Shifting yourself to space

September 17, 2011

Shrug, Mebromi

Filed under: Uncategorized — shift32 @ 11:44 pm

Some updates regarding Mebromi

I have finished reversing almost 75% of the driver code, it does not seem to be very interesting
however, I lack a lot BIOS internals knowledge, and for those who have not already found it on
themselves there is a marvelous tutorial by Pinczakko
there is also a good phrack article which explains most if it

My guess? this malware is only a preparation for something else, bigger, harder, stronger
BIOS malwares aren’t very wide nowadays due to bios’s requiring code signed, award doesn’t require it
or that it contains bugs that people are able to exploit.

I shall not continue the analysis of the usermode/BIOS part as they are quite irrelevant/not interesting enough,
for those who wish to continue my research I could lend you the idb’s (one encrypted .text and rodata and another decrypted idb, sorry, cba to migrate the comments etc)

I have seen a few samples of TDL using some Bitcoin miner, and ZeroAccess also looks quite interesting

Sorry for all those who looked for some exciting post, there won’t be any ; /


1 Comment »

  1. I was looking forward to more 😦

    Comment by c — September 27, 2011 @ 6:42 pm | Reply

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at