Search This Blog

Powered by Blogger.

Blog Archive

Labels

Duqu Framework written in an unknown Programming language..?!


Kaspersky facing difficulty in identifying the programming language of Duqu Framework. Today, Researcher Igor Soumenkov shared their findings about the Duqu in Kaspersky lab post.

"At first glance, the Payload DLL looks like a regular Windows PE DLL file compiled with Microsoft Visual Studio 2008 (linker version 9.0). The entry point code is absolutely standard, and there is one function exported by ordinal number 1 that also looks like MSVC++. " Researcher wrote in the post.

"This function is called from the PNF DLL and it is actually the “main” function that implements all the logics of contacting C&C servers, receiving additional payload modules and executing them. The most interesting is how this logic was programmed and what tools were used."

After analyzing the Duqu, researcher come to come to conclusion that Duqu Framework have been written in an unknown programming language. The mysterious programming language is definitively NOT C++, Objective C, Java, Python, Ada, Lua and many other languages they have checked.

Compared to Stuxnet (entirely written in MSVC++), this is one of the defining particularities of the Duqu framework.

Kaspersky request programmers to recognize the framework , toolkit or the programming language that can generate similar code constructions.  If anyone find the answer contact them via this email stopduqu@kaspersky.com or post a comment in their official blog.

You can read the full report about the Duqu here.
Share it:

Kaspersky

Miscellaneous