Darkmegi Windows Rootkit Malware Traffic Sample PCAP file download

Download Attachments

  • 1 pcap bin_darkmegi_2012-04
    Darkmegi Windows Rootkit Malware Traffic Sample PCAP file download
    Date added: September 24, 2016 5:53 am Added by: admin File size: 908 KB Downloads: 118

Darkmegi Windows Rootkit Malware Traffic Sample PCAP file download

Darkmegi “drops its kernel driver to com32.sys in the Drivers directory. This rootkit drops a usermode component, com32.dll, which gets injected into explorer.exe and iexplore.exe. It also hooks the Dispatch table of ntfs.sys [IRP_MJ_CLOSE, IRP_MJ_CREATE, IRP_MJ_DEVICE_CONTROL] and fastfat.sys to prevent applications from reading (or scanning) the com32.dll and com32.sys files”, Schmugar related.

Once Darkmegi has compromised the operating system, attempts to copy or read protected files are rejected.

In addition, the malware pads its files with 25MB of garbage data to appear legitimate, since most malware is under 1MB, the McAfee researcher explained

Leave a Reply