Hi All!
Recently I stumbled upon the new ZeroAccess dropper.
In the “KernelMode.info” community, on the 3rd January 2016, R136a1 has posted the new sample.
The dropper is quite innovative. I was working on some Crypto stuff, and still have no time to deepen analyse it, but I have realized that Kryptoslogic has been already written an introductive analysis (Great job buddies).
I have realized that this is the time to present here an old analysis paper I have written in the fall of October 2013. This document was not published due to some bureaucratic issues originated from my old company. Now I don’t still have this restrinctions and I can freely present here.
Is an old analysis about the new (for that time) ZeroAccess implementation:
Sirefef 2013 Analysis
The analysis is the integral one, and contains even the comments from the fall of the year 2013.
Hope that you enjoy it.
Andrea
ps. In the meantime I am even updating the “Resource” page of my blog… 🙂 Stay tuned!