 |
|
 |
|
|
|
The materials shown on this page are copyright protected by
their authors and/or respective institutions. |
|
|
|
|
Bagle Worm 3D Visualization |
|
Author(s):
Ero Carrera, Gergely Erdelyi |
Institution:
F-Secure Corporation |
Year:
2005 |
URL:
http://tinyurl.com/93qay |
Project Description:
Windows binary malware has come a long way. Today's average worm is often tens or hundreds of kilobytes of code exhibiting a level of complexity that surpasses even some operating systems. This degree of complexity, coupled with the overwhelming flow of new malware, calls for improvements to tools and techniques used in analysis.
F-Secure produced this rich 3D animation that visualizes the structure and execution of the W32/Bagle.AG@mm worm. The boxes in the picture are functions of the worm. The one on the top is the 'main' where the execution starts. The first ring contains all the functions that 'main' calls. The second all the functions that the ones on the first ones call and so on. All connecting lines represent the calls from one function to the other. Red boxes belong to the virus code while the blue ones are API calls library code that do not belong to the malicious code. The animation was created using IDA Pro, IDAPython, Blender and other custom scripts.
For a direct link to the animation (quicktime required), click here.
|
|
|
|
|
|
|
|
|
Comments (0):
|
|
|
|
|
| *Note* Before you submit your comment, bear in mind there's no guarantee it will be seen by this project's author. In case you want to contact the author directly, please follow the provided URL. |
| Leave a Comment: |
|
|
|
* COMMENTS HAVE BEEN TEMPORARILY DISABLED *
(We're looking for the best solution to avoid unwanted SPAM)
|
|
