Sunday, April 19, 2009

conficker.e analysis (.exe component) - part 0.1

Finally I have obtained the correctly dump from upx source (md5: 0x677daa8bf951ecce8eae7d7ee0301780) with the right OEP and IAT (Import Address Table) .
Tools: LordPE,ImpRec,Ollydbg 2.0. With IDA the obtained exe file it's loaded correctly.



Before the dump. After the dump with correct OEP:


Some strings:


The following screenshots show something of interesting:


tcpip.sys conficker.e point of view ;):


Feedback are welcome. Regards.

No comments:

Post a Comment