Skip navigation.

Undetected Haxdoor


Looks like we got a copy of the new undetected haxdoor. Undetected is relative because some AV's detect it. Its in the database under this MD5 82a365b7a90b47d9cf0f2c9cd63c3ad1

Donald Smith from SANS has some initial analysis of it.


which packer does it use?

Any idea what packer this thing uses? says it's packed with PE_PATCH but I can't find any useful information on it, and haven't been able to successfully unpack it myself.

look at the strings

FSG! shows up in the strings. That indicates to me some kind of modified FSG.