sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex ... - CrySyS Lab
sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex ... - CrySyS Lab
sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex ... - CrySyS Lab
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
HKLM\Security\Policy\PolSecretEncryptionKey – string double compressed in res146<br />
select * from CIM_HostedAccessPoint↑ ? root\cimv2▲ ? Access PointsW –string from<br />
res146, compressed F<br />
HKIU\Software\Microsoft\office -?? res146 compressed string<br />
HKIU\Software\Adobe\Adobe Acrobat – surely interesting from propagation<br />
perspective. res146 compressed string<br />
HKIU\Network – res146 compressed string<br />
HKLM\SAM\SAM\Domains\Account\F♥ P – string from res146 compressed strings<br />
Figure 39 – Items the malware is interested in<br />
<strong>Lab</strong>oratory of Cryptography and System Security (<strong>CrySyS</strong>)<br />
Budapest University of Technology and Economics<br />
www.crysys.hu 40