Cutwail : Malware With a Crash Reporting Feature.

Cutwail Spam component is a part of PushDo Botnet . Recently I was analysing Cutwail and came across an interesting patch reporting functionality in Cutwail .

It starts with Fixing IAT ( Import Address Table ) to correct corresponding addresses . This is done because this component of Pushdo is loaded and executed thought process Tunnelling / RunPE method

 
0
Kudos
 
0
Kudos

Now read this

A Guide to Malware Binary Reconstruction

Often we come across times where binary reconstruction while analyzing malware / unpacking malware is required . Taking leverage of automated tools is not always useful, sometimes manual reconstruction is required. In this blog we will... Continue →