In this scenario it would be hard to determine where the data is coming from or to even recognize that these buffers exist. This is because it can be interspersed within a complex set of undocumented structures which would require advanced knowledge and intricate parsing to detect. Originally I was only going to cover data hidden within the file format itself but for the sake of documentation I decided it is worth covering them all.ĭata held within the file format is a special case which I find the most interesting. data hidden within parts of the VB6 file format.data hidden within the actual opcodes of the program.This document is a running tally covering many of the various ways VB6 malware can embed binary data within an executable. This is part one in a series of posts that focus on understanding Visual Basic 6.0 (VB6) code, and the tactics and techniques both malware authors and researchers use around it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |