Threat Research

FireEye posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. These blog posts cover everything from exploits and vulnerabilities, to advanced malware and targeted attacks.

Entries filed under 'Windows Internals'

Aug
25

Musings on download_exec.rb

This is not anything new and exciting<a href="/content/fireeye-www/en_US/blog/threat-research/2010/08/download_exec_notes.html#Footnote1">¹</a>, and should hopefully be familiar to some of you reading this. Some time ago I reversed the shellcode from <a href="https://www.metasploit.com/redmine/projects/framework/repository/revisions/7550/entry/modules/payloads/singles/windows/download_exec.rb">Metasploit's download_exec module</a>. It's a bit different from the rest of the stuff in MSF, because there's no source code with it, and it lacks certain features that the other shellcode[s] have (like being able to set the exit function).

Enterprise Security

Enterprise Security

Managed Security

Threat Intelligence Portfolio

FireEye Expertise

Security For:

Breach Response

Security Assessment

Security Enhancement

Security Transformation

FireEye Partners

Partner Resources

Partnering with FireEye

Get Support

Find Answers

Documentation

Intelligence Briefing and Bulletins

Cyber Security

FireEye Blogs

Free Tools & Apps

Training

About Us

Customers

Careers

News and Events

Contact

Threat Research

Entries filed under 'Windows Internals'

Musings on download_exec.rb