Search found 70 matches

by erikloman
Wed Jun 08, 2016 6:19 am
Forum: Completed Malware Requests
Topic: Angler bypass EMET pcap
Replies: 0
Views: 4371

Angler bypass EMET pcap

Looking for a Pcap of the EMET bypass mentioned in this article:
https://www.fireeye.com/blog/threat-res ... _kite.html
by erikloman
Fri Jun 26, 2015 6:02 pm
Forum: Completed Malware Requests
Topic: Clandestine Wolf exploit CVE-2015-3113
Replies: 2
Views: 3948

Re: Clandestine Wolf exploit CVE-2015-3113

I decrypted the SWF and posted exploit here:
http://pastebin.com/eQ1gBMSt
by erikloman
Wed Jun 24, 2015 7:33 am
Forum: Completed Malware Requests
Topic: Clandestine Wolf exploit CVE-2015-3113
Replies: 2
Views: 3948

Clandestine Wolf exploit CVE-2015-3113

I'm looking for the exploit used in the Clandestine Wolf attack abusing CVE-2015-3113:
https://www.fireeye.com/blog/threat-res ... o-day.html

Thanks!
by erikloman
Wed Feb 04, 2015 12:17 pm
Forum: Completed Malware Requests
Topic: CVE-2015-0313
Replies: 1
Views: 1768

CVE-2015-0313

Looking for this sample:

SHA-256: 703e10bbdc4f8cc7fad1cace6ae5c2e0ddbfc72696914b16ac8894350f12b10c
MD5: 50b86e05ab6d5c8ceb0eb0d2a08fbb6f

Thanks!
by erikloman
Sun Nov 17, 2013 9:31 am
Forum: Malware
Topic: CryptoLocker (Trojan:Win32/Crilock.A)
Replies: 118
Views: 159690

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Hi Erik, on the demo video i see that the ransomware is still running and not suspended on background, did he encrypt stuff during this time ? Sorry for the slow reply; The CryptoLocker process still tries to encrypt the files but is blocked by CryptoGuard's minifilter driver. Keeping the process a...
by erikloman
Tue Nov 05, 2013 4:07 pm
Forum: Malware
Topic: CryptoLocker (Trojan:Win32/Crilock.A)
Replies: 118
Views: 159690

CryptoGuard

We've just released a BETA version of HitmanPro.Alert 2.5 which contains CryptoGuard. Our universal solution against crypto ransomware that works at the file system level. More information, including a demonstration video, can be found here: http://www.hitmanpro.com/alert/cryptoguard
by erikloman
Mon Sep 09, 2013 2:28 pm
Forum: Completed Malware Requests
Topic: Dropper altering ScanWithAntivirus policy key
Replies: 1
Views: 1301

Dropper altering ScanWithAntivirus policy key

Looking for this old dropper:

MD5: 4c4e3760e56fc8cbdd585eb030aefb78
SHA-256 be926e7fc19a8f49d409db42f1413d8283cdc45f520f5c43ddf772fe506e9d52

Some associate this with ZeroAccess.
by erikloman
Thu May 23, 2013 3:37 pm
Forum: Malware
Topic: ZeroAccess (alias MaxPlus, Sirefef)
Replies: 557
Views: 350428

Re: ZeroAccess (alias MaxPlus, Sirefef)

We just released a Beta version of HitmanPro that cleans up the reparse points:
http://www.wilderssecurity.com/showpost ... count=5345
by erikloman
Mon Nov 12, 2012 8:38 pm
Forum: Completed Malware Requests
Topic: Specific Sinowal atapi.sys
Replies: 2
Views: 1645

Re: Specific Sinowal atapi.sys

I got the file from a friend. But the file is not what I expected.

The hash came from TDSSkiller log with Sinowal infection like this one:
http://forum.viry.cz/viewtopic.php?f=13 ... 6#p1138676
by erikloman
Mon Nov 12, 2012 7:10 pm
Forum: Completed Malware Requests
Topic: Specific Sinowal atapi.sys
Replies: 2
Views: 1645

Specific Sinowal atapi.sys

SHA-256: 39f315fb70469d438883c6a4649cfb1c2f9d7f1fa42903412e29653287121626
MD5: 850c544201c26ca8371c7678ebb0d871