Retrieving a “signature” could be as simple as generating a digital signature via hashing for the virus(es) respective binaries. MD5 or SHA. I.E. implementing the following functionality in your code that I’m sure you’ve already started…: md5sum virus -> md5hashofvirus | md5sum virus2 -> md5hashofvirus2 Complete dossier of md5sum available here. MD5 implementation in C … Read more
After digging though the obfuscated code untangling a number of preg_replace, eval, create_function statements, this is my try on explaining what the code does: The code will start output buffering and register a callback function triggered at the end of buffering, e.g. when the output is to be sent to the web server. First, the … Read more
Basically it downloads a file from; http://dl.dropboxusercontent.com/s/nldqctnbvlez42b/******.dat?dl=1 (obfuscated link, don’t want anyone downloading it by mistake) …to c:\temp and registers it in the system using; regsvr32 /s <filename> The real evil is probably in the downloaded file (which I’m not going to download 🙂 ) 3 solved Code inside this undetectable malware [closed]