Search found 365 matches

by thisisu
Sun Jun 22, 2014 12:53 am
Forum: Malware
Topic: Themida? Need help
Replies: 1
Views: 1664

Re: Themida? Need help

Sorry, it must be related to Dofoil.
by thisisu
Sat Jun 21, 2014 9:39 pm
Forum: Malware
Topic: WinNT/Wowliks (Alureon)
Replies: 8
Views: 6697

Re: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)

wow.dll MD5 7d0463045f947477919491d2a0d025d8 SHA1 a34041f7a80bd165943673e887197807753be784 SHA256 a00d64fa5ff2a92f5d58cf06b0c0df67014c7ed19a1b34ec8c509fdda6e4f3da https://www.virustotal.com/en/file/a00d64fa5ff2a92f5d58cf06b0c0df67014c7ed19a1b34ec8c509fdda6e4f3da/analysis/1403386063/ wow.ini [main] s...
by thisisu
Sat Jun 21, 2014 9:11 pm
Forum: Malware
Topic: Themida? Need help
Replies: 1
Views: 1664

Themida? Need help

Need help identifying this one. Thanks friends MD5 aa397e188a68f7ba950d6b44c82888d4 SHA1 5e25690e639813ce66412644742c2ce5d185d186 SHA256 05e22beed355a21f200faf58c3513bdafd5f5cbcc445740ac64fa7d47b19a383 jpiexpl32.dll -- https://www.virustotal.com/en/file/05e22beed355a21f200faf58c3513bdafd5f5cbcc44574...
by thisisu
Sat Jun 21, 2014 8:37 pm
Forum: Malware
Topic: Win32/Dofoil
Replies: 7
Views: 5912

Re: Win32/Dofoil

Win32/Dofoil.T MD5 8176a3ec0aec664fb4170fdf9c9ee261 SHA1 034cee51257195b9b29e68d5ec714671de9ccc0d SHA256 3d773d150fa014625c9c8718068d91b6a32b05431601754808e91ec1932512a8 https://www.virustotal.com/en/file/3d773d150fa014625c9c8718068d91b6a32b05431601754808e91ec1932512a8/analysis/ HKU\Owner\...\Polici...
by thisisu
Thu Jun 12, 2014 2:29 am
Forum: Malware
Topic: Win32/Reveton
Replies: 149
Views: 142570

Re: Win32/Reveton

bitstechs wrote:Did you happen to save any of the samples from the programdata folder? I'd like to grab those if you have them.
No, but I'll save them next time.

Btw, was anyone able to find out what EntryPoint was of that .dll file?
by thisisu
Sat Jun 07, 2014 10:16 pm
Forum: Malware
Topic: Win32/Reveton
Replies: 149
Views: 142570

Re: Win32/Reveton

ICE Cyber Crime Center with low detection (4/51). Fresh from a customer's computer. MD5 5651aa11bf10475e23c049f3c61f6dd1 SHA1 4e1f5b15668dcc25434d469d2d308f1b2fc95358 SHA256 bc495ccdb5013fe9cdfbf8c14979d40e7f17d0e07e17728b9891f4bfa9ab01c4 https://www.virustotal.com/en/file/bc495ccdb5013fe9cdfbf8c149...
by thisisu
Tue Jun 03, 2014 5:50 am
Forum: Malware
Topic: Necurs - another x64 rootkit
Replies: 70
Views: 75749

Re: Necurs - another x64 rootkit

Credits to Malekal_morte for providing dropper on his website. .sys + .exe/dropper attached syshost.exe -- dabea808bb91f02e158cdbcbf3e8a790 -- https://www.virustotal.com/en/file/2b64536b04f8773d80aaef36fc7943058bda76372c5eb3516b0107f2937ccb9e/analysis/1401773988/ 79051d41d365f350.sys -- ca82853fd71d...
by thisisu
Mon Apr 28, 2014 2:07 am
Forum: Malware
Topic: ZeroAccess (alias MaxPlus, Sirefef)
Replies: 557
Views: 370198

Re: ZeroAccess (alias MaxPlus, Sirefef)

AronPX wrote:Does anyone have new sample of za?
Have a PC now with ZA that contains *etadpug service. Is that still newest variant?
by thisisu
Sun Apr 20, 2014 12:11 am
Forum: Malware
Topic: Rogue Antimalware (FakeAV, 2014 year)
Replies: 58
Views: 52424

Re: Rogue Antimalware (FakeAV, 2014 year)

Cool :)
Another Windows Internet Guard credits to BornSlippy @ MBAM
pass: infected
https://www.virustotal.com/en/file/fe29 ... /analysis/