One Article Review
| Source |  Fortinet |
|---|---|
| Identifiant | 382287 |
| Date de publication | 2017-07-09 16:00:00 (vue: 2017-07-09 16:00:00) |
| Titre | Petya\'s Master Boot Record Infection |
| Texte | Last week we started our technical analysis on Petya (also called NotPetya) and its so-called “killswitch.†In that blog post we mentioned that Petya looks for a file in the Windows folder that has the same filename (no extension) as itself (for example: C:\Windows\Petya). If it exists, it terminates by calling ExitProcess. If it doesn't exist, it creates a file with the attribute DELETE_ON_CLOSE. This seems to imply that instead of a killswitch, this file is meant to be a marker to check and see if the system has already been infected. After... |
| Notes | |
| Envoyé | Oui |
| Condensat | after already also analysis attribute been blog boot called calling check close creates delete doesn example: exist exists exitprocess extension file filename folder has imply infected infection instead its itself killswitch last looks marker master meant mentioned notpetya petya post record same see seems started system technical terminates week windows †“killswitch |
| Tags | |
| Stories | NotPetya |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.