Re: New Software- IdleMiner
[ QUOTE ]
Anyhow you can just dumbin the segments to check and see if there are any nonstandard sections (there aren't)
[/ QUOTE ]
Just use some ".code" or ".text" segments and hide the code away using some simple xor-ing, or even better just hide it away in some random data-file or a stenographed image.
[ QUOTE ]
run depends.exe on it and see if its using anything out of the ordinary (like security token functionality, which it isn't).
[/ QUOTE ]
Then once you have unpacked your code at some random time in the future, use these three 'ordinary' functions to drop a ".exe" or ".com" and fire it up:
Kernel32:CreateFileA
Kernel32:WriteFile
Shell32:ShellExecute
I'm not saying your app has anything nasty in it. I'm just pointing out that it's almost impossible to be sure it hasn't.
Juk [img]/images/graemlins/smile.gif[/img]
|