NGRBot Analysis – Term project gone wrong

Hey all,

So for my term project in my reverse engineering class, I chose to analyze a variant of NGRBot. Its SHA256 hash is ’67f377dda34ec312c44f200bbe55c35e49d4711ef202e849c608453344627ca8′. So how did it go wrong? Well I was supposed to analyze this piece of malware for 3 months. Due to procrastination and not being about to manage priorities properly, I got no where with it. Some things I did observe that it did was modify file times, check if it is being ran in a debugger, and that’s about it. Like I said, not much was done on my part. I do plan to go back and do it. Because after looking at the disassembly, it’s got me curious. Hopefully in the next coming months I can give a more successful report. Right now, I’m analyzing the malware that took over Sony that “North Korea had nothing to do with”. Hope to get back to you on that too.

-Khaotic