{
	"id": "4f9670f5-ef7a-4f9a-8b47-131743da5289",
	"created_at": "2026-04-06T00:09:13.936201Z",
	"updated_at": "2026-04-10T03:20:01.012788Z",
	"deleted_at": null,
	"sha1_hash": "c012b69361c1a55af236dfd05070b66ce401c386",
	"title": "A Detailed Analysis of an Advanced Persistent Threat Malware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 11494149,
	"plain_text": "A Detailed Analysis of an Advanced Persistent Threat Malware\r\nBy Created by:Frankie Fu Kay Li\r\nArchived: 2026-04-05 19:25:58 UTC\r\nDownload File\r\nA Detailed Analysis of an Advanced Persistent Threat Malware (PDF, 4.44MB)Published: 14 Oct, 2011\r\nSpear-phishing emails were sent to a political figure at my place of residence. An email together with the attached\r\nsample was provided for forensics analysis. It appears to be an Advanced Persistent Threat type malware. By\r\nperforming behavioral and code analysis in an alternatively way, most of its important functions were identified.\r\nThe aim of this technical paper is to illustrate the detailed procedures of how this malware was dissected.\r\nAdditional resources\r\nRelated courses\r\nSlide 1 of 16\r\nFOR589: Cybercrime Investigations\r\nFOR589Digital Forensics and Incident Response\r\n 5 Days (Instructor-Led)\r\n 30 CPEs / 30 Hours (Self-Paced)\r\nhttps://www.sans.org/white-papers/33814/\r\nPage 1 of 12\n\nLabs: 20 Hands-On Labs\r\nView course detailsRegister\r\nSlide 2 of 16\r\nFOR585: Smartphone Forensic Analysis In-Depth\r\nFOR585Digital Forensics and Incident Response\r\n GIAC Advanced Smartphone Forensics (GASF)\r\n 6 Days (Instructor-Led)\r\n 36 CPEs / 36 Hours (Self-Paced)\r\n Labs: 22 Hands-On Labs\r\nView course detailsRegister\r\nSlide 3 of 16\r\nFOR478: Cyber Threat Intelligence Foundations\r\nFOR478Digital Forensics and Incident Response\r\nhttps://www.sans.org/white-papers/33814/\r\nPage 2 of 12\n\n2 Days (Instructor-Led)\r\n 16 CPEs / 16 Hours\r\n Labs: 8 Hands-On Labs\r\nView course detailsRegister\r\nSlide 4 of 16\r\nFOR608: Enterprise-Class Incident Response \u0026 Threat Hunting\r\nFOR608Digital Forensics and Incident Response\r\nhttps://www.sans.org/white-papers/33814/\r\nPage 3 of 12\n\nGIAC Enterprise Incident Responder (GEIR)\r\n 6 Days (Instructor-Led)\r\n 36 CPEs / 36 Hours (Self-Paced)\r\n Labs: 20 Hands-On Labs\r\nView course detailsRegister\r\nSlide 5 of 16\r\nFOR518: Mac and iOS Forensic Analysis and Incident Response\r\nFOR518Digital Forensics and Incident Response\r\n GIAC iOS and macOS Examiner (GIME)\r\n 6 Days (Instructor-Led)\r\n 36 CPEs / 36 Hours (Self-Paced)\r\n Labs: 23 Hands-On Labs\r\nView course detailsRegister\r\nSlide 6 of 16\r\nFOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics\r\nFOR508Digital Forensics and Incident Response\r\nhttps://www.sans.org/white-papers/33814/\r\nPage 4 of 12\n\nGIAC Certified Forensic Analyst (GCFA)\r\n 6 Days (Instructor-Led)\r\n 36 CPEs / 36 Hours (Self-Paced)\r\n Labs: 35 Hands-On Labs\r\nView course detailsRegister\r\nSlide 7 of 16\r\nFOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques\r\nFOR610Digital Forensics and Incident Response\r\nhttps://www.sans.org/white-papers/33814/\r\nPage 5 of 12\n\nGIAC Reverse Engineering Malware (GREM)\r\n 6 Days (Instructor-Led)\r\n 36 CPEs / 36 Hours (Self-Paced)\r\n Labs: 48 Hands-On Labs\r\nView course detailsRegister\r\nSlide 8 of 16\r\nFOR578: Cyber Threat Intelligence\r\nFOR578Digital Forensics and Incident Response\r\n GIAC Cyber Threat Intelligence (GCTI)\r\n 6 Days (Instructor-Led)\r\n 36 CPEs / 36 Hours (Self-Paced)\r\n Labs: 20 Hands-On Labs\r\nView course detailsRegister\r\nSlide 9 of 16\r\nFOR509: Enterprise Cloud Forensics and Incident Response\r\nhttps://www.sans.org/white-papers/33814/\r\nPage 6 of 12\n\nFOR509Digital Forensics and Incident Response\r\n GIAC Cloud Forensics Responder (GCFR)\r\n 6 Days (Instructor-Led)\r\n 36 CPEs / 36 Hours (Self-Paced)\r\n Labs: 23 Hands-On Labs\r\nView course detailsRegister\r\nSlide 10 of 16\r\nFOR528: Ransomware and Cyber Extortion\r\nFOR528Digital Forensics and Incident Response\r\nhttps://www.sans.org/white-papers/33814/\r\nPage 7 of 12\n\n4 Days (Instructor-Led)\r\n 24 CPEs / 24 Hours (Self-Paced)\r\n Labs: 13 Hands-On Labs\r\nView course detailsRegister\r\nSlide 11 of 16\r\nFOR577: LINUX Incident Response and Threat Hunting\r\nFOR577Digital Forensics and Incident Response\r\n GIAC Linux Incident Responder (GLIR)\r\n 6 Days (Instructor-Led)\r\n 36 CPEs / 36 Hours (Self-Paced)\r\n Labs: 23 Hands-On Labs\r\nView course detailsRegister\r\nSlide 12 of 16\r\nFOR710: Reverse-Engineering Malware: Advanced Code Analysis\r\nFOR710Digital Forensics and Incident Response\r\nhttps://www.sans.org/white-papers/33814/\r\nPage 8 of 12\n\n36 CPEs / 36 Hours (Self-Paced)\r\n Labs: 12 Hands-On Labs\r\nView course detailsRegister\r\nSlide 13 of 16\r\nFOR498: Digital Acquisition and Rapid Triage\r\nFOR498Digital Forensics and Incident Response\r\n GIAC Battlefield Forensics and Acquisition (GBFA)\r\nhttps://www.sans.org/white-papers/33814/\r\nPage 9 of 12\n\n6 Days (Instructor-Led)\r\n 36 CPEs / 36 Hours (Self-Paced)\r\n Labs: 20 Hands-On Labs\r\nView course detailsRegister\r\nSlide 14 of 16\r\nFOR563: Applied AI for Digital Forensics and Incident Response: Leveraging Local Large\r\nLanguage Models\r\nFOR563Digital Forensics and Incident Response, Artificial Intelligence\r\n 1 Day (Instructor-Led)\r\n 6 CPEs / 6 Hours (Self-Paced)\r\n Labs: 4 Hands-On Labs\r\nView course detailsRegister\r\nSlide 15 of 16\r\nFOR500: Windows Forensic Analysis\r\nFOR500Digital Forensics and Incident Response\r\nhttps://www.sans.org/white-papers/33814/\r\nPage 10 of 12\n\nGIAC Certified Forensic Examiner (GCFE)\r\n 6 Days (Instructor-Led)\r\n 36 CPEs / 36 Hours (Self-Paced)\r\n Labs: 22 Hands-On Labs\r\nView course detailsRegister\r\nSlide 16 of 16\r\nFOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response\r\nFOR572Digital Forensics and Incident Response\r\nhttps://www.sans.org/white-papers/33814/\r\nPage 11 of 12\n\nGIAC Network Forensic Analyst (GNFA)\r\n 6 Days (Instructor-Led)\r\n 36 CPEs / 36 Hours (Self-Paced)\r\n Labs: 20 Hands-On Labs\r\nView course detailsRegister\r\nSource: https://www.sans.org/white-papers/33814/\r\nhttps://www.sans.org/white-papers/33814/\r\nPage 12 of 12",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.sans.org/white-papers/33814/"
	],
	"report_names": [
		"33814"
	],
	"threat_actors": [],
	"ts_created_at": 1775434153,
	"ts_updated_at": 1775791201,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c012b69361c1a55af236dfd05070b66ce401c386.pdf",
		"text": "https://archive.orkl.eu/c012b69361c1a55af236dfd05070b66ce401c386.txt",
		"img": "https://archive.orkl.eu/c012b69361c1a55af236dfd05070b66ce401c386.jpg"
	}
}