![]() ![]() ![]() ![]() We extracted the loader from array21 and took another look at it using ILspy. Afterward, the main procedure is located and executed. The assembly itself is deobfuscated with the call Pacers11370.Paraphrase14854 and then loading using Assembly.Load. Several arrays are visible, with one of them (array21) containing another small. NET decompilers, source code for the cleaned assembly can be viewed. NET assembly, which was cleaned up using de4dot, a popular. The malware that dropped from the exploit was found here and was called xtube.exe. We wrote about the adult site being compromised, redirecting visitors to a landing page for the Neutrino Exploit kit last week on the Malwarebytes Unpacked blog, ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |