Here is a little story of how I approached the malware of the day, I hope to entertain you a little with this light post.
The malware is MFC based, and among all the sections there is one with a suspicious name: “.aspack”. It’s a good starting point, too bad the section is neither packed nor protected. The code is clear, but the strings are encoded using base64. It’s easy to recognize them due to their nature, some samples
more here.......http://zairon.wordpress.com/2014/04/13/gathering-external-information-and-using-the-most-suitable-tool-to-ease-your-malware-analysis/
The malware is MFC based, and among all the sections there is one with a suspicious name: “.aspack”. It’s a good starting point, too bad the section is neither packed nor protected. The code is clear, but the strings are encoded using base64. It’s easy to recognize them due to their nature, some samples
more here.......http://zairon.wordpress.com/2014/04/13/gathering-external-information-and-using-the-most-suitable-tool-to-ease-your-malware-analysis/