Author Topic: AntiPinch  (Read 3612 times)

0 Members and 1 Guest are viewing this topic.

February 09, 2008, 01:06:19 am
Read 3612 times

sowhat-x

  • Guest
Here's a tool that I've found while lurking around the net...
It's written by Hellsp@wn (the author of DiE exe identifier...),
and it's meant to speed up the analysis of the (nowadays) famous Pinch variants.
It intercepts CreateProcessA/CreateProcessW,connect/send etc.,
does not allow the pinch trojans to send data at the .php gate,
and makes a detailed log of functions/activities that get place...

Flash Demonstration:
Quote
http://hellspawn.nm.ru/works/info_antipinch.zip
And the tool itself:
Quote
http://hellspawn.nm.ru/works/antipinch_0.1.zip
(...ehm,yeah...russian speaking webpage...
it's the red button you click for the download to start,lol...)

Two notes...at first,I haven't had the time to check it personally,
I simply place the info here as I thought it might be of interest to some people...
thereby the usual concept stands true once again...'at your own risk'  :)
Secondly...the author itself warns/suggests clearly,
to avoid analyzing pinch samples with the above tool if not under a VM,
and to preferably be disconnected from the net and such...

PS:For those interested in similar pinch-related stuff,
check also this older thread...a few basic Olly tricks there as well:
http://www.malwaredomainlist.com/forums/index.php?topic=1537.0

May 23, 2008, 02:40:03 pm
Reply #1

sowhat-x

  • Guest
Sources got released as well...
Quote
http://hellspawn.nm.ru/works/antipinch02scr.zip
(...it's the red button you click for the download to start...)  ;)