Recently I stumbled upon the new ZeroAccess dropper.
In the “KernelMode.info” community, on the 3rd January 2016, R136a1 has posted the new sample.
The dropper is quite innovative. I was working on some Crypto stuff, and still have no time to deepen analyse it, but I have realized that Kryptoslogic has been already written an introductive analysis (Great job buddies).
I have realized that this is the time to present here an old analysis paper I have written in the fall of October 2013. This document was not published due to some bureaucratic issues originated from my old company. Now I don’t still have this restrinctions and I can freely present here.
Is an old analysis about the new (for that time) ZeroAccess implementation:
Sirefef 2013 Analysis
The analysis is the integral one, and contains even the comments from the fall of the year 2013.
Hope that you enjoy it.
ps. In the meantime I am even updating the “Resource” page of my blog… 🙂 Stay tuned!