Search found 4293 matches

by EP_X0FF
Tue Jan 08, 2019 5:01 am
Forum: Malware
Topic: LoJax(UEFI rootkit)
Replies: 6
Views: 2466

Re: LoJax(UEFI rootkit)

Password is standard. If you need these two missing binaries you can:

contact eset for them threatintel@eset.com

do as authors did - copy paste everything
by EP_X0FF
Mon Jan 07, 2019 2:02 pm
Forum: Malware
Topic: Win32/Corebot
Replies: 7
Views: 10708

Re: Malware collection

maddog4012 wrote:
Thu Jun 15, 2017 4:07 pm
file dropped by js file
It is CoreBot. In attach extracted. Posts moved.
by EP_X0FF
Mon Jan 07, 2019 8:57 am
Forum: Malware
Topic: Win32/Phorpiex (alias Phokace, Trik)
Replies: 17
Views: 29281

Re: Malware collection

Trik v2.7

Code: Select all

C:\Users\s\Desktop\Home\Code\Trik v2.7 - Work\Release\Trik.pdb  
Phorpiex spam bot under dotnet obfuscator. Completely unpacked in attach.

Posts moved.
by EP_X0FF
Mon Jan 07, 2019 5:39 am
Forum: Malware
Topic: Win32/Betabot (alias Neurevt)
Replies: 59
Views: 114464

Re: Malware collection

SHA256: a70b7ed2aceac7b591bd64950fda5d358bc6d64d175fff61156a3eedc3a3f629 Dateiname: disableTrial.exe https://virustotal.com/de/file/a70b7ed2aceac7b591bd64950fda5d358bc6d64d175fff61156a3eedc3a3f629/analysis/ Ref http://www.kernelmode.info/forum/viewtopic.php?p=30676#p30676 (it is hard to split posts...
by EP_X0FF
Mon Jan 07, 2019 5:33 am
Forum: Malware
Topic: RevengeRAT
Replies: 5
Views: 543

Re: Malware collection

backdoor SHA256: 46917915419ce17cbde789b5b73a3b5af518b370ec37f575906a2e93e4fc5a1d Dateiname: REV.exe https://virustotal.com/de/file/46917915419ce17cbde789b5b73a3b5af518b370ec37f575906a2e93e4fc5a1d/analysis/ Revenge RAT. After decrypting payload dropper inject it to the the %WINDIR%\Microsoft.NET\Fr...
by EP_X0FF
Mon Jan 07, 2019 4:55 am
Forum: Malware
Topic: Joke/HiddenSabotage
Replies: 1
Views: 269

Re: Malware collection

Turkish origin joke named "Hidden Sabotage".

Code: Select all

C:\Users\Tayfun\Documents\Visual Studio 2013\Projects\Zamanlı İşlemler\Zamanlı İşlemler\obj\Debug\Zamanlı İşlemler.pdb
by EP_X0FF
Mon Jan 07, 2019 4:14 am
Forum: Malware
Topic: Win32/Unwaders
Replies: 1
Views: 246

Re: Malware collection

It seems it is a MSIMG32 proxy dll. Probably part of SoftwareBundler/Adware. Posts moved.
by EP_X0FF
Sun Jan 06, 2019 6:04 pm
Forum: Malware
Topic: PowerShell/Injector
Replies: 1
Views: 265

Re: Malware collection

Base64 encoded powershell script - reflective pe injector.

In attach as psloader.txt

Script contain shellcode payload as base64 encoded string.

Posts moved.
by EP_X0FF
Sun Jan 06, 2019 5:24 pm
Forum: Malware
Topic: VBS/Downloader
Replies: 2
Views: 282

Re: Malware collection

next https://www.virustotal.com/en/file/39d3dfe0d7950a6b73034f9f97289b9acfe5f0e7e0ec3384a24cdd268b3ff279/analysis/1541190107/ VBA downloader. Actual VBA code (https://www.virustotal.com/en/file/4028d721c34b7aa28f00522d5fa843f2ded811a8d837875d82d80ed89c46aded/analysis/1546795370/) hxxps://melabateme...
by EP_X0FF
Sun Jan 06, 2019 5:17 pm
Forum: Malware
Topic: PWS/LaZagne
Replies: 1
Views: 249

Re: Malware collection

SHA-256 bcfc2bb0767f42fd46a92cd5b004ff6249714615f991d75d64e02248da71b5c2 File name 1.exe https://www.virustotal.com/ui-public/index.html#/file/bcfc2bb0767f42fd46a92cd5b004ff6249714615f991d75d64e02248da71b5c2/detection This is https://github.com/AlessandroZ/LaZagne converted to Exe and configured to...