[Forensic Analysis] Virut Sample Forensic Features - Code World

[Forensic Analysis] Virut Sample Forensic Features

Others 2022-04-28 01:27:43 views: 0

1. Network Features

ant.trenz.pl 

ilo.brenz.pl

2. File Features

By locating the file, use PEID to view the file segment. If the condition meets the file with the addition of 7 random character segments, it is determined to be an infected file.

3. Infected characteristics

refer to:

【Virus Analysis】Virut.ce-Infectious Virus Analysis Report

http://www.cnblogs.com/17bdw/p/7776877.html

4. Prove that the normal process space contains malicious code

Dump the memory of the infected process, print the strings in the memory through the Microsoft tool String, and search for the IOC domain name string to see the domain name in the network feature. Note: The PID number 604 in the figure corresponds to the infected Winlogon process.

Try to dump all Winlogon DLLs and print them out with Strings in turn. You can locate which DLL has the injected ShellCode

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325984933&siteId=291194637

[Forensic Analysis] Virut Sample Forensic Features

【Network Security】A powerful forensic analysis tool

Forensic Analysis Based on Android Chat App

Magnet AXIOM 7.8 (Windows) - Digital Forensic Analysis

"Linux binary analysis" ELF binaries under --Linux forensic analysis

Forensic Trace Engineers: Key Players in the Forensic World

Memory forensic tools -volatility, foremost

What is Live Response in Forensic Science

Passware Kit Forensic usage notes

【Windows Forensics】Analysis of Windows Memo Data - Important Data That Is Easily Ignored During Forensic Analysis

Understand electronic forensics through a forensic analysis of nude chat software (competition question WP)

【Electronic data forensic identification】Tool software reliability

Java process will be transferred to "dissecting table" Before, all forensic what did?

Kali Linux Penetration Testing 151 Forensic Tools - Volatility

Kali Linux Penetration Testing 151 Forensic Tools - Volatility

Forensic Lab | Application of Public Key Infrastructure (PKI) in Internet of Vehicles

BP neural network optimized based on forensic investigation algorithm (predictive application) - with code

[Encryption and Decryption] Passware Kit Forensic Violent Aesthetics-Detailed parameter settings for custom decryption of known partial passwords

word sample analysis

Simple analysis of a .net sample

Triathlon pcp sample analysis

Triathlon pcp sample analysis

What is Live Response in Forensic Science

pygplates column - Sample code - Create features (new/query features)

java memory analysis Sample 1

A* algorithm analysis and introduction of sample questions

Analysis of protobuf features

End TTS synthesis: Synthesis of Sample Analysis

Android input method official SoftKeyboard sample analysis

SpringBoot file upload sample code and process analysis

Recommended

微软回应中国区AI团队“打包赴美”传闻

Ranking

How to use ChatGPT to write 100,000+ hot articles for public accounts (includes prompt words)

sudo echo command execution Permission denied

ADO: Using Transactions to Operate Oracle Database

[Java] [Class and Object] equals, hashCode, clone methods

Linux virtual host function

Порт управления rabbitmq открыт

on,where

jQuery WeUI

How can there be a weed pilot in Hangzhou?

tcp / ip model four

Daily

More

2024-05-15(5)

2024-05-14(9)

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)