Skip navigation.

Conficker Unpacking and Analysis

Lurene Grenier from Sourcefire's Vulnerability Research Team has a good writeup on a technique to unpack the Conficker worm DLL. Thanks for going through the pain of malware analysis Lurene.

"The goal was to take the dll, and make it spit out some dns traffic so we could test our SO rule conficker dns detection engine which was written with a generation algorithm provided through the MAPP program in conjunction with Microsoft. We'd paired it down a good bit, and some information about randomness from other write-ups around the net conflicted with what was provided to us."


thank u very much