Flamer analysis: framework reconstruction
(Publication) Google search: [1]
Flamer analysis: framework reconstruction | |
---|---|
Botnet | Flame |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / Aug 2, 2012 |
Editor/Conference | ESET |
Link | http://blog.eset.com/2012/08/02/flamer-analysis-framework-reconstruction blog.eset.com (blog.eset.com Archive copy) |
Author | Aleksandr Matrosov, Eugene Rodionov |
Type |
Abstract
“ From the very beginning of our analysis of Win32/Flamer it was clear that this was an extremely sophisticated piece of malware which we had never seen before. It implements extremely elaborate programming logic and has an intricate internal structure. At the heart of Flame’s modularity lies a carefully designed architecture allowing all its components interoperability without causing any incompatibilities. In this blog post we will concentrate mainly on the internal architecture of the mssecmgr.ocx module (Flame, Duqu and Stuxnet: in-depth code analysis of mssecmgr.ocx). In the course of our research we analysed several different versions of mssecmgr.ocx and found specific architectural similarities that allow us to reconstruct Flame’s framework.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1076, editor = {ESET}, author = {Aleksandr Matrosov, Eugene Rodionov}, title = {Flamer analysis: framework reconstruction}, date = {02}, month = Aug, year = {2012}, howpublished = {\url{http://blog.eset.com/2012/08/02/flamer-analysis-framework-reconstruction blog.eset.com}}, }