.This is an analysis of the malware Peacomm.C aka StormWorm. It mainly focuses on extracting the native Peacomm.C code from the original crypted/packed code and all things that happens on this way, like: XOR + TEA decryption, TIBS unpacking, defeating Anti-Debugging code, files dropping, driver-code infection, VM-detection tricks and all the nasty things the rootkit-driver does.
http://www.reconstructer.org/papers.html
cheers,
frank
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}