There was a time when knowing GUIDs of adware\/spyware you could instantly attribute a sample to a known rogue company or group. Of course, these days are long gone, but what’s left behind is knowledge which GUIDs map to what…<\/p>\n\n\n\n
GUIDs are all over the place – there are CLSIDs, UUIDs, they can refer to classes, interfaces, object properties, known folder IDs, even old ActiveX controls and IE toolbars, and new ones keep coming in ! So how do we know which ones are important?<\/p>\n\n\n\n
My recipe was to always collect as many of these as possible!<\/p>\n\n\n\n
This is a small excerpt<\/a> from some quick regex-fu over HijackThis Logs. And here<\/a> is a list of GUIDs I have built over the years.<\/p>\n","protected":false},"excerpt":{"rendered":" There was a time when knowing GUIDs of adware\/spyware you could instantly attribute a sample to a known rogue company or group. Of course, these days are long gone, but what’s left behind is knowledge which GUIDs map to what… … Continue reading