Fobber Analysis

After reading the a blog post on Malwarebytes describing Fobber, a new variant of Tinba, we wanted to have a look at it ourselves. Fobber uses an interesting and unusual approach to make static analysis harder: we'll try to explain it and give hints on how to recover the original un-encrypted shellcode. Furthermore we analysed all injection stages used by the malware and described what kind of shellcode run within each injected code.

Fobber Analysis

Published on 2015-09-11 | Filesize: 790 KB | Type: PDF
Language: - EN | Version: v1.0

Back to top