#ro0ted #OpNewblood What the blackhats don’t want you to know: Dissecting Adware
Load it in exeinfoPE:
Nullsoft is easy. Look it’s going to say it’s crypted:
For kicks let’s check its Crypto I’m guessing CRC32:
We don’t need to do anything complicated. Just open it in 7zip:
And we see all the resources in the folder above it:
You can load the .dll’s one by one if you wanted in Olly or IDA Pro.
I found this interesting file in the directory list:
Let’s reverse the stub….
Just open it in Notepad++:
You can read the Nullsoft stub source here:
And that my friends is how you rip apart Adware….in a jiffy. – https://twitter.com/ro0ted/
Check out my other tuts in my series…. “What the Blackhats don’t want you to know”
Ripping Apart Adware +
(Visited 468 times, 1 visits today)
- You can follow any responses to this entry through the RSS 2.0 feed.
- Both comments and pings are currently closed.