Quote:
Originally Posted by vman
|
it's not ideology, it's proof.
I'm not speaking of the things they found.
I'm speaking of the decoded rules, definitions, strings.. call it what you want.
IOBit strings.db database matches with MBAM. offset, data and strings.
This could happen once, but not like this, when you have the same definitions for
hundred following same rules.
Whatch the pic:
http://img62.imageshack.us/img62/3559/iobit.png
I highlighted the 11-1 definition for a generic Malware.Packer. Offset 0, followed by data. There are thousands of this in both database.