Author Topic: New ZBots and Emulation/Virtualization  (Read 2084 times)

0 Members and 1 Guest are viewing this topic.

October 12, 2009, 08:15:11 pm
Read 2084 times


  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335

In my talk at the University of Florida (video link here) i pointed out how important correct error handling in Emulation/Virtualization is. Today we got new ZBot samples and they are using exactly that to avoid generic emulation / unpacking. I had 5 min time to take a couple of Screenshots and to add some comments to it. So here is a closer look to the tartup-code of these ZBots.
Ruining the bad guy's day