Thursday, November 3, 2011

Step by step binary analysis with Frankie Li ( dg003.exe dropper from "XinTang Event.chm" )


With the express written permission from the author, here is a an excellent paper "A Detailed Analysis of an Advanced Persistent Threat Malware" and the corresponding malware sample, which you can reverse engineer following step by step explanation by the author Frankie Li (http://espionageware.blogspot.com/)- from vxrl.org (Valkyrie-X Security Research Group)

Another great analysis from the same group of another CHM file can be found here: Evidence of Advanced Persistent Threat: A Case Study of Malware for Political Espionage (paper for IEEE 6th International Conference on Malicious and Unwanted Software (Malware 2011)).

Do you wonder if your sample APT or just crimeware? Use their Xecure Deezer - APT identification engine 

  General File Information

File: dg003.exe
Size: 196608
MD5:  4EC0027BEF4D7E1786A04D021FA8A67F

Download

4 comments:

  1. Thanks for sharing your knowledge of malware. pardon my bad English.

    a greeting

    ReplyDelete
  2. @Anonymous i will assume you mean Frankie

    ReplyDelete
  3. Mila,Yeah, Thanks for posting! I really enjoyed the report. I’ve already bookmark this article.

    ReplyDelete