Bootkit: Win32/Gapz

Forum for analysis and discussion about malware.

Re: Gapz A, B, C

Postby 360Tencent » Thu May 16, 2013 1:20 am

1f206ea64fb3ccbe0cd7ff7972bef2592bb30c84 attached

19d1aaef16cf892bd8e0ea37fff29feeb540fd122b288b7aae4a4212a2dbd93b.zip


e4b64c3672e98dc78c5a356a68f89e02154ce9a6,85fb77682705b06a77d73638df3b22ac1dbab78b here

viewtopic.php?f=16&t=2306&hilit=gapz#p17397
You do not have the required permissions to view the files attached to this post.
360Tencent
 
Posts: 116
Joined: Thu Dec 15, 2011 12:47 pm
Reputation point: 52

Re: Bootkit: Win32/Gapz

Postby secObs » Tue May 21, 2013 7:55 pm

Slides from CARO2013 by Matrosov and Rodionov.

Title: Advanced Evasion Techniques by Win32/Gapz

http://www.slideshare.net/matrosov/advanced-evasion-techniques-by-win32gapz
User avatar
secObs
 
Posts: 25
Joined: Sun Mar 04, 2012 10:53 pm
Location: here, there and everywhere
Reputation point: 22

Re: Bootkit: Win32/Gapz

Postby r3shl4k1sh » Sun Oct 06, 2013 10:54 am

Recon 2013 - Reconstructing Gapz: Position-Independent Code Analysis Problem by Aleksandr Matrosov and Eugene Rodionov (2013)

Watch or download the video here
User avatar
r3shl4k1sh
 
Posts: 119
Joined: Tue Feb 05, 2013 10:26 pm
Location: Israel
Reputation point: 41

Re: Gapz A, B, C

Postby AnotherLife » Mon Oct 21, 2013 7:29 pm

360Tencent wrote:1f206ea64fb3ccbe0cd7ff7972bef2592bb30c84 attached

19d1aaef16cf892bd8e0ea37fff29feeb540fd122b288b7aae4a4212a2dbd93b.zip


e4b64c3672e98dc78c5a356a68f89e02154ce9a6,85fb77682705b06a77d73638df3b22ac1dbab78b here

viewtopic.php?f=16&t=2306&hilit=gapz#p17397

I tested this sample under Virtualbox, win7 sp1, I only had success with Kaspersky products (success with their rescue cd and Tdsskiller) and MBAR. The on-demand and full installation scanners I tried didn't detect anything (HitmanPro, MBAM, Avast, Avira, VIPRE, Emsisoft, Comodo Cleaning Essentials, ComboFix)

Anyway, thanks for this interesting sample
:geek:
AnotherLife
 
Posts: 1
Joined: Fri Jul 26, 2013 7:00 pm
Reputation point: 0

Previous

Return to Malware

Who is online

Users browsing this forum: No registered users and 15 guests