0
0
I am completely new to Windows. Currently I'm working on Windows malware analysis and I'm trying to cross-reference some facts to be as accurate as possible in my report.
My problem is that I have been trying for the past couple of hours to find some sort of release-notes or version info that would tell me when a Microsoft Linker version was released.
Apparently, there's not much information about link.exe as much as there is about Visual Studio, so I assume their versions are correlated somehow.
Can someone verify this or explain how I should go about understanding the linker version? The closest I came to undestanding this was this github issue page.
Even more specifically, I'm trying to figure out when Microsft Linker (9.0)[EXE32] was released.
Soutzikevich
Posted 2019-12-27T11:10:09.533
Reputation: 113
The properties of the executable should give you an idea when the file was last changed/modified by Microsoft. To answer your question, MSVC 9.0, was released with Visual Studio 2003. As I am unable to specifically answer the first part of your question, I have chosen not to submit an incomplete answer, I would imagine the MSVC linker would but version information in the header portion of the executable. You can determine the version of the MSVC required by what version of the VC++ redistributable is required for the malware to run. – Ramhound – 2019-12-27T11:37:48.587
@Ramhound Thank you for your comment. Correct me if I misunderstand this, but from what I understand, the Microsoft Linker is part of the MSVC compiler. I have found this wiki that says MSVC 9.0 was released in 2008. What I am dealing with, is a highly obfuscated application and the PE header has unreliable information. I'm trying to argue that the compiler timestamp (August 2001) was faked, because Microsoft Linker (9.0) was used, as detected by the "Detect It Easy" (DIE) packer identifier.
– Soutzikevich – 2019-12-27T18:51:50.447I don’t know; I found evidence that 9.0 was linked to VS2003 (don’t have a link handy). I can’t determine if the header has been faked or not – Ramhound – 2019-12-27T22:12:22.813
@Ramhound Thanks anyway! :) – Soutzikevich – 2019-12-28T09:39:26.420