Search found 89 matches

by STRELiTZIA
Sun Mar 02, 2014 9:59 am
Forum: Malware
Topic: WinNT/Turla (WinNT/Pfinet, Uroburos rootkit)
Replies: 66
Views: 238585

Re: Uroburos rootkit

@CloneRanger
Are you sure to use updated release ?
by STRELiTZIA
Thu Aug 15, 2013 4:30 pm
Forum: Completed Malware Requests
Topic: Virus:Win32/Mammer.A
Replies: 3
Views: 3392

Re: Virus:Win32/Mammer.A

Already asked! but peter ferrie said: he can't share the binary because he don't know me.
by STRELiTZIA
Tue Aug 06, 2013 11:03 am
Forum: Completed Malware Requests
Topic: Virus:Win32/Mammer.A
Replies: 3
Views: 3392

Virus:Win32/Mammer.A

Hello, I'm looking for particular sample of

Virus:Win32/Mammer.A
Described here: hxxp://pferrie.host22.com/papers/mammer.pdf

Thank you.
by STRELiTZIA
Mon Mar 18, 2013 10:01 am
Forum: Tools/Software
Topic: 【2014-06-16】AntiSpy2.2 released
Replies: 53
Views: 110832

Re: AntiSpy 1.0 released

Hello, Both releases works fine for me... driver tab display driver information... Tested under VMware (Windows 7 X86 SP1 updated) I'll test in real machine when I get home... CPU: Dual core. AntiSpy_test.sys 0x93F7B000 0x0003C000 0x95CCCC48 C:\Users\UserX86\Desktop\AntiSpy_test\AntiSpy_test.sys 153...
by STRELiTZIA
Sat Jan 12, 2013 2:55 pm
Forum: Malware
Topic: Trojan SpyEye (alias Pincav)
Replies: 418
Views: 349492

Re: Trojan SpyEye (alias Pincav)

Gate:
hxxp://94.102.63.196/_cp/gate.php;300
Collector:
94.102.63.196:443
Password to unzip config: 6A2BBEA322BD4361121542A3855BA7CB
by STRELiTZIA
Thu Dec 27, 2012 8:53 am
Forum: Malware
Topic: Trojan SpyEye (alias Pincav)
Replies: 418
Views: 349492

Re: Trojan SpyEye (alias Pincav)

hxxp://www.chengdaepe.com/system/gate.php;90 hxxp://members-save.com/components/gate.php;90 hxxp://www.sibylleallgaier.com/wp-content/gate.php;90 hxxp://www.paydaysupermarket.com/wp-content/gate.php;90 hxxp://btmir.ru/admin/gate.php;90 hxxp://www.stoneplus.cn/it/gate.php;90 hxxp://uttraining.com/da...
by STRELiTZIA
Sun Dec 02, 2012 9:20 am
Forum: Malware
Topic: Having trouble with some code
Replies: 9
Views: 9315

Re: Having trouble with some code

Also, take a look on the executables name length on infected machine, all length name equal to 16 can be launched...
e.g: Rename calc.exe to 0123456789ABCDEF.exe then try to launch it.
by STRELiTZIA
Sat Dec 01, 2012 9:45 am
Forum: Malware
Topic: Having trouble with some code
Replies: 9
Views: 9315

Re: Having trouble with some code

Aggressive Fake AV (System progressive protection)
Before infecting the system it checks if c:\mscheck.dbg exists...
Try to create an empty file (c:\mscheck.dbg) and run the malware (wait a few seconds :twisted:)... Tested on VMWare...
by STRELiTZIA
Sat Dec 01, 2012 9:21 am
Forum: Malware
Topic: Having trouble with some code
Replies: 9
Views: 9315

Re: Having trouble with some code

pass is my username
The correct password is in lowercase...

Please use stantard password (malware, infected or virus)
by STRELiTZIA
Fri Nov 16, 2012 9:54 am
Forum: User-Mode Development
Topic: modified executable...
Replies: 4
Views: 5290

Re: modified executable...

Maybe we should move this discussion into public forums?
Ok :D