Interesting Malware - No, I’m Not Kidding

Explore the intricacies of an unusual malware family dubbed "CheshireCat" in this 45-minute conference talk from Hack.lu 2016. Delve into the implementation traits, stealth tactics, and unique functionalities of this long-running malware operation, active since 2002. Examine the retro coding style and functional obfuscation techniques that make CheshireCat stand out. Learn about its support for outdated systems, dial-up connections, and peculiar executable header checks. Discover how this dedicated malware has managed to stay under the radar for over a decade, potentially targeting specialized networks. Follow the presenter's analysis of different implant versions, browser injection methods, keylogging techniques, and file system enumeration. Gain insights into the malware's structure, function arrays, and anti-detection mechanisms. Compare CheshireCat to other malware families and draw conclusions about its significance in the cybersecurity landscape.

Introduction
Implant 2002
Implant 20072011
Binary structure
Browser injection
Keylogging
File System Enumeration
Function arrays
Lewis Carroll quote
Hiding from antivirus
Recap
Sketch
Comparison
Conclusion