Search found 48 matches

by Grinler
Tue Feb 23, 2016 1:12 pm
Forum: Malware
Topic: Win32/Critroni (CTB-Locker)
Replies: 35
Views: 64496

Re: Win32/Critroni (CTB-Locker)

Nice! Was looking for this. Any clues how they got into the server you got that off of?
by Grinler
Wed Jan 27, 2016 11:02 pm
Forum: Malware
Topic: Ransom.Radamant
Replies: 10
Views: 15391

Re: Ransom.Radamant

Does thing even install properly? Keep crapping out on me.
by Grinler
Tue Dec 01, 2015 2:23 pm
Forum: Malware
Topic: TeslaCrypt ransomware
Replies: 58
Views: 86370

Re: TeslaCrypt ransomware

Here you go.
by Grinler
Wed Nov 25, 2015 11:09 pm
Forum: Malware
Topic: Cryptowall (alias Crowti)
Replies: 29
Views: 64026

Re: Cryptowall (alias Crowti)

CryptoWall being distributed using a NSIS installer. As explained by Brad Duncan in his ISC handler's diary , cryptowall now being distributed via exploit kits. Payload is a NSIS installer. Installer contained the files MuskegCommuneKinesthesia, and suppress.navigation.xml, and skiplanes.dll. Sample...
by Grinler
Wed Nov 04, 2015 3:32 pm
Forum: Malware
Topic: Cryptowall (alias Crowti)
Replies: 29
Views: 64026

Re: TeslaCrypt ransomware

Thanks.. was just about to post this. We need to get it moved over to this topic though:

http://www.kernelmode.info/forum/viewto ... all#p22859
by Grinler
Wed Sep 16, 2015 7:58 pm
Forum: Malware
Topic: Rogue Antimalware (FakeAV, 2015 year)
Replies: 12
Views: 22431

Re: Rogue Antimalware (FakeAV, 2015 year)

Thanks as always for the info!
by Grinler
Wed Sep 16, 2015 6:32 pm
Forum: Malware
Topic: Rogue Antimalware (FakeAV, 2015 year)
Replies: 12
Views: 22431

Re: Rogue Antimalware (FakeAV, 2015 year)

Thanks Xylitol. This is a new campaign?

If so they stopped being creative as this was released previously:

http://www.bleepstatic.com/swr-guides/s ... screen.jpg
by Grinler
Mon May 11, 2015 5:47 pm
Forum: Malware
Topic: TeslaCrypt ransomware
Replies: 58
Views: 86370

Re: TeslaCrypt ransomware

Latest teslacrypt. Appends EXX extension and no longer has a name associated with it.

Key.dat renamed to storage.bin.
by Grinler
Wed Apr 22, 2015 11:19 pm
Forum: Malware
Topic: Rogue Antimalware (FakeAV, 2015 year)
Replies: 12
Views: 22431

Re: Rogue Antimalware (FakeAV, 2015 year)

@Blaze Such a hello from the past :) http://www.kernelmode.info/forum/viewtopic.php?p=4712#p4712 Here is the list of rogues in this family: http://www.bleepingcomputer.com/virus-removal/malware-family/rogue-winpcdefender/ Yup, last one we saw from this family was AntiVirus Plus 2014 from 12/06/13. ...
by Grinler
Wed Apr 22, 2015 8:39 pm
Forum: Malware
Topic: Rogue Antimalware (FakeAV, 2015 year)
Replies: 12
Views: 22431

Re: Rogue Antimalware (FakeAV, 2015 year)

Thanks Blaze! Been looking for this sample.