Analysis of TDL4
Jump to navigation
Jump to search
(Publication) Google search: [1]
| Analysis of TDL4 | |
|---|---|
| Botnet | TDL-4 |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 2012-10-20 |
| Editor/Conference | BAE Systems |
| Link | http://baesystemsdetica.blogspot.fr/2012/10/analysis-of-tdl4 8570.html (Archive copy) |
| Author | Sergei Shevchenko |
| Type | |
Abstract
“ Our lab has recently got its hands on a new sample of TDL4, also known as TDSS.
The sample is likely distributed as a dropper file named outlkupd.exe; its file size 1,224Kb. Some of the components that it drops were compiled in July 2012, and some were compiled in September 2012 - so it's relatively a 'fresh' one.
The dropper is packed with an interesting packer that disguises the protected executable underneath as a normal code, with the normal flow and innocent API calls.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1191,
editor = {BAE Systems},
author = {Sergei Shevchenko},
title = {Analysis of TDL4},
date = {20},
month = Oct,
year = {2012},
howpublished = {\url{http://baesystemsdetica.blogspot.fr/2012/10/analysis-of-tdl4_8570.html}},
}