Friday, September 11, 2009

AntNumber

11
12
1121
122111
112213
12221131
1123123111
12213111213113
11221131132111311231
12221231123121133112213111

What is the next?
Hint : AntNumber

Thursday, September 10, 2009

Digital Sigining

Step 1) Non Packing - MFC Project

Anti-VirusVersionDateResult
a-squared4.5.0.242009.09.09-
AhnLab-V35.0.0.22009.09.08-
AntiVir7.9.1.122009.09.08-
Antiy-AVL2.0.3.72009.09.09-
Authentium5.1.2.42009.09.08-
Avast4.8.1351.02009.09.08-
AVG8.5.0.4092009.09.09-
BitDefender7.22009.09.09-
CAT-QuickHeal10.002009.09.09-
ClamAV0.94.12009.09.09-
Comodo22042009.09.09-
DrWeb5.0.0.121822009.09.09-
eSafe7.0.17.02009.09.08-
eTrust-Vet31.6.67262009.09.08-
F-Prot4.5.1.852009.09.08-
F-Secure8.0.14470.02009.09.09-
Fortinet3.120.0.02009.09.09-
GData192009.09.09-
IkarusT3.1.1.72.02009.09.09-
Jiangmin11.0.8002009.09.08-
K7AntiVirus7.10.8392009.09.08-
Kaspersky7.0.0.1252009.09.09-
McAfee57352009.09.08-
McAfee+Artemis57352009.09.08-
McAfee-GW-Edition6.8.52009.09.08-
Microsoft1.50052009.09.08-
NOD3244082009.09.09-
Norman6.01.092009.09.08-
nProtect2009.1.8.02009.09.08-
Panda10.0.2.22009.09.08-
PCTools4.4.2.02009.09.07-
Prevx3.02009.09.09-
Rising21.46.20.002009.09.09-
Sophos4.45.02009.09.09-
Sunbelt3.2.1858.22009.09.09-
Symantec1.4.4.122009.09.09-
TheHacker6.3.4.3.3982009.09.09-
TrendMicro8.950.0.10942009.09.08-
VBA323.12.10.102009.09.08-
ViRobot2009.9.9.19242009.09.09-
VirusBuster4.6.5.02009.09.08-

Step 2) Themida



Anti-VirusVersionDateResult
a-squared4.5.0.242009.09.09-
AhnLab-V35.0.0.22009.09.08-
AntiVir7.9.1.122009.09.08TR/Crypt.TPM.Gen
Antiy-AVL2.0.3.72009.09.09-
Authentium5.1.2.42009.09.08W32/Heuristic-210!Eldorado
Avast4.8.1351.02009.09.08-
AVG8.5.0.4092009.09.09-
BitDefender7.22009.09.09-
CAT-QuickHeal10.002009.09.09(Suspicious) - DNAScan
ClamAV0.94.12009.09.09-
Comodo22032009.09.09Heur.Pck.Themida
DrWeb5.0.0.121822009.09.09-
eSafe7.0.17.02009.09.08-
eTrust-Vet31.6.67262009.09.08-
F-Prot4.5.1.852009.09.08W32/Heuristic-210!Eldorado
F-Secure8.0.14470.02009.09.09Suspicious:W32/Malware!Gemini
Fortinet3.120.0.02009.09.09-
GData192009.09.09-
IkarusT3.1.1.72.02009.09.09-
Jiangmin11.0.8002009.09.08-
K7AntiVirus7.10.8392009.09.08-
Kaspersky7.0.0.1252009.09.09-
McAfee57352009.09.08-
McAfee+Artemis57352009.09.08Suspect-29!85A01CC38DEF
McAfee-GW-Edition6.8.52009.09.08Heuristic.LooksLike.Win32.Suspicious.J
Microsoft1.50052009.09.08-
NOD3244082009.09.09-
Norman6.01.092009.09.08-
nProtect2009.1.8.02009.09.08-
Panda10.0.2.22009.09.08-
PCTools4.4.2.02009.09.07Packed/Themida.RGa
Prevx3.02009.09.09Medium Risk Malware
Rising21.46.20.002009.09.09-
Sophos4.45.02009.09.09Sus/ComPack-C
Sunbelt3.2.1858.22009.09.09-
Symantec1.4.4.122009.09.09-
TheHacker6.3.4.3.3982009.09.09W32/Behav-Heuristic-064
TrendMicro8.950.0.10942009.09.09-
VBA323.12.10.102009.09.08-
ViRobot2009.9.9.19242009.09.09-
VirusBuster4.6.5.02009.09.08-

Step 3) Themida + Digital Sigining



Anti-VirusVersionDateResult
a-squared4.5.0.242009.09.09-
AhnLab-V35.0.0.22009.09.08-
AntiVir7.9.1.122009.09.08-
Antiy-AVL2.0.3.72009.09.09-
Authentium5.1.2.42009.09.08W32/Heuristic-210!Eldorado
Avast4.8.1351.02009.09.08-
AVG8.5.0.4092009.09.09-
BitDefender7.22009.09.09-
CAT-QuickHeal10.002009.09.09(Suspicious) - DNAScan
ClamAV0.94.12009.09.09-
Comodo22032009.09.09Heur.Pck.Themida
DrWeb5.0.0.121822009.09.09-
eSafe7.0.17.02009.09.08-
eTrust-Vet31.6.67262009.09.08-
F-Prot4.5.1.852009.09.08W32/Heuristic-210!Eldorado
F-Secure8.0.14470.02009.09.09Suspicious:W32/Malware!Gemini
Fortinet3.120.0.02009.09.09-
GData192009.09.09-
IkarusT3.1.1.72.02009.09.09-
Jiangmin11.0.8002009.09.08-
K7AntiVirus7.10.8392009.09.08-
Kaspersky7.0.0.1252009.09.09-
McAfee57352009.09.08-
McAfee+Artemis57352009.09.08-
McAfee-GW-Edition6.8.52009.09.08-
Microsoft1.50052009.09.08-
NOD3244082009.09.09-
Norman6.01.092009.09.08-
nProtect2009.1.8.02009.09.08-
Panda10.0.2.22009.09.08-
PCTools4.4.2.02009.09.07Packed/Themida.RGa
Prevx3.02009.09.09Medium Risk Malware
Rising21.46.20.002009.09.09-
Sophos4.45.02009.09.09-
Sunbelt3.2.1858.22009.09.09-
Symantec1.4.4.122009.09.09-
TheHacker6.3.4.3.3982009.09.09W32/Behav-Heuristic-064
TrendMicro8.950.0.10942009.09.09-
VBA323.12.10.102009.09.08-
ViRobot2009.9.9.19242009.09.09-
VirusBuster4.6.5.02009.09.08-


http://window31.com/318

Wednesday, September 9, 2009

Crash On Demand

Registry Key
PS/2 Keyboard: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i8042prt\Parameters
USB Keyboard: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbdhid\Parameters
Value: CrashOnCtrlScroll
Data Type: DWORD
Data: 1


[Link]
Forcing a System Crash from the Keyboard : http://msdn.microsoft.com/en-us/library/cc266483.aspx
Windows feature lets you generate a memory dump file by using the keyboard : http://support.microsoft.com/kb/244139
Overview of memory dump file options for Windows Vista, Windows Server 2008, Windows Server 2003, Windows XP, and Windows 2000 : http://support.microsoft.com/kb/254649/

Monday, September 7, 2009

SockMon2010 (10) Beta8 Release



Target support system: NT/2000/2003/XP/VISTA/SERVER2008/WIN7
Functional improvements:
01 "interface improvements, support for API parameters see the tree.
02 "increase in the number of API support, reaching 26 SOCKET common API.
03 "overlapping asynchronous IO data monitoring.
04 "to support asynchronous completion routine data monitoring.
05 "support services and system monitoring program data.
06 "support for records editing functions (delete, delete according to the conditions, according to conditions, reservations, export, view, etc.).
07 "support for VISTA Protected Mode IE with WINDOWS7 systems intercept (Beta3).
08 "support the view the call stack and exception handling function chain (Beta4).
09 "to support the completion of the port asynchronous data monitoring (Beta5/Beta6).
10 "increase the recording mode and enhanced HTML export filter function (Beta8). (View sample)
Installed, re-starting the process to monitor, you can intercept the data to the process.

VC + + UDP to achieve reliable transmission (file) (virtual TCP3.0)

Keywords:
Reliable transmission using UDP.
The use of UDP and reliable file transfer.
A reliable transport protocol to use UDP protocol RDUP.
The use of UDP to achieve a reliable file transfer.
Using the UDP protocol to achieve reliable transmission of data.
UDP-based reliable data transfer protocol.
Reliable transmission of a UDP congestion control methods.
Related Technology:
RUDP Protocol: Reliable User Datagram Protocol (RUDP: Reliable & nbspUDP).
UDT Protocol - UDP-based reliable data transfer protocol | UDT, protocol, UDP, reliable data transmission, protocol.
UDP error-free transfer files or data.

Download VTCP System SDK: http://www.cnasm.com/down/vtcp3.0sdk.rar
VTCP3.0 to achieve a reliable transmission algorithm for UDP Introduction

Dll injection



The Themida is recognized as a virus.



NOD32 is followed by PCTools.
The Themida packing is recognized as a virus.

CWE : Common Weakness Enumeration



International in scope and free for public use, CWE™ provides a unified, measurable set of software weaknesses that is enabling more effective discussion, description, selection, and use of software security tools and services that can find these weaknesses in source code and operational systems as well as better understanding and management of software weaknesses related to architecture and design.


Link