Cutwail : Malware With a Crash Reporting Feature.

Cutwail Spam component is a part of PushDo Botnet . Recently I was analysing Cutwail and came across an interesting patch reporting functionality in Cutwail .

It starts with Fixing IAT ( Import Address Table ) to correct corresponding addresses . This is done because this component of Pushdo is loaded and executed thought process Tunnelling / RunPE method

 
0
Kudos
 
0
Kudos

Now read this

Relocating BaseAddress Agnostic Memory Dumps

Often times we need a loaded base address of a memory image that needs to be disk realigned in order to load it and parse the binary successfully in binary analysis tools like IDA or debuggers . During linking phase the Preferred Base... Continue →