Skip navigation.
Home

bmenrigh's blog

Owning a GINA Hook

I recently took a break from poking at Storm to do real work on some custom malware recovered in a compromise here.

This analysis is of a MS GINA hook that encrypts its log file with RC4. I'm light on mechanical details of the reversing and instead have focused on screenshots, an overview of the investigation, and some perl code to do the decrypting.

You can get the analysis here:
Owning a GINA Hook

You can get the malware here:
25addfa74f1d414d8ed4803251c839cc

Syndicate content