Subject of this analysis is a fascinating piece of malware, which invades Windows desktop
machines and aims at..well, all the things. The analyzed malware consists of a dropper and an
implant, which invades windows processes to steal data from instant messengers, softphones,
browsers and office applications. A fully blown espionage kit, so to say, sophisticated almost.
The implant is able to hook APIs of interest in dedicated remote processes, to steal data on the fly.
More interesting than the malware itself though, is the path to the associated symbol file, which appears embedded in the dropper.
more here...........https://drive.google.com/file/d/0B9Mrr-en8FX4dzJqLWhDblhseTA/view?pli=1
and article on the topic by Motherboard here...http://motherboard.vice.com/read/meet-babar-a-new-malware-almost-certainly-created-by-france
machines and aims at..well, all the things. The analyzed malware consists of a dropper and an
implant, which invades windows processes to steal data from instant messengers, softphones,
browsers and office applications. A fully blown espionage kit, so to say, sophisticated almost.
The implant is able to hook APIs of interest in dedicated remote processes, to steal data on the fly.
More interesting than the malware itself though, is the path to the associated symbol file, which appears embedded in the dropper.
more here...........https://drive.google.com/file/d/0B9Mrr-en8FX4dzJqLWhDblhseTA/view?pli=1
and article on the topic by Motherboard here...http://motherboard.vice.com/read/meet-babar-a-new-malware-almost-certainly-created-by-france