Search found 1606 matches

by Xylitol
Wed Dec 29, 2010 12:14 pm
Forum: General Discussion
Topic: 27C3 videos
Replies: 0
Views: 2874

27C3 videos

hey guys some video i've recorded from the 27c3 live stream Rootkits and Trojans on Your SAP Landscape : http://www.youtube.com/watch?v=b7x5ixJXdbw Automatic Identification of Cryptographic Primitives in Software : http://www.youtube.com/watch?v=26JLkvFvrsY Adventures in analyzing Stuxnet : http://w...
by Xylitol
Wed Dec 29, 2010 11:33 am
Forum: Malware
Topic: Trojan WinAD (alias Ransom.ER, Winlock, Win32.Timer)
Replies: 164
Views: 153244

Re: Trojan Winlock / Ransom / ScreenLocker

pornoplayer.exe:
unlock: DIGGER

Image

xxx_video_62634.avi.exe:
upx + custom
Image
by Xylitol
Mon Dec 27, 2010 7:45 pm
Forum: Malware
Topic: Trojan Winlock / Ransom / ScreenLocker
Replies: 86
Views: 76142

Re: Trojan Winlock / Ransom / ScreenLocker

hey EP_X0FF can you check this one ?
i dont found the unlock key...
it's my unpacked sample.
by Xylitol
Mon Dec 27, 2010 6:10 pm
Forum: Malware
Topic: Fraud/Rouge software
Replies: 114
Views: 103816

Re: Fraud/Rouge software

tiny precision on HD Doctor the first time i've analyzed it i got pwned lol
i've thinked this one was a bug but not.
you need 8 icons on your desktop for run it 'full'
by Xylitol
Mon Dec 27, 2010 6:08 pm
Forum: Malware
Topic: Trojan WinAD (alias Ransom.ER, Winlock, Win32.Timer)
Replies: 164
Views: 153244

Re: Trojan Winlock / Ransom / ScreenLocker

yeah i've see this also today
here is the passwords history about the pornoplayer:
"SORRY" - "WARCRAFT" and now "DIGGER"
and there is a new "Lock Em All" variante (not analyzed yet but that seem the same packer in vb)
edit: hmm nop not possible there is 3 different custom packer on it...
by Xylitol
Mon Dec 27, 2010 11:04 am
Forum: Malware
Topic: Trojan WinAD (alias Ransom.ER, Winlock, Win32.Timer)
Replies: 164
Views: 153244

Re: Trojan Winlock / Ransom / ScreenLocker

i work alot on pornoplayer and the reboot feature his new and not obly that now there is also two way for activate it.. like this one: http://3.bp.blogspot.com/_B__eoAM-jDQ/TQfRIF4sKYI/AAAAAAAAARc/adgZdyGvo04/s1600/graphIDA.PNG and the old method in a old sample: http://www.youtube.com/watch?v=KGEeH...