1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Duqu Trojan contains mystery programming language in Payload DLL

By Shawn Knight ยท 40 replies
Mar 9, 2012
Post New Reply
  1. really? ASM part is obvious. the commands used are NOT pure ASM. this is the mystery part.
  2. Jyrkz

    Jyrkz TS Enthusiast Posts: 31   +15

    what i see here are 2 things,

    1. Lot of ppl think there h4xx0rz cause they know its assembler. (im just a PC fan, very little coding is known to me. and i just dont care.
    2. the new code, that shows ppl are still growing and learning ;D
  3. Mudvayne819

    Mudvayne819 TS Enthusiast Posts: 42

    mIRC scripting
  4. Opus

    Opus TS Enthusiast Posts: 49

    That's really awkward looking compilation... As a MSCS I know that it's ASM but haven't seen this kinda weird translation. Truly, complicated but still these are few lines. Full code would make much more sense. It's not any C++ complier that I know of. May be CPP + F# and or LISP, therefore a new framework customized for the coding teams.
  5. Of course it's assembler, retards. The program itself is always 'written' in a code that is readable by a computer. What the guy from Kasperky is trying to say is that the language used to write Duqu (which was then compiled into assembler or whatever) is unknown.
  6. This is indeed a mysteriously looking language, but it definitely has some elements of English in it. I recognize many words - "move", "push", "stop" etc. No wonder Russians don't understand it.
  7. Unknown LOL... it's 100% know. It's obviously assembly. Wow who said it was unknown again... jesus.
  8. I'm sure those are the first few lines of assembly a team at Kaspersky Labs that specializes in code disassembly has ever seen.... You guys for real ?

    TFA indirectly stated that "some segments disassemble into an unknown type of machine code sequence". Who said anything about mass conspiracies and aliens ? I'm pretty sure that wasn't the author's intention and that our minds are just to tense and tend to jump to conclusions too quickly in a world where stupidity knocks at the door all too often.
  9. Do you guys even read the comments before you post? Of course it's in assembly.. that's what language it was reverse-engineered into you dolts.
  10. Reminds me of Forth actually.
  11. Since secret services have so many IT geniuses as employes don't you think one of them could easily create a new programming language for the exact purpose of developing this kind of viruses/trojans ?
  12. From the article, I am understanding that what is in the picture is the compiled version of the code. I guess different programming languages have certain characteristics when compiled, and this assembly code doesn't match any of them.
  13. LOL... the pic shows the trojan binary disassembled. Although clueless, you might accidently be onto something anyway. The code might simply be written by assembly by a disiplined oop programmer.
  14. I originally thought that this was obviously assembled C++, especially with the "call new" (calling C++'s new operator), but when I tested it out on my machine I remembered that C++ uses name mangling, so for example:

    int* num1 = new int(15); // the code I tested

    resulted int:

    call _Znwj ; not "call new" as I originally expected

    Any how, if they made up their own language then why are you trying to figure out what language it was written in? isn't the answer obviously "a new one"?! People write their own languages all the time, I could go write my own right now (though it would suck).

    For clarity, compiled languages such as C and C++ are first compiled into assembly, assembled into machine code, and linked to created an executable. If you think C/C++ are compile into machine code you're retarded.
  15. yeah. dart is similar to javascript. exactly as in lisp + c++
  16. That's not the source code... everyone stop saying its assembly... of course it's assembly, because no one has the source code.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...