The worm that spreads WanaCrypt0r

[Real Troll]

The snippet code is here:

<https://blog.malwarebytes.com/threat-analysis/2017/05/the-worm-that-spreads-wanacrypt0r/>

Use your brains to get it work for you in your test labs.

No Jesus needed here.

[Chris M. Thomasson]

Thank you for posting this.

[Chris M. Thomasson]

The one point that has me thinking is the missing leading underscore to
the _beginthreadex function:

https://msdn.microsoft.com/en-us/library/kdzttdcb.aspx

It should not link? Weird. Also, that function is used to create threads
along with an initialization of the CRT for said thread. So, the virus is C.

Creating code on Windows that does not use the CRT can make use of
CreateThread. Strange that a virus is not written in assembly language.

[Rick C. Hodgin]

Real Troll wrote:
> No Jesus needed here.

This belief will seem to work well until you leave this world and are summoned
by name to give an account of your life and it's realized your sin is still with
you, God is real, judgment for sin is real, and Hellfire is real.

It's why God warns you in advance ... to give you space and time to repent,
and to come to Jesus asking forgiveness.

You must do this today, because none of us are promised tomorrow.

Thank you,
Rick C. Hodgin

[Cholo Lennon]

On 15/05/17 02:18, Chris M. Thomasson wrote:
> Strange that a virus is not written in assembly language.

Well, nowadays it's very unusual for a virus/malware to be written in
assembler, it has no sense (IMO)


--
Cholo Lennon
Bs.As.
ARG

[Chris M. Thomasson]

On 5/15/2017 6:33 AM, Cholo Lennon wrote:
> On 15/05/17 02:18, Chris M. Thomasson wrote:
>> Strange that a virus is not written in assembly language.
>
> Well, nowadays it's very unusual for a virus/malware to be written in
> assembler, it has no sense (IMO)

Okay. I have not been keeping up.