Sunday, December 21, 2008

.:: Backdoor.Win32.UltimateDefender.gtz - Reversing::.

Abstract : install.exe presents the typical structure of an Medium Evoluted Malware, with basical Obfuscated-Dummy Code, some layer of Encryption decoded at Runtime and Custom Hash Functions used as Integrity Check. We can also see an intersting technique that retrieves API's Addresses OnDemand through a series of hardcoded values that corresponds to some API, the correspondent API Address is computated at runtime and chosen in function of the Hardcoded Value.

Credits : Giuseppe Bonfa

Link to the publication : Backdoor-UltimateDefender.pdf

Links to publication section(s) :



If you wish to publish your research, articles, journal, books, or anything that is related to the community, do contact us at contact.fingers @

- EF

No comments: