Reply to post: Re: Timezone?

Chinese Coathanger malware hung out to dry by Dutch defense department

Clausewitz4.0 Bronze badge

Re: Timezone?

"How the hell do they determine what timezone something is compiled in?"

Basically, INFERENCE analyzing the PE-EXE header and multiple artifacts. Time of access to C2/servers may also play a hole.

"They probably don't want to disclose how they do that, otherwise the attackers will alter it."

It's already widely know. But not-so-advanced fellas keep doing it anyway. Advanced ones change the PE-EXE signatures, .DOC default language pointing to the Chinese, when in reality they are USA / UK / Israeli wrongdoers.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon