A Look at a Bank WormApril 23, 2008 – 8:20 PM
Malware authors will often have their files display something to the user so that they actually believe the file is legitimate. Many of us have experienced such tricks, including fake errors stating that a specific file could not be found or that the application failed to load properly. Today we will look at one of these seemingly innocent files and find that its doing much more than just showing you an “interesting” video.
Part I – The Initial Executable
The executable was packed with tElock, which is a free compressor/protector made by TMG. After unpacking it, we found that the malware was coded in Visual Basic and hence would allow us to use a decompiler such as VB Decompiler by GPcH Soft.