Abstract : install.exe presents the typical structure of an Medium Evoluted Malware, with basical Obfuscated-Dummy Code, some layer of Encryption decoded at Runtime and Custom Hash Functions used as Integrity Check. We can also see an intersting technique that retrieves API's Addresses OnDemand through a series of hardcoded values that corresponds to some API, the correspondent API Address is computated at runtime and chosen in function of the Hardcoded Value.
Credits : Giuseppe Bonfa
Link to the publication : Backdoor-UltimateDefender.pdf
Links to publication section(s) :
If you wish to publish your research, articles, journal, books, or anything that is related to the community, do contact us at contact.fingers @ gmail.com