Search found 4255 matches

by EP_X0FF
Tue Oct 09, 2018 2:14 pm
Forum: Malware
Topic: Xbash Linux ver
Replies: 3
Views: 286

Re: Xbash Linux ver

All topics moved to Completed Malware Requests automatically locked for further replies. This is by design. Topics now joined and moved to Malware.
by EP_X0FF
Sat Sep 29, 2018 4:12 am
Forum: Reverse Engineering and Debugging
Topic: Malware Unpack request 2
Replies: 1
Views: 308

Re: Malware Unpack request 2

AS80c_8020.exe delphi trash unpacked in attach.
HS17d_231.exe want MS C++ runtime which I don't want to install.
AM9c5_231.exe is crashing during execution, looking further not worth it.
by EP_X0FF
Sun Sep 23, 2018 11:10 am
Forum: Malware
Topic: WinNT/DRToolkrl
Replies: 0
Views: 399

WinNT/DRToolkrl

by EP_X0FF
Mon Sep 03, 2018 1:41 pm
Forum: Tools/Software
Topic: UACMe - Defeating Windows User Account Control
Replies: 136
Views: 380166

Re: UACMe - Defeating Windows User Account Control

UACMe 3.0.0 released This release focuses on reimplementing several parts of program and adding more methods based on autoelevated COM interfaces. These newly discovered undocumented interfaces included as methods: #49 - based on ICreateNewLink, allows privileged copy function via method "CreateNewL...
by EP_X0FF
Sat Sep 01, 2018 7:37 am
Forum: Malware
Topic: Backdoor Andromeda (waahoo, alias Gamarue)
Replies: 129
Views: 171820

Re: Backdoor Andromeda (waahoo, alias Gamarue)

Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda) ~ https://blogs.technet.microsoft.com/mmpc/2017/12/04/microsoft-teams-up-with-law-enforcement-and-other-partners-to-disrupt-gamarue-andromeda/ Mastermind behind sophisticated, massive botnet outs himself ~ htt...
by EP_X0FF
Sat Sep 01, 2018 6:30 am
Forum: Reverse Engineering and Debugging
Topic: MmMapIoSpace on Page Tables (1803/Redstone 4)
Replies: 4
Views: 2522

Re: MmMapIoSpace on Page Tables (1803/Redstone 4)

No way. This behavior is now by _design_. You may try to experiment with something different like MmCopyMemory.
by EP_X0FF
Fri Aug 31, 2018 1:46 pm
Forum: Reverse Engineering and Debugging
Topic: Autoelevated COM objects, list (win7-win10)
Replies: 5
Views: 18982

Re: Autoelevated COM objects, list (win7-win10)

Windows 10 x64, 18219 (19H1) EditionUpgradeHelper Class EditionUpgradeHelper \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{01776DF3-B9AF-4E50-9B1C-56E93116D704} CEIPLuaElevationHelper wercplsupport.dll Customer Experience Improvement Program \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{01D0A625-782D-4777-8...
by EP_X0FF
Fri Aug 31, 2018 1:46 pm
Forum: Reverse Engineering and Debugging
Topic: Autoelevated COM objects, list (win7-win10)
Replies: 5
Views: 18982

Re: Autoelevated COM objects, list (win7-win10)

Windows 10 x64, 17134 (RS4) EditionUpgradeHelper Class EditionUpgradeHelper \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{01776DF3-B9AF-4E50-9B1C-56E93116D704} CEIPLuaElevationHelper wercplsupport.dll Customer Experience Improvement Program \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{01D0A625-782D-4777-8D...
by EP_X0FF
Thu Aug 30, 2018 8:33 am
Forum: Reverse Engineering and Debugging
Topic: MmMapIoSpace on Page Tables (1803/Redstone 4)
Replies: 4
Views: 2522

Re: MmMapIoSpace on Page Tables (1803/Redstone 4)

I noticed that too (its from earlier insider builds of Rs4). This change have broke exploits based on bugged 3rd party drivers allowing access to physical memory (like cpu-z CVE-2017-15303 for example). Apparently this is now by design.
by EP_X0FF
Wed Aug 29, 2018 1:48 pm
Forum: Completed Malware Requests
Topic: Ransomwares Samples
Replies: 1
Views: 997

Re: Ransomwares Samples

Hello,

you have only 1 post on this forum and it is a request. This is not working this way.

http://www.kernelmode.info/forum/viewto ... =20&t=1950

Closed.