Win32.Murofet: what day is today?

Discussion in 'malware problems & news' started by Dermot7, Oct 10, 2010.

Thread Status:
Not open for further replies.
  1. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    " Murofet is able to infect executable files by injecting about 2000 bytes of its code at the end of the PE executable section; then the OEP is hijacked to the virus body.

    This small viral code acts as a downloader, used by Murofet to drop on the system its main binary. When the infected file is run, the injected code imports some APIs used by the malware to create a new viral thread and then allows the original infected application to run."

    Looks sophisticated? Thought some might like to see, from Prevx blog:

    http://www.prevx.com/blog/158/WinMurofet-what-day-is-today.html
     
    Dermot7, Oct 10, 2010
    #1
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Thanks for the link etc :thumb:
     
    CloneRanger, Oct 10, 2010
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...