Analysis of TDL4

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Analysis of TDL4
Botnet TDL-4
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 2012-10-20
Editor/Conference BAE Systems
Link http://baesystemsdetica.blogspot.fr/2012/10/analysis-of-tdl4 8570.html (Archive copy)
Author Sergei Shevchenko
Type

Abstract

Our lab has recently got its hands on a new sample of TDL4, also known as TDSS.

The sample is likely distributed as a dropper file named outlkupd.exe; its file size 1,224Kb. Some of the components that it drops were compiled in July 2012, and some were compiled in September 2012 - so it's relatively a 'fresh' one.

The dropper is packed with an interesting packer that disguises the protected executable underneath as a normal code, with the normal flow and innocent API calls.

Bibtex

 @misc{Shevchenko2012BFR1191,
   editor = {BAE Systems},
   author = {Sergei Shevchenko},
   title = {Analysis of TDL4},
   date = {20},
   month = Oct,
   year = {2012},
   howpublished = {\url{http://baesystemsdetica.blogspot.fr/2012/10/analysis-of-tdl4_8570.html}},
 }