Saturday, May 2, 2009

conficker.e analysis (.exe component) - part 0.9 - the 3rd of may

These screen shots show what happen on 3rd of may. In a few words is called the "MoveFileEx" Win32 API function. The file name is the ".exe" component name. I have a sort of doubts about this "idle and destroy" method.





No comments:

Post a Comment