"Skype" Trojan analysis
This trojan uses interesting techniques such as encrypted data, obfuscated function loading, delta based data addressing (for injected code), its own IAT-like array that get injected into the remote processes, the offsets made up to call various subfunctions (no direct cross references), the download of payloads from a remote website for execution on the heap, and etc.
The file was protected with "NTkrnl Secure Suite", a commercial protection system using anti-cracking techniques, polymorphic engines, and other interesting features.
At the Websense blog.
[ Read more ]
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.