WinNT/Cridex (alias Dridex, Drixed)
WinNT/Cridex (alias Dridex, Drixed)
hello, i'm looking for acdd4c2a377933d89139b5ee6eefc464
- EP_X0FF
- Global Moderator
- Posts: 4872
- Joined: Sun Mar 07, 2010 5:35 am
- Location: Russian Federation
- Contact:
Re: Malware Requests
This is Cridex.sugar wrote:hello, i'm looking for acdd4c2a377933d89139b5ee6eefc464
You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration
Worm:Win32/Cridex.B
http://www.microsoft.com/security/porta ... 2147649733
Cridex
VT (22/43 >> 51.2%)
Seems this is Cridex too, but it detected as not Cridex by all (ZBot, VirTool)...look VT link (probably this is muldrop)
VT (22/43) >> 51.2%)
Cridex
VT (22/43 >> 51.2%)
Seems this is Cridex too, but it detected as not Cridex by all (ZBot, VirTool)...look VT link (probably this is muldrop)
VT (22/43) >> 51.2%)
You do not have the required permissions to view the files attached to this post.
- EP_X0FF
- Global Moderator
- Posts: 4872
- Joined: Sun Mar 07, 2010 5:35 am
- Location: Russian Federation
- Contact:
Re: Worm:Win32/Cridex.B
Yes it is Cridex.B too (http://www.virustotal.com/file-scan/rep ... 1325584240)rkhunter wrote:Seems this is Cridex too, but it detected as not Cridex by all (ZBot, VirTool)...look VT link (probably this is muldrop)
VirTool:Win32/VBInject because of crypter that has VB origin, with CreateProcess(CREATE_SUSPENDED)/NtWriteVirtualMemory/NtSetContextThread/NtResumeThread.
Ring0 - the source of inspiration
Re: Worm:Win32/Cridex.B
You do not have the required permissions to view the files attached to this post.
Re: Worm:Win32/Cridex.B
You do not have the required permissions to view the files attached to this post.
Re: Worm:Win32/Cridex.B
MS article about Cridex.B being spread through fake traffic ticket notification emails
http://blogs.technet.com/b/mmpc/archive ... lware.aspx
http://blogs.technet.com/b/mmpc/archive ... lware.aspx
Re: Worm:Win32/Cridex.B
You do not have the required permissions to view the files attached to this post.
Re: Worm:Win32/Cridex.B
MD5: 29ff4c6c301a412d0b6ce8f1b44a4983
5/43
5/43
You do not have the required permissions to view the files attached to this post.
Re: Worm:Win32/Cridex.B
MD5: 1fa2fe2e25ddb2365ac942be5e734681
8/43
8/43
You do not have the required permissions to view the files attached to this post.