From simple to complex
 Hex-Rays (hexrays) <info hex-rays com> |
Friday, October 10 2008 17:22.30 CDT |
The last week Elias ran a sample malware in the Bochs emulator and I was curious to see what it exactly does.
So I took the unpacked version of the malware and fed it into the decompiler. It turned out to be a pretty short downloadler (different AV vendors give it different names: Lighty
after the compression method, or FraudLoad, or FakeAlert, etc). Such simple code is very easy to decompile. I renamed some functions and added some
comments to it. The final text looks like this:
Comments
| Posted: Wednesday, December 31 1969 18:00.00 CST | |