Search found 4288 matches

by EP_X0FF
Fri Jan 18, 2019 6:11 am
Forum: Tools/Software
Topic: Making ReactOS Great Again*, Part 1
Replies: 8
Views: 6580

Re: Making ReactOS Great Again*, Part 1

There was a paid audit of all your code made in 2015. Results were really terrifying. Really? I'm very curious about this. Who did this paid audit in 2015? Can you provide a link to where I can see more about this paid audit of ReactOS code? What else do you need? GPS coordinates of some rare pokem...
by EP_X0FF
Wed Jan 16, 2019 4:10 pm
Forum: Tools/Software
Topic: Making ReactOS Great Again*, Part 1
Replies: 8
Views: 6580

Re: Making ReactOS Great Again*, Part 1

Hello, At first, the previous fanboy post have been disapproved. Project that is in alpha state 20 years is a dead project. So don't waste your time posting this again. I usually don't repeat things twice or more. At second, the fairy tales about "clean rooms", "super-developers", "great contributor...
by EP_X0FF
Mon Jan 14, 2019 1:29 pm
Forum: User-Mode Development
Topic: [C] File Version check & Update
Replies: 1
Views: 155

Re: [C] File Version check & Update

What is the point in this thread?

https://github.com/hifi-unmaintained/cn ... c/update.c

By the way this code is one big resource leak.
by EP_X0FF
Sat Jan 12, 2019 7:24 am
Forum: Completed Malware Requests
Topic: Looking for itkvar.sys
Replies: 1
Views: 121

Re: Looking for itkvar.sys

In attach, no pw.
by EP_X0FF
Fri Jan 11, 2019 4:40 pm
Forum: Malware
Topic: Win32/CoinMiner (Valhalla)
Replies: 3
Views: 272

Re: Win32/CoinMiner (Valhalla)

With help of own designed physical memory analysis tool. All these obfuscators produce original data/code in the runtime, otherwise nothing will work.
by EP_X0FF
Fri Jan 11, 2019 1:04 pm
Forum: Malware
Topic: Win32/CoinMiner (Valhalla)
Replies: 3
Views: 272

Re: Help! Unknown malware.

At first this is trojan muldrop. It contain resource dll with C# source code that is modified by dropper and then compiled with csc.exe in runtime. Additionally it creates multiple embedded directories with pseudo-random names to store it files. The source dll has 2 templates: using System; using Sy...
by EP_X0FF
Wed Jan 09, 2019 11:06 am
Forum: Malware
Topic: Malware collection
Replies: 9
Views: 488533

Re: Malware collection

Most of posts moved to dedicated malware family topics.

False positives/offtopic removed.

Some posts cannot be moved because they contain packs of different malware.

Thread bump.
by EP_X0FF
Wed Jan 09, 2019 10:27 am
Forum: Malware
Topic: Joke/EasyPort
Replies: 1
Views: 165

Re: Malware collection

SHA256: 95c262880e271de8e0e765c39c431b6d62e4d2db80f8a8dd0442d8a30ad074f4 Dateiname: EasyPort.exe https://virustotal.com/de/file/95c262880e271de8e0e765c39c431b6d62e4d2db80f8a8dd0442d8a30ad074f4/analysis/1485639002/ RAR SFX with the following bat file inside. Joke. @echo off title EasyPort v5.4.0.0 c...
by EP_X0FF
Wed Jan 09, 2019 9:38 am
Forum: Malware
Topic: Win32/CoinMiner (Dokinzakbar)
Replies: 1
Views: 156

Re: Malware collection

Please make selection ...2017 https://www.virustotal.com/en/file/ca2ef50363e017ec860ddf7b123fea9851d717cd06b7294098e32de6d6e6af90/analysis/1483276621/ Trojan muldrop with coin miner as payload. SFX archive, next actual malware dropper -> extracts files to %UserProfile%\Public. Main malware inside p...
by EP_X0FF
Wed Jan 09, 2019 8:20 am
Forum: Malware
Topic: WinNT/BlackEnergy
Replies: 38
Views: 54323

Re: Malware collection

Remains of BlackEnergy with Kaspersky fanboy inside. Posts moved.