WinNT/Cridex (alias Dridex, Drixed)
WinNT/Cridex (alias Dridex, Drixed)
by sugar » Wed Dec 21, 2011 12:03 pm
hello, i'm looking for acdd4c2a377933d89139b5ee6eefc464
- sugar
- Posts: 12
- Joined: Sat Jul 30, 2011 10:33 am
- Reputation point: 0
Re: Malware Requests
by EP_X0FF » Thu Dec 22, 2011 7:26 am
sugar wrote:hello, i'm looking for acdd4c2a377933d89139b5ee6eefc464
This is Cridex.
You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration
-
EP_X0FF - Global Moderator
- Posts: 4752
- Joined: Sun Mar 07, 2010 5:35 am
- Location: Russian Federation
- Reputation point: 562
Worm:Win32/Cridex.B
by rkhunter » Tue Jan 03, 2012 9:16 am
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Worm%3AWin32%2FCridex.B&threatid=2147649733
Cridex
VT (22/43 >> 51.2%)
Seems this is Cridex too, but it detected as not Cridex by all (ZBot, VirTool)...look VT link (probably this is muldrop)
VT (22/43) >> 51.2%)
Cridex
VT (22/43 >> 51.2%)
Seems this is Cridex too, but it detected as not Cridex by all (ZBot, VirTool)...look VT link (probably this is muldrop)
VT (22/43) >> 51.2%)
You do not have the required permissions to view the files attached to this post.
-
rkhunter - Posts: 1145
- Joined: Mon Mar 15, 2010 12:51 pm
- Location: Russian Federation
- Reputation point: 147
Re: Worm:Win32/Cridex.B
by EP_X0FF » Tue Jan 03, 2012 10:05 am
rkhunter wrote:Seems this is Cridex too, but it detected as not Cridex by all (ZBot, VirTool)...look VT link (probably this is muldrop)
Yes it is Cridex.B too (http://www.virustotal.com/file-scan/rep ... 1325584240)
VirTool:Win32/VBInject because of crypter that has VB origin, with CreateProcess(CREATE_SUSPENDED)/NtWriteVirtualMemory/NtSetContextThread/NtResumeThread.
Ring0 - the source of inspiration
-
EP_X0FF - Global Moderator
- Posts: 4752
- Joined: Sun Mar 07, 2010 5:35 am
- Location: Russian Federation
- Reputation point: 562
Re: Worm:Win32/Cridex.B
by rkhunter » Thu Jan 05, 2012 3:14 am
You do not have the required permissions to view the files attached to this post.
-
rkhunter - Posts: 1145
- Joined: Mon Mar 15, 2010 12:51 pm
- Location: Russian Federation
- Reputation point: 147
Re: Worm:Win32/Cridex.B
by rkhunter » Sat Jan 14, 2012 4:45 am
You do not have the required permissions to view the files attached to this post.
-
rkhunter - Posts: 1145
- Joined: Mon Mar 15, 2010 12:51 pm
- Location: Russian Federation
- Reputation point: 147
Re: Worm:Win32/Cridex.B
by dcmorton » Fri Jan 20, 2012 12:25 pm
MS article about Cridex.B being spread through fake traffic ticket notification emails
http://blogs.technet.com/b/mmpc/archive/2012/01/19/fake-seattle-traffic-ticket-notification-leads-to-malware.aspx
http://blogs.technet.com/b/mmpc/archive/2012/01/19/fake-seattle-traffic-ticket-notification-leads-to-malware.aspx
- dcmorton
- Posts: 30
- Joined: Tue Nov 16, 2010 4:56 pm
- Location: United States
- Reputation point: 13
Re: Worm:Win32/Cridex.B
by rkhunter » Fri Jan 20, 2012 2:14 pm
You do not have the required permissions to view the files attached to this post.
-
rkhunter - Posts: 1145
- Joined: Mon Mar 15, 2010 12:51 pm
- Location: Russian Federation
- Reputation point: 147
Re: Worm:Win32/Cridex.B
by rkhunter » Sat Jan 21, 2012 5:27 am
You do not have the required permissions to view the files attached to this post.
-
rkhunter - Posts: 1145
- Joined: Mon Mar 15, 2010 12:51 pm
- Location: Russian Federation
- Reputation point: 147
Re: Worm:Win32/Cridex.B
by rkhunter » Sat Jan 21, 2012 5:30 am
You do not have the required permissions to view the files attached to this post.
-
rkhunter - Posts: 1145
- Joined: Mon Mar 15, 2010 12:51 pm
- Location: Russian Federation
- Reputation point: 147
Who is online
Users browsing this forum: No registered users and 6 guests