Search found 30 matches

by heart888
Mon Jul 25, 2016 4:36 am
Forum: Completed Malware Requests
Topic: Request: Stampedo Ransomware
Replies: 3
Views: 4768

Re: Request: Stampedo Ransomware

IOCs:

SHA-256 Hash: 342933cb4cbb31a2c30ac1733afc318a6e5cd0226160a59197686d635ec71b20
SHA-256 Hash: 78db508226ccacd363fc0f02b3ae326a2bdd0baed3ae51ddf59c3fc0fcf60669
by heart888
Wed Jul 06, 2016 4:38 am
Forum: Malware
Topic: Ransom/Satana
Replies: 4
Views: 5302

Re: Ransom/Satana

Unpacked in the attachment ( For those who don't have an account on malwr.com) The unpacking process is easy. Just put a breakpoint on RtlDecompressBuffer did hbp on it.. but mine crashed, with error msg Debugged application message: on_tls_callback3 Debugged application message: EntryPoint-4 40281...
by heart888
Wed Jun 08, 2016 11:32 pm
Forum: Reverse Engineering and Debugging
Topic: how to decode Kovter registry data
Replies: 3
Views: 13363

Re: how to decode Kovter registry data

please see attached.
by heart888
Wed Jun 08, 2016 5:38 am
Forum: Reverse Engineering and Debugging
Topic: how to decode Kovter registry data
Replies: 3
Views: 13363

how to decode Kovter registry data

I was trying to de-obfuscate data created in registry key by Kovter mawalre. I tried to use JSDetox but failed. Have someone tried to do it?Iappreciate any help to decode it. thanks. I attached a sample.
by heart888
Wed May 18, 2016 4:20 am
Forum: General Discussion
Topic: [Poll] What is your favorite hex editor?
Replies: 11
Views: 32512

Re: [Poll] What is your favorite hex editor?

I use Hiew, it's very powerful. Can do initial code analysis, decrypt hex, and even modify hex value.
by heart888
Tue Apr 26, 2016 1:09 am
Forum: Completed Malware Requests
Topic: Backdoor:Win32/Zegost.B sample request
Replies: 1
Views: 2276

Backdoor:Win32/Zegost.B sample request

Can someone please send a sample of b0a2c91d85195a72f86399590ac2c549?

https://www.virustotal.com/en/file/f9a6 ... /analysis/

Thank you.
by heart888
Mon Mar 28, 2016 10:58 pm
Forum: Completed Malware Requests
Topic: PWSZbot
Replies: 1
Views: 2009

PWSZbot

Do you have sample of f609a7b2cdf837f14315f684c6056be2 ?
Thanks
https://www.virustotal.com/en/file/2382 ... /analysis/
by heart888
Wed Mar 16, 2016 5:36 am
Forum: Malware
Topic: cryptoware
Replies: 0
Views: 2202

cryptoware

I was reversing a cryptowall sample. while debuggig the child process, I hit this, and exit (The instruction at 0x7C918FEA referenced memory at 0x10. The memory could not be written -) ntdll.dll:7C90EAD0 ntdll_KiUserCallbackDispatcher: ntdll.dll:7C90EAD0 add esp, 4 ntdll.dll:7C90EAD3 pop edx ntdll.d...