Skip navigation.
Home

alnscrs's blog

Finding the TDSS authors and affiliates ---- An Analysis

Although it is a mystery who created TDSS, there are some interesting strings in some of TDSS'es files.

Lets start with this one.

If we open the file in notepad, we see this somewhere:

Comments Thanks to Edin Kadribasic, Marcus Boerger, Johannes Schlueter

FileVersion 5.2.11.11 0
InternalName php.exe |$ LegalCopyright Copyright 1997 - 2007 The PHP Group 0 LegalTrademarks PHP 8 OriginalFilename php.exe PrivateBuild 8 ProductName PHP php.exe 2 ProductVersion 5.2.11 SpecialBuild URL http://www.php.net D VarFileInfo $ Translation Z y D @ M u . ? / $ !

Syndicate content