The Christian Bale Trojan – Further details

Some have speculated as to the exact cryptor or packer used in the get_flash_update.exe (false codec) found in a number of different spam campaigns – the latest being used with subject lines concerning the latest Batman movie starring Christian Bale. After running several PE signature scans against the executable it doesn’t appear to be packed or protected with anything that is commercially available, rather it appears to be using something else (possibly PCX graphics format);

Furthermore, all of the get_flash_update.exe binaries from different URLs share a common PE signature.

Advertisements

2 Responses to The Christian Bale Trojan – Further details

  1. TQN says:

    Can you share or intro the “Signature Explorer II”. I make a find with Google and have no results.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: