Search found 1608 matches

by Xylitol
Fri Jan 07, 2011 5:21 am
Forum: Tools/Software
Topic: Literature
Replies: 4
Views: 6822

Re: Literature

some ebook seem copyright protected
by Xylitol
Fri Jan 07, 2011 2:52 am
Forum: Malware
Topic: Trojan WinAD (alias Ransom.ER, Winlock, Win32.Timer)
Replies: 164
Views: 163465

Re: Trojan Winlock / Ransom / ScreenLocker

new pornoplayer http://i54.tinypic.com/2h5uviv.png @ EP_X0FF : Sample from your link have evolved (lectfenu.narod.ru/xxx_video.exe) Number to Call: 8-964-531-41-26 ~ 89645314126 unlock: 07090521 http://4.bp.blogspot.com/_B__eoAM-jDQ/TSaXkZeYAwI/AAAAAAAAAVU/GsK1DpPNtYA/s1600/ollylisting.PNG this is w...
by Xylitol
Wed Dec 29, 2010 12:14 pm
Forum: General Discussion
Topic: 27C3 videos
Replies: 0
Views: 2972

27C3 videos

hey guys some video i've recorded from the 27c3 live stream Rootkits and Trojans on Your SAP Landscape : http://www.youtube.com/watch?v=b7x5ixJXdbw Automatic Identification of Cryptographic Primitives in Software : http://www.youtube.com/watch?v=26JLkvFvrsY Adventures in analyzing Stuxnet : http://w...
by Xylitol
Wed Dec 29, 2010 11:33 am
Forum: Malware
Topic: Trojan WinAD (alias Ransom.ER, Winlock, Win32.Timer)
Replies: 164
Views: 163465

Re: Trojan Winlock / Ransom / ScreenLocker

pornoplayer.exe:
unlock: DIGGER

Image

xxx_video_62634.avi.exe:
upx + custom
Image
by Xylitol
Mon Dec 27, 2010 7:45 pm
Forum: Malware
Topic: Trojan Winlock / Ransom / ScreenLocker
Replies: 86
Views: 81654

Re: Trojan Winlock / Ransom / ScreenLocker

hey EP_X0FF can you check this one ?
i dont found the unlock key...
it's my unpacked sample.
by Xylitol
Mon Dec 27, 2010 6:10 pm
Forum: Malware
Topic: Fraud/Rouge software
Replies: 114
Views: 113077

Re: Fraud/Rouge software

tiny precision on HD Doctor the first time i've analyzed it i got pwned lol
i've thinked this one was a bug but not.
you need 8 icons on your desktop for run it 'full'
by Xylitol
Mon Dec 27, 2010 6:08 pm
Forum: Malware
Topic: Trojan WinAD (alias Ransom.ER, Winlock, Win32.Timer)
Replies: 164
Views: 163465

Re: Trojan Winlock / Ransom / ScreenLocker

yeah i've see this also today
here is the passwords history about the pornoplayer:
"SORRY" - "WARCRAFT" and now "DIGGER"
and there is a new "Lock Em All" variante (not analyzed yet but that seem the same packer in vb)
edit: hmm nop not possible there is 3 different custom packer on it...
by Xylitol
Mon Dec 27, 2010 11:04 am
Forum: Malware
Topic: Trojan WinAD (alias Ransom.ER, Winlock, Win32.Timer)
Replies: 164
Views: 163465

Re: Trojan Winlock / Ransom / ScreenLocker

i work alot on pornoplayer and the reboot feature his new and not obly that now there is also two way for activate it.. like this one: http://3.bp.blogspot.com/_B__eoAM-jDQ/TQfRIF4sKYI/AAAAAAAAARc/adgZdyGvo04/s1600/graphIDA.PNG and the old method in a old sample: http://www.youtube.com/watch?v=KGEeH...