Log in

View Full Version : ARTeam: Introduction To Malware Techniques and Logics Part 1

Shub-nigurrath
August 28th, 2009, 08:47
Hi all,
a new tutorial from Gunther has been published on our site.

Quote:

Following the great works by EvilCry, I have decided it’s time to release some of my past and present works on Malware Analysis (some of them will be coming soon). This is in the hope of igniting some interests in Malware Analysis via Reverse Engineers’ mindset.
This tutorial is written to provide a better understanding of where to find information and what is the aim of most Trojans. Their aim is simply to steal information or to act as a Bot in a Botnet. Please note that this article has been written for learning purposes and not for complex functionality. In the early days, there were many incidents where users received emails with malicious CHM (Microsoft Compiled HTML Help) and DOC (Microsoft Office Word Document) attachments containing Trojan Riler which is also known as BackDoor-BCB.
So I have decided to impart some of my knowledge on Forensics in order to complete this tutorial, writing “Introduction to Malware Techniques and Logics part 1”. The tutorial will cover different issues:

How to decompile .CHM files.
How to detect and analyse the shellcode
How to dump the backdoor components
How to discover the communication protocol

I hope that this could begin a new chapter in the ongoing series of Reverse Engineering and Forensics guides from ARTeam and spark a new interest.


available for download here:

http://www.accessroot.com/arteam/site/download.php?view.312
JMI
August 28th, 2009, 09:56
Thanks as always Shub for sharing with out readers!



Regards,
APACHE
August 29th, 2009, 10:24
Really a great work.... it really gives an idea of malware's behaviour and very good beginners...and "ARTeam's tutorials"...no one can beat the quality...
Thanx Shub, Gunther..and.... and..... and....... "EVILCRY"

but i thnk a correction would be right (not neceessary if you guys
dont want):

password: infected (not "INFECTED" as given in pdf) and what is the password of <logs.zip> inside this(malware_sample_beware) pass protected archive..
evilcry
August 31st, 2009, 00:23
thank you Apache but the great work is done by Gunther =)

In some day I'll come with another Malware RCE paper

Regards,
Evilcry
Shub-nigurrath
September 7th, 2009, 04:35
in the first page there were wrong password information to open the internal archive, I updated the tutorials online then.
IndiGenus
September 19th, 2009, 20:22
Great tutorial for nubeez like me, thank you.

Question....I don't the the .chm or .doc files in the download package. And I cannot unzip the logs.zip file as it says the infected password is not correct.

Thanks again,
Dave
nEINEI
September 21st, 2009, 01:31
3ks,good
Shub-nigurrath
September 21st, 2009, 05:38
if you download again the package you'll see in the first page updated passwords. The password are two: for the first archive is "infected", for the innser zip it is "password", all smallcaps.
IndiGenus
September 21st, 2009, 07:27
Thank you Shub-nigurrath. I thought I had re-downloaded it but I guess not.
pk.
July 16th, 2013, 11:07
Thank you Shub-nigurrath.