Turbo Unpacking: A Journey into Malicious Packers - Hacker Halted

More documents

Recommendations

Info

Case Study : Gpcode • Gpcode is a ransomware • It will encrypt a specific sets of files (office documents, text, pictures etc) • Uses AES 256 for file encryption • Uses RSA 1024 to protect the AES key from Security companies • Uses custom packers • http://www.securelist.com/en/blog/6165/Ranso mware_GPCode_strikes_back
Case Study : Hflux • Peer 2 Peer Botnet • Very similar to the Waledac botnet • Uses custom packers • http://www.securelist.com/en/blog/20819313 7/Botnet_Shutdown_Success_Story_How_Kas persky_Lab_Disabled_the_Hlux_Kelihos_Botn et
Page 1 and 2: Turbo unpacking: A Journey into Mal
Page 3 and 4: Introduction to « Packers » PECOF
Page 5 and 6: Y0da Crypt Dot Fake Signer • Obfu
Page 7 and 8: With compression Packers UPX Protec
Page 9 and 10: With compression Packers UPX Protec
Page 11 and 12: Standard packed File layout • Ori
Page 13: Challenges of Malicious Packers •
Page 17 and 18: Case Study : CodecPack • Advertis
Page 19 and 20: Conclusion • Don’t bother •

Turbo Unpacking: A Journey into Malicious Packers - Hacker Halted

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?