Cutwail : Malware With a Crash Reporting Feature.

Cutwail Spam component is a part of PushDo Botnet . Recently I was analysing Cutwail and came across an interesting patch reporting functionality in Cutwail .

It starts with Fixing IAT ( Import Address Table ) to correct corresponding addresses . This is done because this component of Pushdo is loaded and executed thought process Tunnelling / RunPE method

 
0
Kudos
 
0
Kudos

Now read this

How Cyber Criminals Use Malware To Mine LiteCoins

Recently I came across not so well known downloader trojan . While analysing many interesting things were revealed. Download starts by enumerating a specific list of mutexes opened by all process and if found that particular process is... Continue →