[转载]Anatomy of a Malware

文章作者：Nicolas Falliere
信息来源：邪恶八进制信息安全团队（www.eviloctal.com）

Introduction
This tutorial should help people understand how a simple piece of malware works. I might
eventually go on with a series of papers that should help beginners in reverse engineering to
cope with malicious programs.
This first paper is about a password stealer. To start with something simple, it's a dropper
program written in C, packed with FSG. The code is quite clear and understandable. Many
common techniques used by malware in general are used in this very program, which makes
it an even more educative piece of malware to look at. For educational purposes, most of the
analysis will consist of a white box approach - in our case, meaning stepping through the
program and analyzing it with a disassembler.
Characteristics of the file:
- MD5 hash: fceea9d062a5f55ef4c7be8df5abd127
- Size: 6961 bytes
- Type: 32-bit Windows Portable Executable (PE)
- Packed: yes
- High level language: C, very likely
Reader's requirements:
- Intel x86 assembly
- Windows API, MSDN nearby