Présentation et tests de malwares avec RogueKiller -- Tests on malwares with RogueKiller
did you submit the file to VT for a try ?http://siri-urz.blogspot.nl/2010/03/antivirus-and-fp.html
hi S!ri!Clean (1/42)! https://www.virustotal.com/file/7861be9df2ce869c5d4701a05766c4faf05239459619019b1b58766872d6e47a/analysis/What is make your file suspicious is ExitProcess, which can be used in a shell code to kill process with injection. Here only a XOR EAX,EAX and RET
FYI, the OpenRCE PDF got updated since @ http://blog.dkbza.org/2012/08/pe-file-format-graphs.html
You can still go smaller..http://www.phreedom.org/research/tinype/
this doesn't work anymore since Windows Vista. extra padding is required.
Yeah I was aware of this. But I didn't want to play with ASM :)VS to dig deeep as possible, then some cleanup by hand (and with WinHex and LordPE)What is not working anymore since Vista? Mine or with tinyPE? (Didn't try yet on Vista+)
sotirov's tinyPE (92 bytes) wouldn't work after XP, it would require some padding, otherwise the truncated OptionalHeader would fail to be parsed, failing loading.