca7b9bb *00006411.dl_<br />
d4b21620d68fdc44caa20362a417b251ff833761 *boot32drv.sys<br />
Figure 4 – SHA-1 hashes of the malware’s components<br />
<strong>Lab</strong>oratory of Cryptography and System Security (<strong>CrySyS</strong>)<br />
Budapest University of Technology and Economics<br />
www.crysys.hu 12