Cross-platform (x32/x64) malware

Forum for analysis and discussion about malware.

Cross-platform (x32/x64) malware

Postby rkhunter » Sun Apr 14, 2013 5:22 pm

heard a lot of questions regarding malware that contain x64 modules on board and work fine on x32 and x64 with payload, here an idea to collect some families together;

Last edited by EP_X0FF on Mon Apr 22, 2013 5:28 am, edited 5 times in total.
Reason: list updated
User avatar
rkhunter
 
Posts: 1146
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: cross-platform (x32/x64) malware

Postby EP_X0FF » Mon Apr 15, 2013 2:58 am

Sinowal has user mode backdoor for x64.
Necurs has a compatible driver agent for x64.
Some of Bankers with rootkit component too.
Ransom Weelsof has x64 module.
Some variants of Koobface too.

x64 modules are not really popular because old win32 code can do most of the job from wow64, except specific injects (IE) etc and having standalone version of malware in dropper increase it size plus pe32+ crypter cost. Maybe when most of browsers will be x64 we will see rise of win64 malware.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4752
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 562

Re: cross-platform (x32/x64) malware

Postby rkhunter » Tue Apr 16, 2013 5:44 pm

To EP_X0FF: can we pin this topic? Add link to Winnti topic to the first post, please.
User avatar
rkhunter
 
Posts: 1146
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Cross-platform (x32/x64) malware

Postby EP_X0FF » Thu Apr 18, 2013 2:19 pm

rkhunter wrote:To EP_X0FF: can we pin this topic? Add link to Winnti topic to the first post, please.


Updated and linked here viewtopic.php?f=16&t=2680
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4752
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 562

Re: Cross-platform (x32/x64) malware

Postby R136a1 » Thu Apr 18, 2013 2:58 pm

User avatar
R136a1
 
Posts: 215
Joined: Wed Jul 13, 2011 4:30 pm
Location: Germany
Reputation point: 136


Return to Malware

Who is online

Users browsing this forum: No registered users and 6 guests