Sir, I'm Afraid You Have a Virus - Part 2: Target Aquired

After lots of investigation, I believe I have found the trojan. And boy, is it a doozy. I've traced the file to ntoskrnl.exe - It's a windows file, which surprises me. Normally it would be codesigned and verified. This was the second indicator that the authors are competent (The first was it could hide itself when TM was running) It stands out in one regard - the timestamp for regular files for Windows is 11 April, ...

2      2      115

Written by DecomPiler on December 16, 2018



Derived from Wikipedia