Cross-platform (x32/x64) malware

Forum for analysis and discussion about malware.
Post Reply
User avatar
rkhunter
Posts: 1150
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Cross-platform (x32/x64) malware

Post by rkhunter » Sun Apr 14, 2013 5:22 pm

heard a lot of questions regarding malware that contain x64 modules on board and work fine on x32 and x64 with payload, here an idea to collect some families together;
Last edited by EP_X0FF on Mon Apr 22, 2013 5:28 am, edited 5 times in total.
Reason: list updated

User avatar
EP_X0FF
Global Moderator
Posts: 4775
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: cross-platform (x32/x64) malware

Post by EP_X0FF » Mon Apr 15, 2013 2:58 am

Sinowal has user mode backdoor for x64.
Necurs has a compatible driver agent for x64.
Some of Bankers with rootkit component too.
Ransom Weelsof has x64 module.
Some variants of Koobface too.

x64 modules are not really popular because old win32 code can do most of the job from wow64, except specific injects (IE) etc and having standalone version of malware in dropper increase it size plus pe32+ crypter cost. Maybe when most of browsers will be x64 we will see rise of win64 malware.
Ring0 - the source of inspiration

User avatar
rkhunter
Posts: 1150
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: cross-platform (x32/x64) malware

Post by rkhunter » Tue Apr 16, 2013 5:44 pm

To EP_X0FF: can we pin this topic? Add link to Winnti topic to the first post, please.

User avatar
EP_X0FF
Global Moderator
Posts: 4775
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Cross-platform (x32/x64) malware

Post by EP_X0FF » Thu Apr 18, 2013 2:19 pm

rkhunter wrote:To EP_X0FF: can we pin this topic? Add link to Winnti topic to the first post, please.
Updated and linked here http://www.kernelmode.info/forum/viewto ... =16&t=2680
Ring0 - the source of inspiration

User avatar
R136a1
Forum Admin
Posts: 218
Joined: Wed Jul 13, 2011 4:30 pm
Location: Netherlands

Re: Cross-platform (x32/x64) malware

Post by R136a1 » Thu Apr 18, 2013 2:58 pm


Post Reply