Search found 4293 matches

by EP_X0FF
Fri Jan 11, 2019 1:04 pm
Forum: Malware
Topic: Win32/CoinMiner (Valhalla)
Replies: 3
Views: 748

Re: Help! Unknown malware.

At first this is trojan muldrop. It contain resource dll with C# source code that is modified by dropper and then compiled with csc.exe in runtime. Additionally it creates multiple embedded directories with pseudo-random names to store it files. The source dll has 2 templates: using System; using Sy...
by EP_X0FF
Wed Jan 09, 2019 11:06 am
Forum: Malware
Topic: Malware collection
Replies: 39
Views: 493391

Re: Malware collection

Most of posts moved to dedicated malware family topics.

False positives/offtopic removed.

Some posts cannot be moved because they contain packs of different malware.

Thread bump.
by EP_X0FF
Wed Jan 09, 2019 10:27 am
Forum: Malware
Topic: Joke/EasyPort
Replies: 1
Views: 432

Re: Malware collection

SHA256: 95c262880e271de8e0e765c39c431b6d62e4d2db80f8a8dd0442d8a30ad074f4 Dateiname: EasyPort.exe https://virustotal.com/de/file/95c262880e271de8e0e765c39c431b6d62e4d2db80f8a8dd0442d8a30ad074f4/analysis/1485639002/ RAR SFX with the following bat file inside. Joke. @echo off title EasyPort v5.4.0.0 c...
by EP_X0FF
Wed Jan 09, 2019 9:38 am
Forum: Malware
Topic: Win32/CoinMiner (Dokinzakbar)
Replies: 1
Views: 438

Re: Malware collection

Please make selection ...2017 https://www.virustotal.com/en/file/ca2ef50363e017ec860ddf7b123fea9851d717cd06b7294098e32de6d6e6af90/analysis/1483276621/ Trojan muldrop with coin miner as payload. SFX archive, next actual malware dropper -> extracts files to %UserProfile%\Public. Main malware inside p...
by EP_X0FF
Wed Jan 09, 2019 8:20 am
Forum: Malware
Topic: WinNT/BlackEnergy
Replies: 38
Views: 59232

Re: Malware collection

Remains of BlackEnergy with Kaspersky fanboy inside. Posts moved.
by EP_X0FF
Tue Jan 08, 2019 3:00 pm
Forum: Malware
Topic: PUPs & Rogue software
Replies: 11
Views: 3904

Re: Malware collection

markusg wrote:
Fri Jun 23, 2017 3:29 pm
SHA256:
7e905a00dc1d73f34744654e7dbb7eebda22c4ea27f1428e92bb30da2b56c367
Dateiname:
Setup.exe
Erkennungsrate:
10 / 58
https://virustotal.com/de/file/7e905a00 ... 498231551/
Contain runpe utorrent OpenCandy edition. Posts moved.
by EP_X0FF
Tue Jan 08, 2019 1:22 pm
Forum: Malware
Topic: MSIL/STLR2
Replies: 1
Views: 403

Re: Malware collection

Info stealer "STLR-2" targeting Firefox. Posts moved.
by EP_X0FF
Tue Jan 08, 2019 12:58 pm
Forum: Malware
Topic: Malware/AutoIt
Replies: 9
Views: 5999

Re: Malware collection

ikolor wrote:
Wed Jan 31, 2018 7:55 pm
Thanks you .

https://www.virustotal.com/#/file/b4104 ... /detection

############
https://www.youtube.com/watch?v=ICJeTV2zgrM
###########
AutoIt 2 Exe. Posts moved.
by EP_X0FF
Tue Jan 08, 2019 6:28 am
Forum: Malware
Topic: JS/Downloader
Replies: 1
Views: 342

Re: Malware collection

thanks .. https://www.virustotal.com/en/file/63e715dc2584ff614ef61fc3191565250851158e581db317d79af81d05025ac2/analysis/1494780835/ JS downloader for something that looks like was self-signed rootkit. File unavailable. <script> /***********************************************************************...
by EP_X0FF
Tue Jan 08, 2019 5:54 am
Forum: Malware
Topic: Backdoor:MSIL/Orcus
Replies: 1
Views: 284

Re: Malware collection

SHA-256 26e3ac4d81005556ccce5d912403bebd8423e47947abfc373b399ad375f35782 File name wwe_2K18_installer.exe https://www.virustotal.com/#/file/26e3ac4d81005556ccce5d912403bebd8423e47947abfc373b399ad375f35782/detection Backdoor Orcus written in C#. Copy itself to %AppData%\Roaming\Microsoft\Windows\Sta...