The case of the gethostbyname() exception

While analyzing a malicious bot in OllyDbg (1.10) on my Windows XP SP3 Virtual Machine, I came across an odd exception (0x000006B0) which always occured trying to step over the Windows API function "gethostbyname()". Every time OllyDbg ended up in kernel32.dll after calling RtlRaiseException() (ntdll.dll). Because a search on Google doesn't gave me...

Share:

Read more

Dropper of kernel-mode stealer

While searching for some interesting, unknown malware samples I came across a report that took my attention (http://www.threatexpert.com/report.aspx?md5=9c0744b8119df63371b83724bafe2095). The malware has an user-mode and a kernel-mode component and looks like a legit program at first (.sys + .inf files). By typing one of the created registry entries (NdisrdMP.ndi) into the search mask I discovered...

Share:

Read more