Search found 72 matches

by t4L
Mon Sep 17, 2018 8:43 pm
Forum: Kernel-Mode Development
Topic: PG check
Replies: 4
Views: 1233

Re: PG check

You can safely assume that PG is running on all of x64 platforms. :mrgreen:
by t4L
Wed Aug 22, 2018 12:50 am
Forum: Kernel-Mode Development
Topic: Entry point for calling DriverEntry at ntoskrnl (Win10)
Replies: 3
Views: 1732

Re: Entry point for calling DriverEntry at ntoskrnl (Win10)

I think you can just have a dummy WDM driver, put a DbgBreak(); in DriverMain() and does a "k" in windbg.
by t4L
Wed Jun 24, 2015 5:26 pm
Forum: Kernel-Mode Development
Topic: Protection for windows service
Replies: 9
Views: 11399

Re: Protection for windows service

He means you would have to protect the BFE's service registry values so that others cannot tamper them in order to stop the service. Services' information are stored in registry, so that CmRegisterCallback registers registry customized callbacks and therefore you will get notification whenever someo...
by t4L
Mon Jun 22, 2015 11:02 pm
Forum: Malware
Topic: Duqu 2.0
Replies: 18
Views: 32972

Re: Duqu 2.0

That is their intention.
by t4L
Tue Jun 16, 2015 7:25 pm
Forum: User-Mode Development
Topic: [Delphi] 640bit Ring3 Rootkit keeps crashing
Replies: 7
Views: 14683

Re: [Delphi] 640bit Ring3 Rootkit keeps crashing

You need to install Delphi 2020.
by t4L
Tue Jun 16, 2015 12:03 am
Forum: Malware
Topic: Duqu 2.0
Replies: 18
Views: 32972

Re: Duqu 2.0

@xylit0l:

Yeah, they're different by the trigger string, the sample KL posted is the one that is based on passthru.

I just want to take a look at the other sample in first KL Duqu report to see it has anything interesting.
by t4L
Mon Jun 15, 2015 1:51 am
Forum: Malware
Topic: Duqu 2.0
Replies: 18
Views: 32972

Re: Duqu 2.0

Thanks a lot. This sample has the same name but is a little bit different to ones described in Kaspersky report (md5: 2751e4b50a08eb11a84d03f8eb580a4e)
by t4L
Sun Jun 14, 2015 6:07 pm
Forum: Malware
Topic: Duqu 2.0
Replies: 18
Views: 32972

Re: Duqu 2.0

Just seen this uploaded:

https://www.virustotal.com/en/file/bc4a ... /analysis/

ANyone has this driver?
by t4L
Wed Jun 10, 2015 3:56 pm
Forum: Completed Malware Requests
Topic: Trojan-Downloader.Win32.Agent.ddl
Replies: 3
Views: 4131

Re: Trojan-Downloader.Win32.Agent.ddl

Thanks a lot @Xylitol.

@EP_X0FF: yep, its Rustock.C downloader
by t4L
Tue Jun 09, 2015 10:45 pm
Forum: Completed Malware Requests
Topic: Trojan-Downloader.Win32.Agent.ddl
Replies: 3
Views: 4131

Trojan-Downloader.Win32.Agent.ddl

Trojan-Downloader.Win32.Agent.ddl
MD5: 76d554c12cd09fdfc44b9750cd49f18d
Desc: It's just a kernel mode downloader.