Search found 12 matches
- Sat Jan 26, 2013 7:15 pm
- Forum: Malware
- Topic: Point-of-Sale malwares / RAM scrapers
- Replies: 244
- Views: 858144
Hello, Just found these samples today on http://royjamesinsurance.com/images/ (the sload.exe and sload1.exe are just malicious firefox extension droppers, sload1.exe was dropped by andromeda bot). They seem to target posw32.exe (software used in petrol stations as far I found) https://www.virustotal...
Hello, I also began to analyse the socks.exe provided by Xylitol. It uses the same crypter than JavaUpdate_KB62519857.exe. Then the program is packed with another packer, and the unpacked file drops a DLL stored ressources which drops another DLL (which seems to be a http proxy, but not fully revers...