Video Screencast Help
Security Response

The World's Smallest Downloader

Created: 18 Dec 2006 08:00:00 GMT • Updated: 23 Jan 2014 18:54:26 GMT
Peter Ferrie's picture
0 0 Votes
Login to vote

SecuriTeam recently ran a Code Cruncher competition. The idea was to create the smallest possible Windows executable file that could download an arbitrary file from the Code Cruncher site.

While the final results are not in yet, one entry at 210 bytes (including the length of the URL) looks set to be the winner. Why? Because it executes entirely from within the PE header. That's right - there is no code outside of the file header, only strings, such as the URL. Even more amazing, those strings are encrypted. The decryptor fits into the PE header, along with the downloader code.

Here's a sanitized version of it (the relevant code and URL have been replaced):

Malware that can travel in one network packet, even smaller than CodeRed. That's the bad news. The good news? Such things are trivial to analyze, and even more trivial to detect. We'll take care of it - you just have to keep your protection up to date.