qcred11
Apr 30 2004, 04:54 PM
Very nice paper. Worth to read.
| QUOTE |
This paper attempts to document an approach to reverse engineering malicious software. The reason for highlighting the process itself, instead of concentrating solely on specifics of the program is two-fold. First, there are still many unanswered questions about the particular trojan discussed in this write-up (srvcp.exe); positioning our findings as comprehensive analysis would be misleading at best. Second, repeatable forensics steps should assist members of the defense community in developing a structured approach to understanding inner-workings of malicious software.
|
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
