What is meant by "section name" in the symantec stuxnet analysis?

0

The blockquote below is found here on page 12

The dropper component of Stuxnet is a wrapper program that contains all of the above components stored inside itself in a section name “stub”. This stub section is integral to the working of Stuxnet. When the threat is executed, the wrapper extracts the .dll file from the stub section, maps it into memory as a module, and calls one of the exports.

I am very new to IT-Security (and I know, that Stuxnet is maybe not the best place to start).
Sorry if this is a rash silly question.

NOTE: I don't have the required 300 reputation to set up own tags, which is why the tag list doesn't make any sense. If someone can edit the tags, I would suggest stuxnet, dropper or dropper-component, and advanced-persistent-threat

Lavair

Posted 2019-06-08T23:12:04.977

Reputation: 103

edited your tags to fit the question. actually has no real relation to malware, except how you got to asking the question. – Frank Thomas – 2019-06-08T23:52:20.773

Answers

0

This really isn't a good place to start, especially if you don't intend to be a programmer.

That said, a compiled program has had its code translated into Machine Code, which can be disassembled into a very low level language usually referred to as Assembly (each CPU platform has its own assembly language, like x86 or ARM). It is largely a stream of CPU-native instructions which can be fed to the processor for execution, but it also stores resources, tracks static variables, and other information the platform needs to execute the program.

People who analyze malcode do not usually have the original source code for the program, so they analyze it either in Assembly, or by Decompiling it to a higher level langauage.

In Assembly, code and resources are organized into Sections (also known as Segments). Common sections include .Data, .BSS, and .Text.

In programming "Stub" is used to describe a partial definition of a construct (method stub), or a program written to load parts of code for testing (Test Stub).

See here for more information about Assembly code and Sections: https://www.tutorialspoint.com/assembly_programming/assembly_basic_syntax.htm

Frank Thomas

Posted 2019-06-08T23:12:04.977

Reputation: 29 039

Asked: 2019-06-08T23:12:04.977

Viewed: 877 times

Active: 2019-06-09T21:00:18.903