Post

ILOVEYOU

Posted Updated
Preview Image
By 2$0b.|3r0th3rcc 2 min read

Don’t forget to read the notification .-.

I switched to using the Kali O.S so…god

Before starting to revert it, let’s learn about it

ILOVEYOU, sometimes referred to as the Love Bug or Loveletter, was a computer worm that infected over ten million Windows personal computers on and after May 5, 2000. It started spreading as an email message with the subject line ILOVEYOU and the attachment LOVE-LETTER-FOR-YOU.TXT.vbs. At the time, Windows computers often hid the latter file extension (VBS, a type of interpreted file) by default because it is an extension for a file type that Windows knows, leading unwitting users to think it was a normal text file.

The malware was created by Onel de Guzman, a then-24-year-old resident of Manila, Philippines.

Wait… just 24 years old @~@ Whut the fvck?

I was so shocked that I just let it go and got to work

image

What is the text present as part of email when the victim received this malware? (1 points)

image

kindly check the attached LOVELETTER coming from me

What is the domain name that was added as the browser’s homepage? (1 points)

see it a lot

image

http://www.skyinet.net/

The malware replicated itself into 3 locations, what are they? (1 points)

:)))

image

C:\Windows\System32\MSKernel32.vbs, C:\Windows\System32\LOVE-LETTER-FOR-YOU.TXT.vbs, C:\Windows\Win32DLL.vbs

What is the name of the file that looks for the filesystem? (1 points)

image

WinFAT32.exe

Which file extensions, beginning with m, does this virus target? (1 points)

wow, so this is what it’s aiming for

image

mp3, mp2

What is the name of the file generated when the malware identifies any Internet Relay Chat service? (1 points)

Just looking at it, you already know which file it is .-.

image

script.ini

What is the name of the password stealing trojan that is downloaded by the malware? (1 points)

it makes meeeeeee so difficult :)

image

barok

What is the name of the email service that is targeted by the malware? (1 points)

As I understand it, this code works on Registry ( regedit.RegWrite and regedit.Regread)

Run MAPI ( Messaging Application Programming Interface) and refer to ("HKEY_CURRENT_USER\Software\Microsoft\WAB\) but… it’s so outdated compared to now

image

HKEY_CURRENT_USER\Software\Microsoft\WAB\

What is the registry entry responsible for reading the contacts of the logged in email account? (1 points)

yayy, so easy

outlook

What is the value that is stored in the registry to remember that an email was already sent to a user? (1 points)

1

It’s almost noon so I’m going to get some food

goodbye, thank you for reading until now //~//

BTLO, Reverse Engineering
virus Text Editor Regshot Blue Team btlo Reverse ILOVEYOU
This post is licensed under CC BY 4.0 by the author.