Recently published blog posts:
Go to the blog archive and browse all previous blog posts
we have published so far.
Subscribe to the GovCERT.ch blog RSS feed to stay up to
date and get notified about new blog posts.
Recently published whitepapers:
Subscribe to the whitepapers RSS feed to stay up to date
and get notified about new whitepapers.
Report an incident:
The following email address can be considered as point of
contact for FIRST members and other
Alternative GovCERT.ch PGP Key (for older versions of PGP without Curve25519 support)
After reading the a blog post on Malwarebytes describing Fobber, a new variant of Tinba, we wanted to have a look at it ourselves. Fobber uses an interesting and unusual approach to make static analysis harder: we’ll try to explain it and give hints on how to recover the original un-encrypted shellcode. Furthermore we analysed all injection stages used by the malware and described what kind of shellcode run within each injected code.
Published on September 11, 2015 | Filesize: 790 KB | Type: PDF Language: EN | Version: v1.0
Back to top