Analysis of TDL4
Jump to navigation
Jump to search
(Publication) Google search: [1]
Analysis of TDL4 | |
---|---|
Botnet | TDL-4 |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 2012-10-20 |
Editor/Conference | BAE Systems |
Link | http://baesystemsdetica.blogspot.fr/2012/10/analysis-of-tdl4 8570.html (Archive copy) |
Author | Sergei Shevchenko |
Type |
Abstract
“ Our lab has recently got its hands on a new sample of TDL4, also known as TDSS.
The sample is likely distributed as a dropper file named outlkupd.exe; its file size 1,224Kb. Some of the components that it drops were compiled in July 2012, and some were compiled in September 2012 - so it's relatively a 'fresh' one.
The dropper is packed with an interesting packer that disguises the protected executable underneath as a normal code, with the normal flow and innocent API calls.
Bibtex
@misc{Shevchenko2012BFR1191,
editor = {BAE Systems},
author = {Sergei Shevchenko},
title = {Analysis of TDL4},
date = {20},
month = Oct,
year = {2012},
howpublished = {\url{http://baesystemsdetica.blogspot.fr/2012/10/analysis-of-tdl4_8570.html}},
}