A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #21092  by r3shl4k1sh
 Sun Oct 06, 2013 10:54 am
Recon 2013 - Reconstructing Gapz: Position-Independent Code Analysis Problem by Aleksandr Matrosov and Eugene Rodionov (2013)

Watch or download the video here
 #21207  by AnotherLife
 Mon Oct 21, 2013 7:29 pm
360Tencent wrote:1f206ea64fb3ccbe0cd7ff7972bef2592bb30c84 attached
e4b64c3672e98dc78c5a356a68f89e02154ce9a6,85fb77682705b06a77d73638df3b22ac1dbab78b here

http://www.kernelmode.info/forum/viewto ... apz#p17397
I tested this sample under Virtualbox, win7 sp1, I only had success with Kaspersky products (success with their rescue cd and Tdsskiller) and MBAR. The on-demand and full installation scanners I tried didn't detect anything (HitmanPro, MBAM, Avast, Avira, VIPRE, Emsisoft, Comodo Cleaning Essentials, ComboFix)

Anyway, thanks for this interesting sample