Offset

Member
  • Content Count

    1
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Offset

  • Rank
    New Member

Profile Information

  • Gender
    Male
  • Location
    United Kingdom
  • Interests
    Malware analysis, reverse engineering, sandbox development
  1. I agree with Elise, the capabilities your describing of this malware seem not only highly unlikely but are in actual fact impossible. Referring to "virtual machines", I assume you are referring to a piece of malware acting as a hypervisor in the style of something like Blue Pill? Again this kind of rootkit technology is hardware dependent as is any kind of BIOS infection (MBR infection is a different matter however, this could be what you're referring to). It is possible for a piece of malware to restore itself using chkdsk by marking the part of the file system it resides on as damaged/recoverable and indeed this technique has been used in DOS viruses before (from memory I can't think of any Windows viruses using this method). Finally Elise has already said pretty much everything about cross-compilation, it would be completely illogical for a malware writer to produce such a carefully designed and sophisticated malware only to include this nonsense feature which would serve no practical purpose. If you genuinely have discovered this malware and analysed it's capabilities in such detail then you should also be skilled enough to obtain some dumps from it and send us some samples of the code for analysis. Regards, Jeff Saile Independent Malware Analyst