Just in case of "ninja edits" and further "reinventions" their original fuckup article attached here for comedy section purposes.
It uses number of mentions:
invisible - 10 (invisible ransomware just think about this)
government - 8
espionage - 2
Here and there quotes from "elite team of experts", which contains one member -> Udi Shamir, Head of Research, must be this one? https://github.com/udishamir
We have entered a new era
highly advanced anti-debugging and anti-reverse-engineering.
heavily packed and encrypted using mutated Yoda packer
Not to mention idio.., oh I mean "elite team of experts" as always mess usage of Nt* and Zw* functions from NTDLL, thinking they are different.
In this stage, the malware launches its anti-debugging magic using ‘PAGE_GUARD’ method, allocating
memory region and passing it as ‘PC_CLIENT’ parameter
to NtOpenProcess function. If a debugger is attached, the
call to NtOpenProcess will succeed, and the malware will
call ZwTermintaeProcess function and then exit.
Antidebugging? PC_CLIENT? I'm using Native API since beginning of 200x but now I found something I don't know, must be it is too elite for me. Strange MS also don't know - http://msdn.microsoft.com/en-us/library ... s.85).aspx
, such a wise experts, found something new in Windows even their dev's don't know.
Antidebugging magic? Magic.
You do not have the required permissions to view the files attached to this post.