SHA-1: D40874EE6702014EB87F0D60AA083B40EABB45F0įile Information clearly indicates the Nullsoft PiMP stub. exe file executed by the victim via classical Social Engineering Attack.Every reverse engineering based analysis starts with the inspection of generic characteristics of the binary that we are dealing with. In our case, as should be obvious, we have to check the PE Anatomy of our sample.įor this kind of task, I use CFF Explorer. Generic Anatomy of Trojan.Bohu Executables Bohu also reaches a malicious sServer and downloads additional components and cConfigurations. Trojan.Bohu acts essentially as a back door that monitors the victim’s web traffic through various search engines. Some of the targeted Antivirus vendors are Kingsoft, Qihoo and Rising.Īccording to Microsoft Malware Protection Center, Bohu is the first wave of trojans that target Cloud based antiviruses.Ī good summary of Bohu’s global appeal can be found here: The Scope
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |