Use http://technet.microsoft.com/en-gb/sysi ... 96645.aspx and filter on the term "2a3.js"
Delete the file and see what rewrites it. If it's a legitimate windows process, then something's injected into it.
Search found 26 matches
- Thu Mar 28, 2013 3:25 pm
- Forum: Malware
- Topic: .js malware
- Replies: 8
- Views: 4400
- Tue Mar 26, 2013 12:45 pm
- Forum: Malware
- Topic: Win32/Zeus (alias Zbot)
- Replies: 281
- Views: 359654
Zbot C2 config
url: hxxp://paypal-servcies.com/
hxxp://paypal-servcies.com:2082/login/
hxxp://paypal-servcies.com/server/cp.php?m=login
MySQL DB creds: User = admin
pass = "" [empty string]
hxxp://paypal-servcies.com:2082/login/
hxxp://paypal-servcies.com/server/cp.php?m=login
MySQL DB creds: User = admin
pass = "" [empty string]
- Thu Mar 21, 2013 3:21 pm
- Forum: Malware
- Topic: Shutting down P2P botnet ?
- Replies: 9
- Views: 8948
Re: Shutting down P2P botnet ?
@Radikal, I'd suggest reading the Sophos ZeroAccess whitepaper: http://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/Sophos_ZeroAccess_Botnet.pdf?dl=true The reason this botnet is so hard to sinkhole, is because of it's peer-list updating mechanism; each bot will only update it's list wi...
- Wed Mar 20, 2013 3:25 pm
- Forum: Malware
- Topic: Chameleon bot samples
- Replies: 1
- Views: 2212
Chameleon bot samples
Hi guys, I know this is really broad and not a whole lot of information to go on, but is anybody in possession of a sample described here: http://www.spider.io/blog/2013/03/chameleon-botnet/ Spider.io are being incredibly reserved with sample (and hash) sharing. Any help greatly appreciated, willing...
- Tue Mar 19, 2013 4:12 pm
- Forum: Malware
- Topic: Zero Day Java Exploits(All Java Exploits goes here)
- Replies: 68
- Views: 318817
Re: Zero Day Java Exploits(All Java Exploits goes here)
Spam campaign serving up Blackhole. http://www.symantec.com/connect/blogs/pope-themed-spam-attacks-leads-malware URLs used in the campaign: hxxp://aven-clan.net76.net/popesued.html hxxp://daewoo.maglan.ru/popesued.html hxxp://7887.ru/popesued.html hxxp://dota-soul.ru/popesued.html All samples curren...
- Tue Mar 19, 2013 8:48 am
- Forum: Malware
- Topic: Android Malware(All Android malware goes here)
- Replies: 104
- Views: 182810
Android.Notcompatible trojan
Currently being served up in a spam campaign, subject line of "Hot News": http://www.infosecurity-magazine.com/view/31277/still-notcompatible-android-trojan-takes-fresh-tack-with-spearphishing/?utm_source=twitterfeed&utm_medium=twitter Example URLs: hxxp://www.ceipjuandelacosa.es/xbnawwq/yqvjsycp/ql...
- Tue Mar 05, 2013 2:26 pm
- Forum: Malware
- Topic: Zero Day Java Exploits(All Java Exploits goes here)
- Replies: 68
- Views: 318817
Re: Java 0day CVE-2013-1493
And here's the Jar
- Tue Mar 05, 2013 1:38 pm
- Forum: Malware
- Topic: Zero Day Java Exploits(All Java Exploits goes here)
- Replies: 68
- Views: 318817
Re: Java 0day CVE-2013-1493
I'm just working on obtaining the Jar - in the meantime, here's the payload after a successful exploit.
- Wed Feb 27, 2013 4:12 pm
- Forum: Malware
- Topic: Win32/MiniDuke
- Replies: 6
- Views: 10677
Win32/MiniDuke
Hi all, Does anybody have any of the droppers mentioned here: http://blog.crysys.hu/2013/02/miniduke/ http://www.crysys.hu/miniduke/miniduke_indicators_public.pdf MD5s: 3668b018b4bb080d1875aee346e3650a 88292d7181514fda5390292d73da28d4 3f301758aa3d5d123a9ddbad1890853b 0cdf55626e56ffbf1b198beb4f6ed559...
- Tue Feb 26, 2013 4:49 pm
- Forum: Malware
- Topic: Phoenix Exploit Samples
- Replies: 1
- Views: 2318
Phoenix Exploit Samples
nakedworldcelebrities\x2ecom
redir to *.ddns.name
All samples in archive
redir to *.ddns.name
All samples in archive