Analysis of TDL4
Revision as of 21:52, 5 August 2015 by Eric.freyssinet (talk | contribs) (Text replacement - " baesystemsdetica.blogspot.fr" to "")
(Publication) Google search: [1]
Analysis of TDL4 | |
---|---|
Botnet | TDL-4 |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 2012-10-20 |
Editor/Conference | BAE Systems |
Link | http://baesystemsdetica.blogspot.fr/2012/10/analysis-of-tdl4 8570.html (Archive copy) |
Author | Sergei Shevchenko |
Type |
Abstract
“ Our lab has recently got its hands on a new sample of TDL4, also known as TDSS.
The sample is likely distributed as a dropper file named outlkupd.exe; its file size 1,224Kb. Some of the components that it drops were compiled in July 2012, and some were compiled in September 2012 - so it's relatively a 'fresh' one.
The dropper is packed with an interesting packer that disguises the protected executable underneath as a normal code, with the normal flow and innocent API calls.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1191, editor = {BAE Systems}, author = {Sergei Shevchenko}, title = {Analysis of TDL4}, date = {20}, month = Oct, year = {2012}, howpublished = {\url{http://baesystemsdetica.blogspot.fr/2012/10/analysis-of-tdl4_8570.html}}, }