Here's a tool that I've found while lurking around the net...
It's written by
Hellsp@wn (the author of
DiE exe identifier...),
and it's meant to speed up the analysis of the (nowadays) famous Pinch variants.
It intercepts CreateProcessA/CreateProcessW,connect/send etc.,
does not allow the pinch trojans to send data at the .php gate,
and makes a detailed log of functions/activities that get place...
Flash Demonstration:
http://hellspawn.nm.ru/works/info_antipinch.zip
And the tool itself:
http://hellspawn.nm.ru/works/antipinch_0.1.zip
(...ehm,yeah...russian speaking webpage...
it's the
red button you click for the download to start,lol...)
Two notes...at first,I haven't had the time to check it personally,
I simply place the info here as I thought it might be of interest to some people...
thereby the usual concept stands true once again...'at your own risk'
Secondly...the author itself warns/suggests clearly,
to avoid analyzing pinch samples with the above tool if not under a VM,
and to preferably be disconnected from the net and such...
PS:For those interested in similar pinch-related stuff,
check also this older thread...a few basic Olly tricks there as well:
http://www.malwaredomainlist.com/forums/index.php?topic=1537.0
Topic: AntiPinch (Read 5672 times)
