Search found 4 matches

by ebfe
Fri May 15, 2015 10:47 am
Forum: Malware
Topic: Win32/Rombertik
Replies: 27
Views: 51087

Re: Win32 Rombertik

These guys are spending its time to analyze packer(or Cryptor) written in Delphi. Unpacked EXE (which only is 25600 Bytes) is wrapped with this delphi packer. The malware is old, I don't know why it is popped out now. And actually there are different versions of packers they used in the past. Here i...
by ebfe
Sat Mar 28, 2015 2:36 pm
Forum: Tools/Software
Topic: UACMe - Defeating Windows User Account Control
Replies: 136
Views: 427581

Re: UACMe - Defeating Windows User Account Control

The wusa.exe method works flawlessly on windows 8/8.1, however I didn't check it on Win10.
by ebfe
Sat Mar 28, 2015 1:21 pm
Forum: Tools/Software
Topic: UACMe - Defeating Windows User Account Control
Replies: 136
Views: 427581

Re: UACMe - Defeating Windows User Account Control

There is another UAC bypass method used in Carberp malware: https://github.com/hzeroo/Carberp/blob/master/source%20-%20absource/pro/all%20source/BJWJ/source/exploit/UAC_bypass.cpp Steps to reproduce: 1. Make .cab archive with your own cryptbase.dll or wdscore.dll and rename it to .MSU 2. Deploy .MSU...
by ebfe
Sat Mar 30, 2013 9:58 pm
Forum: Malware
Topic: Backdoor Andromeda (waahoo, alias Gamarue)
Replies: 129
Views: 191363

Re: Backdoor Andromeda (alias Gamarue)

Hi, I analyzed sample from this post:
http://www.kernelmode.info/forum/viewto ... 497#p18497

And made some blog post about it, if you are interested please read it here: http://www.0xebfe.net/blog/2013/03/30/f ... andromeda/