By ro0ted | February 28, 2015 - 01:07 | Posted in /b/ | Comments Off on #ro0ted #OpNewblood What the blackhats don’t want you to know: Analyzing Adware
#ro0ted #OpNewblood What the blackhats don’t want you to know: Analyzing Adware
Today we are going to play with adware. Ever went a streaming website and it asks you to download a plugin and/or it says your chrome or firefox/ie say it’s outdated? Well I formatted today so that’s one way I know it’s bs. Let’s actually download the plugin and analyze it. :] – https://twitter.com/ro0ted/
So I click a random movie and I’m interrupted by this screen:
So we download it.
Then we open exeinfoPE:
Okay see where it says EP Section: CODE? Remember that. Open up 7-zip.
Everything we need is here now how do we read it?
First we extract it:
Click .rsrc this will show us what we can see in Resource Hacker:
Remember we talked about the importance of RCData in the Delphi tutorial? If not go back n read. We open Resource Hacker:
Nothing there. Open the code file in Notepad++:
Scroll down….Don’t exit it til you know its all like that:
Now look up that website:
Now ask yourself….is that streaming website really harmless?
Analyzing Adware +
(Visited 536 times, 1 visits today)
- You can follow any responses to this entry through the RSS 2.0 feed.
- Both comments and pings are currently closed.