11
12
1121
122111
112213
12221131
1123123111
12213111213113
11221131132111311231
12221231123121133112213111
What is the next?
Hint : AntNumber
Friday, September 11, 2009
Thursday, September 10, 2009
Digital Sigining
Step 1) Non Packing - MFC Project
Step 2) Themida
Step 3) Themida + Digital Sigining
http://window31.com/318
| Anti-Virus | Version | Date | Result |
| a-squared | 4.5.0.24 | 2009.09.09 | - |
| AhnLab-V3 | 5.0.0.2 | 2009.09.08 | - |
| AntiVir | 7.9.1.12 | 2009.09.08 | - |
| Antiy-AVL | 2.0.3.7 | 2009.09.09 | - |
| Authentium | 5.1.2.4 | 2009.09.08 | - |
| Avast | 4.8.1351.0 | 2009.09.08 | - |
| AVG | 8.5.0.409 | 2009.09.09 | - |
| BitDefender | 7.2 | 2009.09.09 | - |
| CAT-QuickHeal | 10.00 | 2009.09.09 | - |
| ClamAV | 0.94.1 | 2009.09.09 | - |
| Comodo | 2204 | 2009.09.09 | - |
| DrWeb | 5.0.0.12182 | 2009.09.09 | - |
| eSafe | 7.0.17.0 | 2009.09.08 | - |
| eTrust-Vet | 31.6.6726 | 2009.09.08 | - |
| F-Prot | 4.5.1.85 | 2009.09.08 | - |
| F-Secure | 8.0.14470.0 | 2009.09.09 | - |
| Fortinet | 3.120.0.0 | 2009.09.09 | - |
| GData | 19 | 2009.09.09 | - |
| Ikarus | T3.1.1.72.0 | 2009.09.09 | - |
| Jiangmin | 11.0.800 | 2009.09.08 | - |
| K7AntiVirus | 7.10.839 | 2009.09.08 | - |
| Kaspersky | 7.0.0.125 | 2009.09.09 | - |
| McAfee | 5735 | 2009.09.08 | - |
| McAfee+Artemis | 5735 | 2009.09.08 | - |
| McAfee-GW-Edition | 6.8.5 | 2009.09.08 | - |
| Microsoft | 1.5005 | 2009.09.08 | - |
| NOD32 | 4408 | 2009.09.09 | - |
| Norman | 6.01.09 | 2009.09.08 | - |
| nProtect | 2009.1.8.0 | 2009.09.08 | - |
| Panda | 10.0.2.2 | 2009.09.08 | - |
| PCTools | 4.4.2.0 | 2009.09.07 | - |
| Prevx | 3.0 | 2009.09.09 | - |
| Rising | 21.46.20.00 | 2009.09.09 | - |
| Sophos | 4.45.0 | 2009.09.09 | - |
| Sunbelt | 3.2.1858.2 | 2009.09.09 | - |
| Symantec | 1.4.4.12 | 2009.09.09 | - |
| TheHacker | 6.3.4.3.398 | 2009.09.09 | - |
| TrendMicro | 8.950.0.1094 | 2009.09.08 | - |
| VBA32 | 3.12.10.10 | 2009.09.08 | - |
| ViRobot | 2009.9.9.1924 | 2009.09.09 | - |
| VirusBuster | 4.6.5.0 | 2009.09.08 | - |
Step 2) Themida
 |
| Anti-Virus | Version | Date | Result |
| a-squared | 4.5.0.24 | 2009.09.09 | - |
| AhnLab-V3 | 5.0.0.2 | 2009.09.08 | - |
| AntiVir | 7.9.1.12 | 2009.09.08 | TR/Crypt.TPM.Gen |
| Antiy-AVL | 2.0.3.7 | 2009.09.09 | - |
| Authentium | 5.1.2.4 | 2009.09.08 | W32/Heuristic-210!Eldorado |
| Avast | 4.8.1351.0 | 2009.09.08 | - |
| AVG | 8.5.0.409 | 2009.09.09 | - |
| BitDefender | 7.2 | 2009.09.09 | - |
| CAT-QuickHeal | 10.00 | 2009.09.09 | (Suspicious) - DNAScan |
| ClamAV | 0.94.1 | 2009.09.09 | - |
| Comodo | 2203 | 2009.09.09 | Heur.Pck.Themida |
| DrWeb | 5.0.0.12182 | 2009.09.09 | - |
| eSafe | 7.0.17.0 | 2009.09.08 | - |
| eTrust-Vet | 31.6.6726 | 2009.09.08 | - |
| F-Prot | 4.5.1.85 | 2009.09.08 | W32/Heuristic-210!Eldorado |
| F-Secure | 8.0.14470.0 | 2009.09.09 | Suspicious:W32/Malware!Gemini |
| Fortinet | 3.120.0.0 | 2009.09.09 | - |
| GData | 19 | 2009.09.09 | - |
| Ikarus | T3.1.1.72.0 | 2009.09.09 | - |
| Jiangmin | 11.0.800 | 2009.09.08 | - |
| K7AntiVirus | 7.10.839 | 2009.09.08 | - |
| Kaspersky | 7.0.0.125 | 2009.09.09 | - |
| McAfee | 5735 | 2009.09.08 | - |
| McAfee+Artemis | 5735 | 2009.09.08 | Suspect-29!85A01CC38DEF |
| McAfee-GW-Edition | 6.8.5 | 2009.09.08 | Heuristic.LooksLike.Win32.Suspicious.J |
| Microsoft | 1.5005 | 2009.09.08 | - |
| NOD32 | 4408 | 2009.09.09 | - |
| Norman | 6.01.09 | 2009.09.08 | - |
| nProtect | 2009.1.8.0 | 2009.09.08 | - |
| Panda | 10.0.2.2 | 2009.09.08 | - |
| PCTools | 4.4.2.0 | 2009.09.07 | Packed/Themida.RGa |
| Prevx | 3.0 | 2009.09.09 | Medium Risk Malware |
| Rising | 21.46.20.00 | 2009.09.09 | - |
| Sophos | 4.45.0 | 2009.09.09 | Sus/ComPack-C |
| Sunbelt | 3.2.1858.2 | 2009.09.09 | - |
| Symantec | 1.4.4.12 | 2009.09.09 | - |
| TheHacker | 6.3.4.3.398 | 2009.09.09 | W32/Behav-Heuristic-064 |
| TrendMicro | 8.950.0.1094 | 2009.09.09 | - |
| VBA32 | 3.12.10.10 | 2009.09.08 | - |
| ViRobot | 2009.9.9.1924 | 2009.09.09 | - |
| VirusBuster | 4.6.5.0 | 2009.09.08 | - |
Step 3) Themida + Digital Sigining
 |
| Anti-Virus | Version | Date | Result |
| a-squared | 4.5.0.24 | 2009.09.09 | - |
| AhnLab-V3 | 5.0.0.2 | 2009.09.08 | - |
| AntiVir | 7.9.1.12 | 2009.09.08 | - |
| Antiy-AVL | 2.0.3.7 | 2009.09.09 | - |
| Authentium | 5.1.2.4 | 2009.09.08 | W32/Heuristic-210!Eldorado |
| Avast | 4.8.1351.0 | 2009.09.08 | - |
| AVG | 8.5.0.409 | 2009.09.09 | - |
| BitDefender | 7.2 | 2009.09.09 | - |
| CAT-QuickHeal | 10.00 | 2009.09.09 | (Suspicious) - DNAScan |
| ClamAV | 0.94.1 | 2009.09.09 | - |
| Comodo | 2203 | 2009.09.09 | Heur.Pck.Themida |
| DrWeb | 5.0.0.12182 | 2009.09.09 | - |
| eSafe | 7.0.17.0 | 2009.09.08 | - |
| eTrust-Vet | 31.6.6726 | 2009.09.08 | - |
| F-Prot | 4.5.1.85 | 2009.09.08 | W32/Heuristic-210!Eldorado |
| F-Secure | 8.0.14470.0 | 2009.09.09 | Suspicious:W32/Malware!Gemini |
| Fortinet | 3.120.0.0 | 2009.09.09 | - |
| GData | 19 | 2009.09.09 | - |
| Ikarus | T3.1.1.72.0 | 2009.09.09 | - |
| Jiangmin | 11.0.800 | 2009.09.08 | - |
| K7AntiVirus | 7.10.839 | 2009.09.08 | - |
| Kaspersky | 7.0.0.125 | 2009.09.09 | - |
| McAfee | 5735 | 2009.09.08 | - |
| McAfee+Artemis | 5735 | 2009.09.08 | - |
| McAfee-GW-Edition | 6.8.5 | 2009.09.08 | - |
| Microsoft | 1.5005 | 2009.09.08 | - |
| NOD32 | 4408 | 2009.09.09 | - |
| Norman | 6.01.09 | 2009.09.08 | - |
| nProtect | 2009.1.8.0 | 2009.09.08 | - |
| Panda | 10.0.2.2 | 2009.09.08 | - |
| PCTools | 4.4.2.0 | 2009.09.07 | Packed/Themida.RGa |
| Prevx | 3.0 | 2009.09.09 | Medium Risk Malware |
| Rising | 21.46.20.00 | 2009.09.09 | - |
| Sophos | 4.45.0 | 2009.09.09 | - |
| Sunbelt | 3.2.1858.2 | 2009.09.09 | - |
| Symantec | 1.4.4.12 | 2009.09.09 | - |
| TheHacker | 6.3.4.3.398 | 2009.09.09 | W32/Behav-Heuristic-064 |
| TrendMicro | 8.950.0.1094 | 2009.09.09 | - |
| VBA32 | 3.12.10.10 | 2009.09.08 | - |
| ViRobot | 2009.9.9.1924 | 2009.09.09 | - |
| VirusBuster | 4.6.5.0 | 2009.09.08 | - |
http://window31.com/318
Wednesday, September 9, 2009
Crash On Demand
Registry Key
PS/2 Keyboard: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i8042prt\Parameters
USB Keyboard: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbdhid\Parameters
Value: CrashOnCtrlScroll
Data Type: DWORD
Data: 1
[Link]
Forcing a System Crash from the Keyboard : http://msdn.microsoft.com/en-us/library/cc266483.aspx
Windows feature lets you generate a memory dump file by using the keyboard : http://support.microsoft.com/kb/244139
Overview of memory dump file options for Windows Vista, Windows Server 2008, Windows Server 2003, Windows XP, and Windows 2000 : http://support.microsoft.com/kb/254649/
PS/2 Keyboard: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i8042prt\Parameters
USB Keyboard: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbdhid\Parameters
Value: CrashOnCtrlScroll
Data Type: DWORD
Data: 1
[Link]
Forcing a System Crash from the Keyboard : http://msdn.microsoft.com/en-us/library/cc266483.aspx
Windows feature lets you generate a memory dump file by using the keyboard : http://support.microsoft.com/kb/244139
Overview of memory dump file options for Windows Vista, Windows Server 2008, Windows Server 2003, Windows XP, and Windows 2000 : http://support.microsoft.com/kb/254649/
Monday, September 7, 2009
SockMon2010 (10) Beta8 Release
Target support system: NT/2000/2003/XP/VISTA/SERVER2008/WIN7
Functional improvements:
01 "interface improvements, support for API parameters see the tree.
02 "increase in the number of API support, reaching 26 SOCKET common API.
03 "overlapping asynchronous IO data monitoring.
04 "to support asynchronous completion routine data monitoring.
05 "support services and system monitoring program data.
06 "support for records editing functions (delete, delete according to the conditions, according to conditions, reservations, export, view, etc.).
07 "support for VISTA Protected Mode IE with WINDOWS7 systems intercept (Beta3).
08 "support the view the call stack and exception handling function chain (Beta4).
09 "to support the completion of the port asynchronous data monitoring (Beta5/Beta6).
10 "increase the recording mode and enhanced HTML export filter function (Beta8). (View sample)
Installed, re-starting the process to monitor, you can intercept the data to the process.
VC + + UDP to achieve reliable transmission (file) (virtual TCP3.0)
Keywords:
Reliable transmission using UDP.
The use of UDP and reliable file transfer.
A reliable transport protocol to use UDP protocol RDUP.
The use of UDP to achieve a reliable file transfer.
Using the UDP protocol to achieve reliable transmission of data.
UDP-based reliable data transfer protocol.
Reliable transmission of a UDP congestion control methods.
Related Technology:
RUDP Protocol: Reliable User Datagram Protocol (RUDP: Reliable & nbspUDP).
UDT Protocol - UDP-based reliable data transfer protocol | UDT, protocol, UDP, reliable data transmission, protocol.
UDP error-free transfer files or data.
Download VTCP System SDK: http://www.cnasm.com/down/vtcp3.0sdk.rar
VTCP3.0 to achieve a reliable transmission algorithm for UDP Introduction
The Themida is recognized as a virus.
NOD32 is followed by PCTools.
The Themida packing is recognized as a virus.
The Themida packing is recognized as a virus.
CWE : Common Weakness Enumeration
International in scope and free for public use, CWE™ provides a unified, measurable set of software weaknesses that is enabling more effective discussion, description, selection, and use of software security tools and services that can find these weaknesses in source code and operational systems as well as better understanding and management of software weaknesses related to architecture and design.
CWE List Download : http://cwe.mitre.org/data/index.html, http://cwe.mitre.org/data/published/cwe_v1.5.pdf
Link
Subscribe to:
Posts (Atom)
Posts
