[360Tencent]

1f206ea64fb3ccbe0cd7ff7972bef2592bb30c84 attached

19d1aaef16cf892bd8e0ea37fff29feeb540fd122b288b7aae4a4212a2dbd93b.zip

pw:infected
(362.78 KiB) Downloaded 169 times

e4b64c3672e98dc78c5a356a68f89e02154ce9a6,85fb77682705b06a77d73638df3b22ac1dbab78b here

http://www.kernelmode.info/forum/viewto ... apz#p17397

[secObs]

Slides from CARO2013 by Matrosov and Rodionov.

Title: Advanced Evasion Techniques by Win32/Gapz

http://www.slideshare.net/matrosov/adva ... -win32gapz

[r3shl4k1sh]

Recon 2013 - Reconstructing Gapz: Position-Independent Code Analysis Problem by Aleksandr Matrosov and Eugene Rodionov (2013)

Watch or download the video here

[AnotherLife]

1f206ea64fb3ccbe0cd7ff7972bef2592bb30c84 attached

19d1aaef16cf892bd8e0ea37fff29feeb540fd122b288b7aae4a4212a2dbd93b.zip

e4b64c3672e98dc78c5a356a68f89e02154ce9a6,85fb77682705b06a77d73638df3b22ac1dbab78b here

http://www.kernelmode.info/forum/viewto ... apz#p17397

I tested this sample under Virtualbox, win7 sp1, I only had success with Kaspersky products (success with their rescue cd and Tdsskiller) and MBAR. The on-demand and full installation scanners I tried didn't detect anything (HitmanPro, MBAM, Avast, Avira, VIPRE, Emsisoft, Comodo Cleaning Essentials, ComboFix)

Anyway, thanks for this interesting sample
:geek:

[Darkabode]

Hello from a distant and funny past (especially, for guys from eset)

Full (unstructured) source code: https://github.com/Darkabode/zerokit