Search found 4225 matches

by EP_X0FF
Fri Jun 22, 2018 9:32 am
Forum: Newbie Questions
Topic: Can i request unpacked malwares?
Replies: 5
Views: 131

Re: Can i request unpacked malwares?

21d20301ed7cefab2acce9afe56dd63db594aeb98c7e596152e2a399835e0c24 Completely deobfuscated in attach. MEMORY.rar It starts, write self-deletion bat file, executes it and crash itself with fake runtime error dialog. Why it doesn't give you anything else is because it is incredible old and everything re...
by EP_X0FF
Fri Jun 22, 2018 3:33 am
Forum: Newbie Questions
Topic: Can i request unpacked malwares?
Replies: 5
Views: 131

Re: Can i request unpacked malwares?

Post your malware you want to unpack in password protected archive. Maybe someone will help you. However if they are protected by commercial software (VMProtect, Themida) etc - nobody want waste their time.
by EP_X0FF
Fri Jun 08, 2018 6:53 pm
Forum: Kernel-Mode Development
Topic: Is possible remove a file protected by a file system filter driver?
Replies: 13
Views: 4705

Re: Is possible remove a file protected by a file system filter driver?

You want me to close all your topics?

One more time -> RTFM.
by EP_X0FF
Fri Jun 01, 2018 5:24 pm
Forum: Newbie Questions
Topic: It is normal when i have unsigned driver loaded in my Kernel?
Replies: 9
Views: 1381

Re: It is normal when i have unsigned driver loaded in my Kernel?

Do you understand that everything (or 99.9%) of what this tool is capable to detect doesn't work on Windows 10 by design and 100% of TDSSKiller detected bootkits doesn't work with GPT? Why this BSOD generator doesn't work in normal mode is a question to the Kaspersky TDSSKiller support not here.
by EP_X0FF
Thu May 31, 2018 4:06 am
Forum: Newbie Questions
Topic: It is normal when i have unsigned driver loaded in my Kernel?
Replies: 9
Views: 1381

Re: It is normal when i have unsigned driver loaded in my Kernel?

You have EFI boot, GPT partition table, x64 Windows 10. I suppose SecureBoot is also present. You don't need Kaspersky BSOD generator at first and at second I suppose to keep it "working" on every new Windows release they need to push it update too.
by EP_X0FF
Wed May 30, 2018 4:13 am
Forum: Newbie Questions
Topic: It is normal when i have unsigned driver loaded in my Kernel?
Replies: 9
Views: 1381

Re: It is normal when i have unsigned driver loaded in my Kernel?

Monitor.sys is a part of Windows OS, it is installed via inf file monitor.inf located in windows\inf folder. This file has no embedded signature and signed via catalog file. Catalog file located in Windows\System32\CatRoot directory. For example for monitor.sys from Windows 2012 R2 catalog file is C...
by EP_X0FF
Sun May 27, 2018 3:29 am
Forum: Newbie Questions
Topic: It is normal when i have unsigned driver loaded in my Kernel?
Replies: 9
Views: 1381

Re: It is normal when i have unsigned driver loaded in my Kernel?

Please show this entry from the log, no telepaths here.
by EP_X0FF
Mon May 21, 2018 9:18 am
Forum: Kernel-Mode Development
Topic: why ExFreePool will blue screen
Replies: 3
Views: 617

Re: why ExFreePool will blue screen

Are you kidding or what?

You allocated 4 byte long buffer and passed it to function giving it size as 36 bytes long.

You don't need to allocate memory for PROCESS_DEVICEMAP_INFORMATION. It is structure with fixed size.
by EP_X0FF
Sat May 05, 2018 5:03 am
Forum: Newbie Questions
Topic: Dont know what this exe does
Replies: 1
Views: 810

Re: Dont know what this exe does

It is trojan downloader. Obfuscated strings from inside. "Software\\Microsoft" "\\Windows\\Currentversion\\Run" "Taskhst" "Environment" "Cq" "cmd /c start %Cq% " "&& exit" "ntuser" "toolsd.exe" "aday.primeservices.mobi" "/IXR/goprim.php" "Connection: keep-alive" "Content-type: application/x-www-form...