Search found 197 matches

by gjf
Sun Jun 05, 2011 1:15 pm
Forum: Tools/Software
Topic: Malware analysis - Buster Sandbox Analyzer
Replies: 314
Views: 248554

Re: Malware analysis - Buster Sandbox Analyzer

Buster_BSA wrote:You can get it from: http://hotfile.com/dl/119929569/86e5b8a ... I.RAR.html
According to MD5 it differs from the previous version. Could you please explain what you have imlemented?
by gjf
Sun Jun 05, 2011 12:59 pm
Forum: Tools/Software
Topic: Comodo Cleaning Essentials
Replies: 10
Views: 15322

Re: Comodo Cleaning Essentials

I have. So-so. Maybe in future they will implement some serious features, but now I didn't like it.
You can check out official forum (English part) and see all weak places.
by gjf
Thu Jun 02, 2011 7:02 am
Forum: Malware
Topic: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)
Replies: 595
Views: 633377

Re: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)

Here is that infector.
by gjf
Wed Jun 01, 2011 4:43 pm
Forum: Malware
Topic: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)
Replies: 595
Views: 633377

Re: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)

No. But I believe someone will post it in near days.
by gjf
Wed Jun 01, 2011 1:52 pm
Forum: Malware
Topic: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)
Replies: 595
Views: 633377

Re: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)

Looks like TDL4 obtains new infector mechanism. Unfortunately the article is in Russian.
by gjf
Thu May 19, 2011 5:04 pm
Forum: Tools/Software
Topic: Malware analysis - Buster Sandbox Analyzer
Replies: 314
Views: 248554

Re: Malware analysis - Buster Sandbox Analyzer

Yup, it was caused by 5 Mb restriction on the forum. I have editted my previous message with a link.
by gjf
Thu May 19, 2011 1:44 pm
Forum: Tools/Software
Topic: Malware analysis - Buster Sandbox Analyzer
Replies: 314
Views: 248554

Re: Malware analysis - Buster Sandbox Analyzer

Mr.Bojangles б as for me I use sbiextra in cooperation with BSA just to improve hiding. But you are right - the hiding is pretty poor. For instance from the latest samples - here it is (password is virus). It is Xorist malware, it encrypts user's files and asks a donation for decryptor. It has quit...
by gjf
Wed May 18, 2011 1:30 pm
Forum: Tools/Software
Topic: Malware analysis - Buster Sandbox Analyzer
Replies: 314
Views: 248554

Re: Malware analysis - Buster Sandbox Analyzer

gjf , I ran the sample and only see traffic from the 64.12.96.129 address (both inbound and outbound), as I would expect. Also, I am basing my conclusion on Buster on the fact that if you use PCAP to monitor network traffic, you do not get a process associated with the traffic (look up the manual f...
by gjf
Wed May 18, 2011 1:30 am
Forum: Tools/Software
Topic: Malware analysis - Buster Sandbox Analyzer
Replies: 314
Views: 248554

Re: Malware analysis - Buster Sandbox Analyzer

BTW - why don't you download my sample and test it by yourself? If the behaviour will differ we can discuss the situation in more detailed manner.
by gjf
Wed May 18, 2011 1:28 am
Forum: Tools/Software
Topic: Malware analysis - Buster Sandbox Analyzer
Replies: 314
Views: 248554

Re: Malware analysis - Buster Sandbox Analyzer

r2nwcnydc, according to logs and BSA manual tcp traffic is well recognized among the processes. So the above mentioned inbound traffic is caused by malware, not update process. And if update is causing inbound traffic - where is outbound request? So I believe Buster_BSA explanation is more correct.