Thursday, November 3, 2011

Step by step binary analysis with Frankie Li ( dg003.exe dropper from "XinTang Event.chm" )

With the express written permission from the author, here is a an excellent paper "A Detailed Analysis of an Advanced Persistent Threat Malware" and the corresponding malware sample, which you can reverse engineer following step by step explanation by the author Frankie Li ( from (Valkyrie-X Security Research Group)

Another great analysis from the same group of another CHM file can be found here: Evidence of Advanced Persistent Threat: A Case Study of Malware for Political Espionage (paper for IEEE 6th International Conference on Malicious and Unwanted Software (Malware 2011)).

Do you wonder if your sample APT or just crimeware? Use their Xecure Deezer - APT identification engine 

  General File Information

File: dg003.exe
Size: 196608
MD5:  4EC0027BEF4D7E1786A04D021FA8A67F



  1. Thanks for sharing your knowledge of malware. pardon my bad English.

    a greeting

  2. @Anonymous i will assume you mean Frankie

  3. Mila,Yeah, Thanks for posting! I really enjoyed the report. I’ve already bookmark this article.