Author Topic: New ZBots and Emulation/Virtualization  (Read 1882 times)

0 Members and 1 Guest are viewing this topic.

October 12, 2009, 08:15:11 pm
Read 1882 times

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
http://sunbeltblog.blogspot.com/2009/10/new-zbots-and-emulationvirtualization.html

Quote
In my talk at the University of Florida (video link here) i pointed out how important correct error handling in Emulation/Virtualization is. Today we got new ZBot samples and they are using exactly that to avoid generic emulation / unpacking. I had 5 min time to take a couple of Screenshots and to add some comments to it. So here is a closer look to the tartup-code of these ZBots.
Ruining the bad guy's day