Bootkit: Win32/Gapz

Forum for analysis and discussion about malware.
Posts: 116
Joined: Thu Dec 15, 2011 12:47 pm

Thu May 16, 2013 1:20 am

1f206ea64fb3ccbe0cd7ff7972bef2592bb30c84 attached
e4b64c3672e98dc78c5a356a68f89e02154ce9a6,85fb77682705b06a77d73638df3b22ac1dbab78b here ... apz#p17397
You do not have the required permissions to view the files attached to this post.
User avatar
Posts: 25
Joined: Sun Mar 04, 2012 10:53 pm
Location: here, there and everywhere

Tue May 21, 2013 7:55 pm

Slides from CARO2013 by Matrosov and Rodionov.

Title: Advanced Evasion Techniques by Win32/Gapz ... -win32gapz
User avatar
Posts: 119
Joined: Tue Feb 05, 2013 10:26 pm
Location: Israel

Sun Oct 06, 2013 10:54 am

Recon 2013 - Reconstructing Gapz: Position-Independent Code Analysis Problem by Aleksandr Matrosov and Eugene Rodionov (2013)

Watch or download the video here
Posts: 1
Joined: Fri Jul 26, 2013 7:00 pm

Mon Oct 21, 2013 7:29 pm

360Tencent wrote:1f206ea64fb3ccbe0cd7ff7972bef2592bb30c84 attached
e4b64c3672e98dc78c5a356a68f89e02154ce9a6,85fb77682705b06a77d73638df3b22ac1dbab78b here ... apz#p17397
I tested this sample under Virtualbox, win7 sp1, I only had success with Kaspersky products (success with their rescue cd and Tdsskiller) and MBAR. The on-demand and full installation scanners I tried didn't detect anything (HitmanPro, MBAM, Avast, Avira, VIPRE, Emsisoft, Comodo Cleaning Essentials, ComboFix)

Anyway, thanks for this interesting sample
Posts: 1
Joined: Wed Mar 27, 2019 1:46 pm

Wed Mar 27, 2019 1:55 pm

Hello from a distant and funny past (especially, for guys from eset)

Full (unstructured) source code:
Post Reply