Author Topic: Win32.Harnig commented IDB  (Read 3021 times)

0 Members and 1 Guest are viewing this topic.

August 04, 2009, 07:52:01 pm
Read 3021 times

ocean

  • Special Access
  • Full Member

  • Offline
  • *

  • 49
    • ocean's Inseclab
That dropper contains only a few antidebug/antitrace, TEA decoder and internal PE loader. Since it's not that difficult to reverse engineer, I only published the IDB containing some comments instead of writing a paper about it.

http://inseclab.netsons.org/2009/08/04/win32-harnig-idb-with-comments/

cheers,
ocean

August 20, 2009, 05:27:12 am
Reply #1

Evilcry

  • Special Access
  • Jr. Member

  • Offline
  • *

  • 39
Nice work ocean =)
Deep Root Never Freezes - Tolkien