Full disclousure deep technical analisys below. Beware !!!

Jan 20, 2010

IE 0day CVE-2010-0249 – Exploiting the mass… – Part 3

SHELLCODE STAGE

As usal the shellcode has a first step decryption routine (simply xor)

sc-decrypt

followed by dll loading and finding external function reference address:

sc-loadlib-getfuncaddr

 

Then the 2nd stage malware is downloaded and stored in special local path file name f.exe

sc-download

and is executed

sc-createprocess

No comments:

Post a Comment