Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Steamunlocked malware?
Message
<blockquote data-quote="struppigel" data-source="post: 1055844" data-attributes="member: 86910"><p>I don't see a relation to these articles and I understood them as just being examples how malware abuses legitimate files.</p><p>I do not know what malware family this is because I did not really analyse it yet.</p><p></p><p>Yes, it is difficult to analyse because of many anti reversing mechanisms used. This might need several days of work which is why I am probably not doing it in my free time. But it is <strong><span style="color: rgb(226, 80, 65)">not</span></strong> difficult to see that the file has been malicously patched and it should have been picked up by analysts. The patch is at the entry point which is the very first thing an analyst looks at when opening the file in a disassembler. Finding the original file for comparison is also easy enough to do with VT access, which all major AV companies will hopefully provide to analysts. However, it is indeed likely that no human analyst ever saw the file when it was declared clean.</p></blockquote><p></p>
[QUOTE="struppigel, post: 1055844, member: 86910"] I don't see a relation to these articles and I understood them as just being examples how malware abuses legitimate files. I do not know what malware family this is because I did not really analyse it yet. Yes, it is difficult to analyse because of many anti reversing mechanisms used. This might need several days of work which is why I am probably not doing it in my free time. But it is [B][COLOR=rgb(226, 80, 65)]not[/COLOR][/B] difficult to see that the file has been malicously patched and it should have been picked up by analysts. The patch is at the entry point which is the very first thing an analyst looks at when opening the file in a disassembler. Finding the original file for comparison is also easy enough to do with VT access, which all major AV companies will hopefully provide to analysts. However, it is indeed likely that no human analyst ever saw the file when it was declared clean. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
