From Collaborative RCE Knowledge Library

Jump to: navigation, search

Conficker C P2P Protocol and Implementation

Item name: Conficker C P2P Protocol and Implementation
Rating: 0.0 (0 votes)
Author: Phillip Porras, Hassen Saidi and Vinod Yegneswaran                        
Home URL: http://mtc.sri.com/
Last updated: September 21, 2009
Version (if appl.):
Direct D/L link: http://mtc.sri.com/Conficker/P2P/index.html
Description: This report presents a reverse engineering of the obfuscated binary code image of the Conficker C peer-to-peer (P2P) service. It implements the functions necessary to bootstrap an infected host into the Conficker P2P network through scan-based peer discovery, and allows peers to share and spawn new binary logic directly into the currently running Conficker C process. Conficker's P2P logic and implementation are dissected and presented in source code form. The report documents its thread architecture, presents the P2P message structure and exchange protocol, and describes the major functional elements of this module.

MD5 of the sample analyzed: 5e279ef7fcb58f841199e0ff55cdea8b
Related URLs:
Conficker C Analysis (old entry):
http://mtc.sri.com/Conficker/addendumC/


RSS feed Feed containing all updates for this item.

You are welcome to add your own useful notes about this tool, for others to see!



If you find that any information for the item above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)


Views
Category Navigation Tree
   Tools