(extracted from main diary)
- SHA256 : 878d5137e0c9a072c83c596b4e80f2aa52a8580ef214e5ba0d59daa5036a92f8
- Probably the scariest trojan of the current days. Let's explore it. I using ghidra again.
- According to ghidra, the only import is
KERNEL32.DLL::WTSGetActiveConsoleSessionId
- I wonder what it can possibly be with so little and i'll have to find out.
- The obvious step for now is to find out how it load other functions to be able to do anything.