Skip to content
/ PoSeidon Public

Reverse engineered some parts of PoSeidon malware

4 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bizdak/PoSeidon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
PoSDecrypt
PoSDecrypt
 
 
PoSDllResolver
PoSDllResolver
 
 
python
python
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
dllhasher.c
dllhasher.c
 
 

Repository files navigation

PoSeidon

Overview

This folder contains a bunch of tools and analysis on POS malware PoSeidon.

Configuration Data

Configuration data is embedded in the malware. This can be seen in PoSDecrypt.

Resolving DLLs

Hashing of function name and dll name has also been reverse-engineered and a python implementation has been provided. The hashing function used is the Jenkins' one_at_a_time function: https://en.wikipedia.org/wiki/Jenkins_hash_function

The fully reverse engineered code is provided in PoSDllResolver.

Lloyd Macrohon jl.macrohon@gmail.com

About

Reverse engineered some parts of PoSeidon malware

Resources

Readme
Activity

Stars

4 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages