Swimming into Trojan and Rootkit GameThief.Win32.Magania Hostile Code
Page 1 of 1
Swimming into Trojan and Rootkit GameThief.Win32.Magania Hostile Code
Trojan-GameThief.Win32.Magania, according to Kaspersky naming convention, monitors the user activities trying to obtain valuable information from the affected user, especially about gaming login accounts. This long tutorial analyze this malware but is also a general document which explains how to analyze a modern nested-dolls malware.
In this paper we will analyse more deeply the structure of this malware, especially the polymorphic part that represents a typical sample of hostile code. Starting from the first load into IDA we can see that Megania's PE structure and Import Table destroyed, this is how looks from WinGraph:
Download PDF
In this paper we will analyse more deeply the structure of this malware, especially the polymorphic part that represents a typical sample of hostile code. Starting from the first load into IDA we can see that Megania's PE structure and Import Table destroyed, this is how looks from WinGraph:
Download PDF
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» Writing a Trojan in VB
» Windows XP: The Trojan Blocking OS?
» Hackers Disguise Trojan as Win7 Compatibility Checker
» Code execution via shortcuts in Microsoft Windows
» Code execution through SQL Injection
» Windows XP: The Trojan Blocking OS?
» Hackers Disguise Trojan as Win7 Compatibility Checker
» Code execution via shortcuts in Microsoft Windows
» Code execution through SQL Injection
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|