comment on

I work in security and have found pp par packed files that drop bitcoin and monero miners as well as a remote access trojan. The user created perl script is extractable and benign and the malicious code appears to resided somewhere outside of the user script, although I've not identified specifically where yet. The source is most likely the packer, so recommendation is to check the source of your packer as there may be malicious versions in the wild that insert malicious code into your compiled perl executables. Note, the code is highly resistant to sanbox analysis and carries out a good deal of VM enumeration so YMMV in getting it to run and do malicious things outside of bare metal execution.

In reply to Re^4: PAR::Packer generated EXE that was detected as a trojan... by jekyl
in thread PAR::Packer generated EXE that was detected as a trojan... by vitoco

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.