Имхо интересный тутор
www.reconstructer.org/papers/Peacomm.C%20-%20Cracking%20the%20nutshell.zip

| Сообщение посчитали полезным:

It's an analysis of the malware Peacomm.C aka StormWorm. It mainly focuses on extracting the native Peacomm.C code from the original crypted/packed code and all things that happens on this way, like: XOR + TEA decryption, TIBS unpacking, defeating Anti-Debugging code, files dropping, driver-code infection, VM-detection tricks and all the nasty things the rootkit-driver does.

-----
may all your PUSHes be POPed!

| Сообщение посчитали полезным: