Possible payload

  • Thread starter Thread starter Robert Green
  • Start date Start date
R

Robert Green

On an NTFS partition I find that the initial 8 sectors of
the MFT and the entirety (8 sectors) of the MFT mirror have
been overwritten by a repeated pattern - FF7FFFF FFFFFFFF.

Seems intentional. Just wondering if anyone knows if that is
characteristic of the payload of any known malware.

Tks,

Bob
 
Robert Green said:
On an NTFS partition I find that the initial 8 sectors of
the MFT and the entirety (8 sectors) of the MFT mirror have
been overwritten by a repeated pattern - FF7FFFF FFFFFFFF.

Seems intentional. Just wondering if anyone knows if that is
characteristic of the payload of any known malware.
Click to expand...

None that I've heard any talk about lately, but then you may
be the early warning system.
 
Back
Top