Fascinating. I found the original source easier to read:
Somehow I find both to be impenetrable. They both seem to talk around things and avoid getting straight to the point. I can’t tell if that’s an AI thing or not.
Like, in the SentinelOne writeup, the Executive Summary doesn’t even contain information on what it does, and neither does the Overview section.
Both are definitely AI-y. In short, it’s a 2005 self-propagating worm that edited a small set of programs on the fly to change a few specific FPU routines in memory.
The patching engine is a minimalist, performance‑optimised, stateful scanning and modification tool. It is configured with a set of 101 rules, each containing pattern matching and replacement logic.
It only patched very specific executables based on a few exact bit patterns. So they only found a handful of matches against some very specific commercial engineering tools.
Without knowing the exact binaries and workloads being patched, we can’t fully resolve what those arrays represent, only that the goal is to tamper with numerical results, not unauthorized access, malware propagation or other common malware objectives.
Oh god thank you, that’s so much clearer.