Bootkit: Win32/Gapz

Forum for analysis and discussion about malware.
360Tencent
Posts: 116
Joined: Thu Dec 15, 2011 12:47 pm

Re: Gapz A, B, C

Post by 360Tencent » Thu May 16, 2013 1:20 am

1f206ea64fb3ccbe0cd7ff7972bef2592bb30c84 attached
19d1aaef16cf892bd8e0ea37fff29feeb540fd122b288b7aae4a4212a2dbd93b.zip
e4b64c3672e98dc78c5a356a68f89e02154ce9a6,85fb77682705b06a77d73638df3b22ac1dbab78b here

http://www.kernelmode.info/forum/viewto ... apz#p17397
You do not have the required permissions to view the files attached to this post.

User avatar
secObs
Posts: 25
Joined: Sun Mar 04, 2012 10:53 pm
Location: here, there and everywhere
Contact:

Re: Bootkit: Win32/Gapz

Post by secObs » Tue May 21, 2013 7:55 pm

Slides from CARO2013 by Matrosov and Rodionov.

Title: Advanced Evasion Techniques by Win32/Gapz

http://www.slideshare.net/matrosov/adva ... -win32gapz

User avatar
r3shl4k1sh
Posts: 119
Joined: Tue Feb 05, 2013 10:26 pm
Location: Israel
Contact:

Re: Bootkit: Win32/Gapz

Post by r3shl4k1sh » Sun Oct 06, 2013 10:54 am

Recon 2013 - Reconstructing Gapz: Position-Independent Code Analysis Problem by Aleksandr Matrosov and Eugene Rodionov (2013)

Watch or download the video here

AnotherLife
Posts: 1
Joined: Fri Jul 26, 2013 7:00 pm

Re: Gapz A, B, C

Post by AnotherLife » Mon Oct 21, 2013 7:29 pm

360Tencent wrote:1f206ea64fb3ccbe0cd7ff7972bef2592bb30c84 attached
19d1aaef16cf892bd8e0ea37fff29feeb540fd122b288b7aae4a4212a2dbd93b.zip
e4b64c3672e98dc78c5a356a68f89e02154ce9a6,85fb77682705b06a77d73638df3b22ac1dbab78b here

http://www.kernelmode.info/forum/viewto ... apz#p17397
I tested this sample under Virtualbox, win7 sp1, I only had success with Kaspersky products (success with their rescue cd and Tdsskiller) and MBAR. The on-demand and full installation scanners I tried didn't detect anything (HitmanPro, MBAM, Avast, Avira, VIPRE, Emsisoft, Comodo Cleaning Essentials, ComboFix)

Anyway, thanks for this interesting sample
:geek:

Post Reply